Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PumpBot.exe

Overview

General Information

Sample name:PumpBot.exe
Analysis ID:1545732
MD5:6a0748cef7672d8c10da160a9f9d3e7c
SHA1:41e707866b91bf5509091b0949fccaa8cbe73908
SHA256:b8cf4fc945a0c0401f6931467f4ddf2f58a017e932a87b3ddaa0bb925ef78231
Tags:exeuser-500mk500
Infos:

Detection

Score:27
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Found pyInstaller with non standard icon
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • PumpBot.exe (PID: 5248 cmdline: "C:\Users\user\Desktop\PumpBot.exe" MD5: 6A0748CEF7672D8C10DA160A9F9D3E7C)
    • conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PumpBot.exe (PID: 5724 cmdline: "C:\Users\user\Desktop\PumpBot.exe" MD5: 6A0748CEF7672D8C10DA160A9F9D3E7C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: PumpBot.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF7A0FF6878
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.cot
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: unicodedata.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.dr, unicodedata.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.dr, _lzma.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: PumpBot.exe, 00000000.00000003.2129857475.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A96000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2127164174.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, python310.dll.0.dr, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: base_library.zip.0.drString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143869403.000002739608C000.00000004.00001000.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134667028.0000027395FB7000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: base_library.zip.0.drString found in binary or memory: https://mahler:8092/site-updates.py
Source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: base_library.zip.0.drString found in binary or memory: https://www.python.org/
Source: PumpBot.exe, 00000000.00000003.2131474594.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134741386.0000027396860000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: PumpBot.exe, 00000003.00000002.2143869403.0000027396000000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FFFA880_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1004EA00_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1005DEC0_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF68780_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE58E00_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF2A180_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1000A340_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A100324C0_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A100511C0_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF01500_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF68780_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF21DC0_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FFD1F80_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE74200_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF8D000_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF132C0_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF03540_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1008BE80_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF16C40_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF66C40_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEFD400_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FFCD640_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF05600_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1002DB00_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FFFA880_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF26140_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FFD8780_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A10058A00_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF70FC0_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEFF440_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF07640_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF4FC00_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF21DC3_2_00007FF7A0FF21DC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF132C3_2_00007FF7A0FF132C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1005DEC3_2_00007FF7A1005DEC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF2A183_2_00007FF7A0FF2A18
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1000A343_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A100324C3_2_00007FF7A100324C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FFFA883_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A100511C3_2_00007FF7A100511C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF01503_2_00007FF7A0FF0150
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF68783_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FFD1F83_2_00007FF7A0FFD1F8
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FE74203_2_00007FF7A0FE7420
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF8D003_2_00007FF7A0FF8D00
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF03543_2_00007FF7A0FF0354
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1008BE83_2_00007FF7A1008BE8
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1004EA03_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF16C43_2_00007FF7A0FF16C4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF66C43_2_00007FF7A0FF66C4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FEFD403_2_00007FF7A0FEFD40
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FFCD643_2_00007FF7A0FFCD64
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF05603_2_00007FF7A0FF0560
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1002DB03_2_00007FF7A1002DB0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FFFA883_2_00007FF7A0FFFA88
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF26143_2_00007FF7A0FF2614
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FFD8783_2_00007FF7A0FFD878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF68783_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A10058A03_2_00007FF7A10058A0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FE58E03_2_00007FF7A0FE58E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF70FC3_2_00007FF7A0FF70FC
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FEFF443_2_00007FF7A0FEFF44
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF07643_2_00007FF7A0FF0764
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF4FC03_2_00007FF7A0FF4FC0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3712F803_2_00007FFDA3712F80
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA37152E03_2_00007FFDA37152E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA371F6E83_2_00007FFDA371F6E8
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3711AF03_2_00007FFDA3711AF0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3715B383_2_00007FFDA3715B38
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA37112803_2_00007FFDA3711280
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3716E343_2_00007FFDA3716E34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA37124903_2_00007FFDA3712490
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3718CD03_2_00007FFDA3718CD0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA4335EE03_2_00007FFDA4335EE0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA4333CE03_2_00007FFDA4333CE0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA43335B03_2_00007FFDA43335B0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA43337D03_2_00007FFDA43337D0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA433C6383_2_00007FFDA433C638
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA433763C3_2_00007FFDA433763C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA43310003_2_00007FFDA4331000
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA54675083_2_00007FFDA5467508
Source: C:\Users\user\Desktop\PumpBot.exeCode function: String function: 00007FF7A0FE1CB0 appears 38 times
Source: C:\Users\user\Desktop\PumpBot.exeCode function: String function: 00007FF7A0FE1C50 appears 90 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2126768882.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125540722.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exeBinary or memory string: OriginalFilename vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2145922625.00007FFD94678000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs PumpBot.exe
Source: PumpBot.exe, 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs PumpBot.exe
Source: classification engineClassification label: sus27.winEXE@4/14@0/0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE6670 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7A0FE6670
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\Desktop\dataJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482Jump to behavior
Source: PumpBot.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\PumpBot.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeFile read: C:\Users\user\Desktop\PumpBot.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PumpBot.exeProcess created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exeProcess created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: PumpBot.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: PumpBot.exeStatic file information: File size 5957263 > 1048576
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: PumpBot.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: PumpBot.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: PumpBot.exe, 00000000.00000003.2130927428.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: PumpBot.exe, 00000000.00000003.2131085002.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-1_1"not available source: libcrypto-1_1.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: PumpBot.exe, 00000000.00000003.2125146329.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: PumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: libssl-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: PumpBot.exe, 00000000.00000003.2125894783.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmp, _lzma.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: PumpBot.exe, 00000000.00000003.2125324165.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmp, _bz2.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: PumpBot.exe, 00000000.00000003.2126036451.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: _ssl.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-1_1.pdb source: libssl-1_1.dll.0.dr
Source: PumpBot.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: PumpBot.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: PumpBot.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: PumpBot.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: PumpBot.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: PumpBot.exeStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: python310.dll.0.drStatic PE information: section name: PyRuntim

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\PumpBot.exeProcess created: "C:\Users\user\Desktop\PumpBot.exe"
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE2F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7A0FE2F20
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\PumpBot.exeAPI coverage: 3.8 %
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,0_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A1000A34 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF7A1000A34
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FE69E0 FindFirstFileExW,FindClose,3_2_00007FF7A0FE69E0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF6878 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,3_2_00007FF7A0FF6878
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1002620 GetProcessHeap,0_2_00007FF7A1002620
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,0_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FEAA2C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7A0FEAA2C
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FEA180 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF7A0FEA180
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FF9C44 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7A0FF9C44
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FF7A0FEABD4 SetUnhandledExceptionFilter,3_2_00007FF7A0FEABD4
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA37233B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDA37233B0
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA3723980 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDA3723980
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA4339F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDA4339F30
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA433A978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFDA433A978
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 3_2_00007FFDA547004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDA547004C
Source: C:\Users\user\Desktop\PumpBot.exeProcess created: C:\Users\user\Desktop\PumpBot.exe "C:\Users\user\Desktop\PumpBot.exe"Jump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1008A30 cpuid 0_2_00007FF7A1008A30
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\PumpBot.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeQueries volume information: C:\Users\user\Desktop\data\.cache_dir\Ai Powered Bot Starter.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A0FEA910 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7A0FEA910
Source: C:\Users\user\Desktop\PumpBot.exeCode function: 0_2_00007FF7A1004EA0 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7A1004EA0
Source: C:\Users\user\Desktop\PumpBot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS23
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1545732 Sample: PumpBot.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 27 5 PumpBot.exe 15 2->5         started        file3 13 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 5->13 dropped 15 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 5->15 dropped 17 C:\Users\user\AppData\Local\...\python310.dll, PE32+ 5->17 dropped 19 9 other files (none is malicious) 5->19 dropped 21 Found pyInstaller with non standard icon 5->21 9 PumpBot.exe 4 5->9         started        11 conhost.exe 5->11         started        signatures4 process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PumpBot.exe8%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.openssl.org/H0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143869403.000002739608C000.00000004.00001000.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134667028.0000027395FB7000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    http://cacerts.digicert.cotPumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      https://mahler:8092/site-updates.pybase_library.zip.0.drfalse
        		unknown
        http://www.robotstxt.org/norobots-rfc.txtbase_library.zip.0.drfalse
          		unknown
          http://cacerts.digicert.coPumpBot.exe, 00000000.00000003.2125741690.0000022791A89000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://www.python.org/download/releases/2.3/mro/.PumpBot.exe, 00000003.00000002.2143869403.0000027396000000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
              		unknown
              https://www.python.org/base_library.zip.0.drfalse
                		unknown
                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerPumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.openssl.org/HPumpBot.exe, 00000000.00000003.2128335588.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.0.dr, libcrypto-1_1.dll.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.python.org/dev/peps/pep-0205/PumpBot.exe, 00000000.00000003.2131474594.0000022791A89000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134741386.0000027396860000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                    		unknown
                    https://python.org/dev/peps/pep-0263/PumpBot.exe, 00000003.00000002.2145582822.00007FFD9456F000.00000002.00000001.01000000.00000004.sdmp, python310.dll.0.drfalse
                      		unknown
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#PumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyPumpBot.exe, 00000003.00000003.2133579000.0000027395FDA000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syPumpBot.exe, 00000003.00000003.2136027886.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132744160.0000027395FE3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138908226.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133468215.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132655496.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133298257.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133187866.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2137615624.0000027395FF6000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133063077.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000002.2143735264.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2136131181.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2138196238.0000027395FF9000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2135642576.0000027395FF5000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2134954861.0000027395FD3000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132757422.0000027395FDA000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2132799099.0000027395FB4000.00000004.00000020.00020000.00000000.sdmp, PumpBot.exe, 00000003.00000003.2133579000.0000027395FB4000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown

                            World Map of Contacted IPs

                            No contacted IP infos

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1545732
                            Start date and time:2024-10-30 22:22:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 3m 42s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:4
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:PumpBot.exe
                            Detection:SUS
                            Classification:sus27.winEXE@4/14@0/0
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe
                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
                            • Not all processes where analyzed, report is missing behavior information
                            • VT rate limit hit for: PumpBot.exe

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pydBypass Apk.exeGet hashmaliciousUnknownBrowse
                              Bypass Apk.exeGet hashmaliciousUnknownBrowse
                                sims-4-updater-v1.3.4.exeGet hashmaliciousUnknownBrowse
                                  leo.batGet hashmaliciousBraodoBrowse
                                    cat.batGet hashmaliciousBraodoBrowse
                                      chim.batGet hashmaliciousBraodoBrowse
                                        siu.batGet hashmaliciousBraodoBrowse
                                          rom.batGet hashmaliciousUnknownBrowse
                                            HjiFq7hzLA.lnkGet hashmaliciousMalLnkBrowse
                                              205.batGet hashmaliciousUnknownBrowse
                                                C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dllBypass Apk.exeGet hashmaliciousUnknownBrowse
                                                  Bypass Apk.exeGet hashmaliciousUnknownBrowse
                                                    sims-4-updater-v1.3.4.exeGet hashmaliciousUnknownBrowse
                                                      rom.batGet hashmaliciousUnknownBrowse
                                                        SecuriteInfo.com.W32.PossibleThreat.28513.13103.exeGet hashmaliciousUnknownBrowse
                                                          SecuriteInfo.com.Trojan.PWS.Stealer.39881.18601.16388.exeGet hashmaliciousUnknownBrowse
                                                            v.1.6.3__x64__.msiGet hashmaliciousLegionLoaderBrowse
                                                              v.1.5.4__x64__.msiGet hashmaliciousLegionLoaderBrowse
                                                                H2f8SkAvdV.exeGet hashmaliciousBlank Grabber, XWormBrowse
                                                                  SolaraV3.exeGet hashmaliciousBlank GrabberBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\VCRUNTIME140.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):98224
                                                                    Entropy (8bit):6.452201564717313
                                                                    Encrypted:false
                                                                    SSDEEP:1536:ywqHLG4SsAzAvadZw+1Hcx8uIYNUzUoHA4decbK/zJNuw6z5U:ytrfZ+jPYNzoHA4decbK/FNu51U
                                                                    MD5:F34EB034AA4A9735218686590CBA2E8B
                                                                    SHA1:2BC20ACDCB201676B77A66FA7EC6B53FA2644713
                                                                    SHA-256:9D2B40F0395CC5D1B4D5EA17B84970C29971D448C37104676DB577586D4AD1B1
                                                                    SHA-512:D27D5E65E8206BD7923CF2A3C4384FEC0FC59E8BC29E25F8C03D039F3741C01D1A8C82979D7B88C10B209DB31FBBEC23909E976B3EE593DC33481F0050A445AF
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                    • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                    • Filename: sims-4-updater-v1.3.4.exe, Detection: malicious, Browse
                                                                    • Filename: rom.bat, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.W32.PossibleThreat.28513.13103.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.Trojan.PWS.Stealer.39881.18601.16388.exe, Detection: malicious, Browse
                                                                    • Filename: v.1.6.3__x64__.msi, Detection: malicious, Browse
                                                                    • Filename: v.1.5.4__x64__.msi, Detection: malicious, Browse
                                                                    • Filename: H2f8SkAvdV.exe, Detection: malicious, Browse
                                                                    • Filename: SolaraV3.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...%|.a.........." .........`......p................................................{....`A.........................................B..4....J...............p..X....X...'..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_bz2.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):83736
                                                                    Entropy (8bit):6.595094797707322
                                                                    Encrypted:false
                                                                    SSDEEP:1536:hXOz78ZqjUyAsIi7W/5+D8W35mjZm35ILCVM7SyfYPxe:pOzwpyAFi7WMgW34jZm35ILCVMZoxe
                                                                    MD5:86D1B2A9070CD7D52124126A357FF067
                                                                    SHA1:18E30446FE51CED706F62C3544A8C8FDC08DE503
                                                                    SHA-256:62173A8FADD4BF4DD71AB89EA718754AA31620244372F0C5BBBAE102E641A60E
                                                                    SHA-512:7DB4B7E0C518A02AE901F4B24E3860122ACC67E38E73F98F993FE99EB20BB3AA539DB1ED40E63D6021861B54F34A5F5A364907FFD7DA182ADEA68BBDD5C2B535
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                    • Filename: Bypass Apk.exe, Detection: malicious, Browse
                                                                    • Filename: sims-4-updater-v1.3.4.exe, Detection: malicious, Browse
                                                                    • Filename: leo.bat, Detection: malicious, Browse
                                                                    • Filename: cat.bat, Detection: malicious, Browse
                                                                    • Filename: chim.bat, Detection: malicious, Browse
                                                                    • Filename: siu.bat, Detection: malicious, Browse
                                                                    • Filename: rom.bat, Detection: malicious, Browse
                                                                    • Filename: HjiFq7hzLA.lnk, Detection: malicious, Browse
                                                                    • Filename: 205.bat, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.>...m...m...m.}<m...m.p.l...m.jRm...m.p.l...m.p.l...m.p.l...mup.l...m.}.l...m...m...mup.l...mup.l...mupPm...mup.l...mRich...m................PE..d.....,d.........." .........\..............................................P............`......................................... ...H...h........0....... ..,......../...@......`...T...............................8............................................text.............................. ..`.rdata...=.......>..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_decimal.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):254744
                                                                    Entropy (8bit):6.564308911485739
                                                                    Encrypted:false
                                                                    SSDEEP:6144:3LT2sto29vTlN5cdIKdo4/3VaV8FlBa9qWMa3pLW1A/T8O51j4iab9M:H2s/9vTlPcdk4vVtFU98iIu
                                                                    MD5:20C77203DDF9FF2FF96D6D11DEA2EDCF
                                                                    SHA1:0D660B8D1161E72C993C6E2AB0292A409F6379A5
                                                                    SHA-256:9AAC010A424C757C434C460C3C0A6515D7720966AB64BAD667539282A17B4133
                                                                    SHA-512:2B24346ECE2CBD1E9472A0E70768A8B4A5D2C12B3D83934F22EBDC9392D9023DCB44D2322ADA9EDBE2EB0E2C01B5742D2A83FA57CA23054080909EC6EB7CF3CA
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........76..VX..VX..VX.....VX..#Y..VX..#]..VX..#\..VX..#[..VX.t#Y..VX...Y..VX..VY.+VX.t#[..VX.t#U..VX.t#X..VX.t#...VX.t#Z..VX.Rich.VX.........................PE..d.....,d.........." .....|...:.......................................................r....`..........................................T..P...0U...................'......./......<...0...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_hashlib.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):64792
                                                                    Entropy (8bit):6.223467179037751
                                                                    Encrypted:false
                                                                    SSDEEP:1536:/smKJPganCspF1dqZAC2QjP2RILOIld7SyEPxDF:/smKpgNoF1dqZDnjP2RILOIv2xB
                                                                    MD5:D4674750C732F0DB4C4DD6A83A9124FE
                                                                    SHA1:FD8D76817ABC847BB8359A7C268ACADA9D26BFD5
                                                                    SHA-256:CAA4D2F8795E9A55E128409CC016E2CC5C694CB026D7058FC561E4DD131ED1C9
                                                                    SHA-512:97D57CFB80DD9DD822F2F30F836E13A52F771EE8485BC0FD29236882970F6BFBDFAAC3F2E333BBA5C25C20255E8C0F5AD82D8BC8A6B6E2F7A07EA94A9149C81E
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..b?..b?..b?......b?..>..b?..:..b?..;..b?..<..b?.2.>..b?..>..b?.7.>..b?..b>.pb?.2.2..b?.2.?..b?.2....b?.2.=..b?.Rich.b?.........PE..d.....,d.........." .....P...........<....................................................`............................................P...0............................/......T....k..T............................k..8............`.. ............................text....N.......P.................. ..`.rdata..4P...`...R...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_lzma.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):158488
                                                                    Entropy (8bit):6.8491143497239655
                                                                    Encrypted:false
                                                                    SSDEEP:3072:j0k3SXjD9aWpAn3rb7SbuDlvNgS4fWqEznfo9mNoFTSlXZ8Ax5ILZ1GIxq:j0kiXjD9v8X7Euk4wYOFTafxn
                                                                    MD5:7447EFD8D71E8A1929BE0FAC722B42DC
                                                                    SHA1:6080C1B84C2DCBF03DCC2D95306615FF5FCE49A6
                                                                    SHA-256:60793C8592193CFBD00FD3E5263BE4315D650BA4F9E4FDA9C45A10642FD998BE
                                                                    SHA-512:C6295D45ED6C4F7534C1A38D47DDC55FEA8B9F62BBDC0743E4D22E8AD0484984F8AB077B73E683D0A92D11BF6588A1AE395456CFA57DA94BB2A6C4A1B07984DE
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.M...M...M...D..I.......O.......F.......E.......N.......N.......O...M...(.......w.......L.......L.......L...RichM...................PE..d...&.,d.........." .....`..........p3...............................................4....`.............................................L.......x....`.......@.......<.../...p..D...H{..T............................{..8............p...............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`.......0..............@..@.reloc..D....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_socket.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):79128
                                                                    Entropy (8bit):6.284790077237953
                                                                    Encrypted:false
                                                                    SSDEEP:1536:ZmtvsXhgzrojAs9/s+S+pGLypbyxk/DDTBVILLwX7SyiPx9:c56OzyAs9/sT+pGLypb+k/XFVILLwX4f
                                                                    MD5:819166054FEC07EFCD1062F13C2147EE
                                                                    SHA1:93868EBCD6E013FDA9CD96D8065A1D70A66A2A26
                                                                    SHA-256:E6DEB751039CD5424A139708475CE83F9C042D43E650765A716CB4A924B07E4F
                                                                    SHA-512:DA3A440C94CB99B8AF7D2BC8F8F0631AE9C112BD04BADF200EDBF7EA0C48D012843B4A9FB9F1E6D3A9674FD3D4EB6F0FA78FD1121FAD1F01F3B981028538B666
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:...:...:...3.i.<...h...8...h...6...h...2...h...9.......8...:.......q...=.......;.......;.......;.......;...Rich:...........PE..d.....,d.........." .....l...........%.......................................P............`.............................................P............0....... ..<......../...@..........T..............................8............................................text...fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\_ssl.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):160536
                                                                    Entropy (8bit):6.027748879187965
                                                                    Encrypted:false
                                                                    SSDEEP:3072:OwYiZ+PtocHnVXhLlasuvMETxoEBA+nbUtGnBSonJCNI5ILC7Gax1:FYk+PtocHVxx/uvPCEwhGJ
                                                                    MD5:7910FB2AF40E81BEE211182CFFEC0A06
                                                                    SHA1:251482ED44840B3C75426DD8E3280059D2CA06C6
                                                                    SHA-256:D2A7999E234E33828888AD455BAA6AB101D90323579ABC1095B8C42F0F723B6F
                                                                    SHA-512:BFE6506FEB27A592FE9CF1DB7D567D0D07F148EF1A2C969F1E4F7F29740C6BB8CCF946131E65FE5AA8EDE371686C272B0860BD4C0C223195AAA1A44F59301B27
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.-...-...-.....-...,...-...(...-...)...-.......-.W.,...-.R.,...-...,...-...,...-.W. ...-.W.-...-.W....-.W./...-.Rich..-.................PE..d.....,d.........." ................l*..............................................%.....`.............................................d...........`.......P.......D.../...p..8.......T...............................8............................................text...(........................... ..`.rdata..6...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\base_library.zip

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                    Category:dropped
                                                                    Size (bytes):1066352
                                                                    Entropy (8bit):5.671261187425041
                                                                    Encrypted:false
                                                                    SSDEEP:12288:cgYJu4KXWyBC6S4IE/8A4a2YW63dOVwx/fpEWer/3u+E0SLMNA:cgYJiVB+La2VlVwx/fpEWe7u+E/MNA
                                                                    MD5:09A3FF9CE0B161D6C00993BBBECC5CDA
                                                                    SHA1:F268EAF07FDDF61CA6F2864A8EB5C2F4AEEB3799
                                                                    SHA-256:10A109D61278F442E1B9CB4482275D651F66A6077C9BA6C0285D08BD942582A9
                                                                    SHA-512:4D615FF20431DBD3261AF9ECC1A18329665CA8ACD3A15F89392AA81795E3A2E54BEBD7ECAB42A039547EC0DC8706EF4C512FEA98299488FE810108307BE2AE9F
                                                                    Malicious:false
                                                                    Preview:PK..........!..,..5...5......._collections_abc.pyco....................................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\libcrypto-1_1.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):3450648
                                                                    Entropy (8bit):6.098075450035195
                                                                    Encrypted:false
                                                                    SSDEEP:98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
                                                                    MD5:9D7A0C99256C50AFD5B0560BA2548930
                                                                    SHA1:76BD9F13597A46F5283AA35C30B53C21976D0824
                                                                    SHA-256:9B7B4A0AD212095A8C2E35C71694D8A1764CD72A829E8E17C8AFE3A55F147939
                                                                    SHA-512:CB39AA99B9D98C735FDACF1C5ED68A4D09D11F30262B91F6AA48C3F8520EFF95E499400D0CE7E280CA7A90FF6D7141D2D893EF0B33A8803A1CADB28BA9A9E3E2
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].q...q...q....M..q.......q.......q.......q.......q...q..[q.......q.......q.......s.......q....!..q.......q..Rich.q..........................PE..d......c.........." ..."..$.................................................. 5......%5...`.........................................../..h...Z4.@.....4.|.....2......x4../....4..O....-.8.............................-.@............P4..............................text.....$.......$................. ..`.rdata..&.....%.......$.............@..@.data...!z....2..,....1.............@....pdata........2.......2.............@..@.idata..^#...P4..$....3.............@..@.00cfg..u.....4.......3.............@..@.rsrc...|.....4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\libssl-1_1.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):704792
                                                                    Entropy (8bit):5.5573527806738126
                                                                    Encrypted:false
                                                                    SSDEEP:12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
                                                                    MD5:BEC0F86F9DA765E2A02C9237259A7898
                                                                    SHA1:3CAA604C3FFF88E71F489977E4293A488FB5671C
                                                                    SHA-256:D74CE01319AE6F54483A19375524AA39D9F5FD91F06CF7DF238CA25E043130FD
                                                                    SHA-512:FFBC4E5FFDB49704E7AA6D74533E5AF76BBE5DB297713D8E59BD296143FE5F145FBB616B343EED3C48ECEACCCCC2431630470D8975A4A17C37EAFCC12EDD19F4
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1}q.1}q.1}q.8..=}q.~.p.3}q.z.p.3}q.~.t.=}q.~.u.9}q.~.r.5}q...p.2}q.1}p..|q...u..}q...q.0}q.....0}q...s.0}q.Rich1}q.........PE..d......c.........." ...".D...T......<................................................i....`..........................................A...N..@U..........s........N......./......h.......8...............................@............@..@............................text....B.......D.................. ..`.rdata.../...`...0...H..............@..@.data...AM.......D...x..............@....pdata...V.......X..................@..@.idata..%W...@...X..................@..@.00cfg..u............l..............@..@.rsrc...s............n..............@..@.reloc..q............v..............@..B................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\python310.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):4458776
                                                                    Entropy (8bit):6.460390021076921
                                                                    Encrypted:false
                                                                    SSDEEP:49152:myrXfGIy+Bqk5c5Ad2nwZT3Q6wsV136cR2DZvbK30xLNZcAgVBvcpYcvl1IDWbH3:Uw5tVBlicWdvoDkHUMF7Ph/qe
                                                                    MD5:63A1FA9259A35EAEAC04174CECB90048
                                                                    SHA1:0DC0C91BCD6F69B80DCDD7E4020365DD7853885A
                                                                    SHA-256:14B06796F288BC6599E458FB23A944AB0C843E9868058F02A91D4606533505ED
                                                                    SHA-512:896CAA053F48B1E4102E0F41A7D13D932A746EEA69A894AE564EF5A84EF50890514DECA6496E915AAE40A500955220DBC1B1016FE0B8BCDDE0AD81B2917DEA8B
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<...<...<...I...<...Sc..<...I...<...I...<...I...<...D...<...D...<...<...=..+I../<..+I...<..+Ia..<..+I...<..Rich.<..........................PE..d.....,d.........." .....V#..v!...............................................E.....".D...`.........................................`.<.....@.=.|.....D......`B.......C../....D..t....$.T...........................P.$.8............p#.8............................text...bT#......V#................. ..`.rdata...B...p#..D...Z#.............@..@.data... .....=.......=.............@....pdata.......`B......HA.............@..@PyRuntim`....pD......VC.............@....rsrc.........D......ZC.............@..@.reloc...t....D..v...dC.............@..B........................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\select.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):29976
                                                                    Entropy (8bit):6.627859470728624
                                                                    Encrypted:false
                                                                    SSDEEP:768:gUC2hwhVHqOmEVILQG35YiSyvrYPxWEl6:FC2ehVKOmEVILQGp7SyEPxe
                                                                    MD5:A653F35D05D2F6DEBC5D34DADDD3DFA1
                                                                    SHA1:1A2CEEC28EA44388F412420425665C3781AF2435
                                                                    SHA-256:DB85F2F94D4994283E1055057372594538AE11020389D966E45607413851D9E9
                                                                    SHA-512:5AEDE99C3BE25B1A962261B183AE7A7FB92CB0CB866065DC9CD7BB5FF6F41CC8813D2CC9DE54670A27B3AD07A33B833EAA95A5B46DAD7763CA97DFA0C1CE54C9
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!.F.O.F.O.F.O.O...D.O...N.D.O...J.M.O...K.N.O...L.B.O...N.D.O.F.N...O...N.C.O...B.G.O...O.G.O....G.O...M.G.O.RichF.O.................PE..d.....,d.........." .........0......................................................;\....`.........................................`@..L....@..x....p.......`.......F.../......H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI52482\unicodedata.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1123608
                                                                    Entropy (8bit):5.3853088605790385
                                                                    Encrypted:false
                                                                    SSDEEP:12288:6mwlRMmuZ63NTQCb5Pfhnzr0ql8L8kcM7IRG5eeme6VZyrIBHdQLhfFE+uQfk:ulRuUZV0m8UMMREtV6Vo4uYQfk
                                                                    MD5:81D62AD36CBDDB4E57A91018F3C0816E
                                                                    SHA1:FE4A4FC35DF240B50DB22B35824E4826059A807B
                                                                    SHA-256:1FB2D66C056F69E8BBDD8C6C910E72697874DAE680264F8FB4B4DF19AF98AA2E
                                                                    SHA-512:7D15D741378E671591356DFAAD4E1E03D3F5456CBDF87579B61D02A4A52AB9B6ECBFFAD3274CEDE8C876EA19EAEB8BA4372AD5986744D430A29F50B9CAFFB75D
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$z.eJ).eJ).eJ)...).eJ)..K(.eJ)..O(.eJ)..N(.eJ)..I(.eJ)|.K(.eJ)..K(.eJ).eK).eJ)|.G(.eJ)|.J(.eJ)|..).eJ)|.H(.eJ)Rich.eJ)........................PE..d.....,d.........." .....B.......... *.......................................@......Q.....`.............................................X............ ..........H......../...0.......`..T........................... a..8............`..x............................text...9A.......B.................. ..`.rdata.......`.......F..............@..@.data...............................@....pdata..H...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                    \Device\ConDrv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\PumpBot.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):77
                                                                    Entropy (8bit):4.499329235946603
                                                                    Encrypted:false
                                                                    SSDEEP:3:vkeF4IABFReNmI4FnjG7QUAuF5QEyn:tKMmI41G763
                                                                    MD5:52628A56C7D1B2860954588F73617CC1
                                                                    SHA1:94C0FB15145C69BE6193D90CE83D4D2E0EE23486
                                                                    SHA-256:6BBCA8AD9E0BE5142D8D9065B6458E6BDE878F43E59DADB277AF2252A551432F
                                                                    SHA-512:2ADE96298BA7F98774C7D0E594D52E7E5B9195326577BB76B7E1B39C0003F4D67E88CAEA935F80317CEBA8D5A33E059C13AA8F39A0069DC1B96AB48FA1BE6810
                                                                    Malicious:false
                                                                    Preview:[5724] Failed to execute script 'AiBotPortable' due to unhandled exception!..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32+ executable (console) x86-64, for MS Windows
                                                                    Entropy (8bit):7.979158530118126
                                                                    TrID:
                                                                    • Win64 Executable Console (202006/5) 92.65%
                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:PumpBot.exe
                                                                    File size:5'957'263 bytes
                                                                    MD5:6a0748cef7672d8c10da160a9f9d3e7c
                                                                    SHA1:41e707866b91bf5509091b0949fccaa8cbe73908
                                                                    SHA256:b8cf4fc945a0c0401f6931467f4ddf2f58a017e932a87b3ddaa0bb925ef78231
                                                                    SHA512:8a48662feba2df3c426dcd086a5401d3344334098cfc002bf3c63b8920e5af05d1780da470fe672395b5acc60bb41a5a86e40b746f1ddd867010e1aa2255da61
                                                                    SSDEEP:98304:uJIfoZMD/x/0feyGutbQ940BDlgwdnpka9R/k9t+2MGt+NqkBUAcILzE:uJPuDfyGuwBdnpkYRM6IkO2L
                                                                    TLSH:AE56239472900CD4D8B2E23FB9C39616E5FE74124385DA83537887662E13BB4BE7A743
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............p...p...p...s...p...u.=.p...t...p.......p...u...p...t...p...s...p...q...p...q...p.B.t...p.B.r...p.Rich..p................

                                                                    File Icon

                                                                    Icon Hash:2b6de5e46c5d5b5b

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x14000a6a0
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x140000000
                                                                    Subsystem:windows cui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x66E87CD8 [Mon Sep 16 18:45:44 2024 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:2
                                                                    File Version Major:5
                                                                    File Version Minor:2
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:2
                                                                    Import Hash:ba5546933531fafa869b1f86a4e2a959

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007F9BCCEB424Ch
                                                                    dec eax
                                                                    add esp, 28h
                                                                    jmp 00007F9BCCEB3E4Fh
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007F9BCCEB4794h
                                                                    test eax, eax
                                                                    je 00007F9BCCEB4003h
                                                                    dec eax
                                                                    mov eax, dword ptr [00000030h]
                                                                    dec eax
                                                                    mov ecx, dword ptr [eax+08h]
                                                                    jmp 00007F9BCCEB3FE7h
                                                                    dec eax
                                                                    cmp ecx, eax
                                                                    je 00007F9BCCEB3FF6h
                                                                    xor eax, eax
                                                                    dec eax
                                                                    cmpxchg dword ptr [00041E8Ch], ecx
                                                                    jne 00007F9BCCEB3FD0h
                                                                    xor al, al
                                                                    dec eax
                                                                    add esp, 28h
                                                                    ret
                                                                    mov al, 01h
                                                                    jmp 00007F9BCCEB3FD9h
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    movzx eax, byte ptr [00041E77h]
                                                                    test ecx, ecx
                                                                    mov ebx, 00000001h
                                                                    cmove eax, ebx
                                                                    mov byte ptr [00041E67h], al
                                                                    call 00007F9BCCEB4593h
                                                                    call 00007F9BCCEB56C2h
                                                                    test al, al
                                                                    jne 00007F9BCCEB3FE6h
                                                                    xor al, al
                                                                    jmp 00007F9BCCEB3FF6h
                                                                    call 00007F9BCCEC2AA1h
                                                                    test al, al
                                                                    jne 00007F9BCCEB3FEBh
                                                                    xor ecx, ecx
                                                                    call 00007F9BCCEB56D2h
                                                                    jmp 00007F9BCCEB3FCCh
                                                                    mov al, bl
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    ret
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    cmp byte ptr [00041E2Ch], 00000000h
                                                                    mov ebx, ecx
                                                                    jne 00007F9BCCEB4049h
                                                                    cmp ecx, 01h
                                                                    jnbe 00007F9BCCEB404Ch
                                                                    call 00007F9BCCEB46FAh
                                                                    test eax, eax
                                                                    je 00007F9BCCEB400Ah

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3bb940x3c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x10eb6.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20e8.pdata
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x630000x75c.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x393500x1c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x392100x140.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x350.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x288900x28a007c71956ea75242f33df45f4d2c19a4d8False0.5562019230769231zlib compressed data6.489977853279916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x2a0000x1271a0x12800d7969543917262a5d4ea29600d053f8cFalse0.5159549197635135data5.846291126830796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x3d0000x103f80xe009bd2cebaa3285e8e266c4c373a15119dFalse0.13337053571428573DOS executable (block device driver \377\3)1.808915577448681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .pdata0x4e0000x20e80x2200f2a57235499cb8c84daf2de6f18a85ebFalse0.4756433823529412data5.330974160786823IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    _RDATA0x510000x15c0x20032c20bb907888de565d4d8836d097016False0.392578125data2.795351059303424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x520000x10eb60x11000a1a418bfd2049edd6f6cf58ba898b516False0.21599264705882354data3.8280613293862067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x630000x75c0x800b7279c82d58eeae8dc663879402c6f2eFalse0.54296875data5.238892234772638IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0x520e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 30236 x 30236 px/m0.20968886785756535
                                                                    RT_GROUP_ICON0x629100x14data1.15
                                                                    RT_MANIFEST0x629240x592XML 1.0 document, ASCII text, with CRLF line terminators0.4488078541374474

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, WriteConsoleW, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, FreeLibrary, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, HeapReAlloc, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, SetEndOfFile
                                                                    ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                    Network Behavior

                                                                    No network behavior found

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:17:22:59
                                                                    Start date:30/10/2024
                                                                    Path:C:\Users\user\Desktop\PumpBot.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\PumpBot.exe"
                                                                    Imagebase:0x7ff7a0fe0000
                                                                    File size:5'957'263 bytes
                                                                    MD5 hash:6A0748CEF7672D8C10DA160A9F9D3E7C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:1
                                                                    Start time:17:22:59
                                                                    Start date:30/10/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff66e660000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:3
                                                                    Start time:17:23:00
                                                                    Start date:30/10/2024
                                                                    Path:C:\Users\user\Desktop\PumpBot.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\PumpBot.exe"
                                                                    Imagebase:0x7ff7a0fe0000
                                                                    File size:5'957'263 bytes
                                                                    MD5 hash:6A0748CEF7672D8C10DA160A9F9D3E7C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:11.8%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:16.8%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:66
                                                                      execution_graph 18704 7ff7a1000620 18722 7ff7a0fff808 EnterCriticalSection 18704->18722 15212 7ff7a0fea51c 15233 7ff7a0fea6fc 15212->15233 15215 7ff7a0fea673 15340 7ff7a0feaa2c IsProcessorFeaturePresent 15215->15340 15216 7ff7a0fea53d __scrt_acquire_startup_lock 15218 7ff7a0fea67d 15216->15218 15223 7ff7a0fea55b __scrt_release_startup_lock 15216->15223 15219 7ff7a0feaa2c 7 API calls 15218->15219 15221 7ff7a0fea688 _CallSETranslator 15219->15221 15220 7ff7a0fea580 15222 7ff7a0fea606 15241 7ff7a0ff8738 15222->15241 15223->15220 15223->15222 15329 7ff7a0ff8ae4 15223->15329 15226 7ff7a0fea60b 15247 7ff7a0fe1000 15226->15247 15230 7ff7a0fea62f 15230->15221 15336 7ff7a0fea890 15230->15336 15347 7ff7a0feaccc 15233->15347 15236 7ff7a0fea72b 15349 7ff7a0ff91ec 15236->15349 15237 7ff7a0fea535 15237->15215 15237->15216 15242 7ff7a0ff8748 15241->15242 15245 7ff7a0ff875d 15241->15245 15242->15245 15392 7ff7a0ff81c8 15242->15392 15245->15226 15248 7ff7a0fe1011 15247->15248 15454 7ff7a0fe67c0 15248->15454 15250 7ff7a0fe1023 15461 7ff7a0ff4f7c 15250->15461 15252 7ff7a0fe27ab 15468 7ff7a0fe1af0 15252->15468 15256 7ff7a0fea100 _wfindfirst32i64 8 API calls 15257 7ff7a0fe28de 15256->15257 15334 7ff7a0feab80 GetModuleHandleW 15257->15334 15258 7ff7a0fe27c9 15321 7ff7a0fe28ca 15258->15321 15484 7ff7a0fe2c50 15258->15484 15260 7ff7a0fe27fb 15260->15321 15487 7ff7a0fe5af0 15260->15487 15262 7ff7a0fe2817 15263 7ff7a0fe2863 15262->15263 15264 7ff7a0fe5af0 92 API calls 15262->15264 15502 7ff7a0fe60f0 15263->15502 15270 7ff7a0fe2838 __std_exception_copy 15264->15270 15266 7ff7a0fe2878 15506 7ff7a0fe19d0 15266->15506 15269 7ff7a0fe296d 15272 7ff7a0fe2998 15269->15272 15628 7ff7a0fe24a0 15269->15628 15270->15263 15275 7ff7a0fe60f0 89 API calls 15270->15275 15271 7ff7a0fe19d0 121 API calls 15274 7ff7a0fe28ae 15271->15274 15283 7ff7a0fe29db 15272->15283 15517 7ff7a0fe6db0 15272->15517 15278 7ff7a0fe28f0 15274->15278 15279 7ff7a0fe28b2 15274->15279 15275->15263 15277 7ff7a0fe29b8 15280 7ff7a0fe29ce SetDllDirectoryW 15277->15280 15281 7ff7a0fe29bd 15277->15281 15278->15269 15605 7ff7a0fe2de0 15278->15605 15599 7ff7a0fe1c50 15279->15599 15280->15283 15284 7ff7a0fe1c50 86 API calls 15281->15284 15531 7ff7a0fe4fa0 15283->15531 15284->15321 15289 7ff7a0fe2912 15294 7ff7a0fe1c50 86 API calls 15289->15294 15290 7ff7a0fe2a36 15297 7ff7a0fe2af6 15290->15297 15305 7ff7a0fe2a49 15290->15305 15293 7ff7a0fe2940 15293->15269 15296 7ff7a0fe2945 15293->15296 15294->15321 15295 7ff7a0fe29f8 15295->15290 15642 7ff7a0fe47a0 15295->15642 15624 7ff7a0fee60c 15296->15624 15535 7ff7a0fe2330 15297->15535 15303 7ff7a0fe2a2c 15309 7ff7a0fe49f0 FreeLibrary 15303->15309 15304 7ff7a0fe2a0d 15662 7ff7a0fe4730 15304->15662 15310 7ff7a0fe2a95 15305->15310 15736 7ff7a0fe1b30 15305->15736 15309->15290 15310->15321 15740 7ff7a0fe22d0 15310->15740 15311 7ff7a0fe2a17 15311->15303 15313 7ff7a0fe2a1b 15311->15313 15312 7ff7a0fe2b2b 15314 7ff7a0fe5af0 92 API calls 15312->15314 15730 7ff7a0fe4df0 15313->15730 15319 7ff7a0fe2b37 15314->15319 15317 7ff7a0fe2ad1 15320 7ff7a0fe49f0 FreeLibrary 15317->15320 15319->15321 15552 7ff7a0fe6130 15319->15552 15320->15321 15321->15256 15330 7ff7a0ff8b1c 15329->15330 15331 7ff7a0ff8afb 15329->15331 17980 7ff7a0ff9238 15330->17980 15331->15222 15335 7ff7a0feab91 15334->15335 15335->15230 15337 7ff7a0fea8a1 15336->15337 15338 7ff7a0fea646 15337->15338 15339 7ff7a0febe28 __scrt_initialize_crt 7 API calls 15337->15339 15338->15220 15339->15338 15341 7ff7a0feaa52 _wfindfirst32i64 memcpy_s 15340->15341 15342 7ff7a0feaa71 RtlCaptureContext RtlLookupFunctionEntry 15341->15342 15343 7ff7a0feaad6 memcpy_s 15342->15343 15344 7ff7a0feaa9a RtlVirtualUnwind 15342->15344 15345 7ff7a0feab08 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15343->15345 15344->15343 15346 7ff7a0feab5a _wfindfirst32i64 15345->15346 15346->15218 15348 7ff7a0fea71e __scrt_dllmain_crt_thread_attach 15347->15348 15348->15236 15348->15237 15350 7ff7a100264c 15349->15350 15351 7ff7a0fea730 15350->15351 15359 7ff7a0ffbb50 15350->15359 15351->15237 15353 7ff7a0febe28 15351->15353 15354 7ff7a0febe30 15353->15354 15355 7ff7a0febe3a 15353->15355 15371 7ff7a0fec1a4 15354->15371 15355->15237 15370 7ff7a0fff808 EnterCriticalSection 15359->15370 15372 7ff7a0fec1b3 15371->15372 15374 7ff7a0febe35 15371->15374 15379 7ff7a0fec3e0 15372->15379 15375 7ff7a0fec210 15374->15375 15376 7ff7a0fec23b 15375->15376 15377 7ff7a0fec23f 15376->15377 15378 7ff7a0fec21e DeleteCriticalSection 15376->15378 15377->15355 15378->15376 15383 7ff7a0fec248 15379->15383 15384 7ff7a0fec362 TlsFree 15383->15384 15390 7ff7a0fec28c __vcrt_FlsAlloc 15383->15390 15385 7ff7a0fec2ba LoadLibraryExW 15387 7ff7a0fec331 15385->15387 15388 7ff7a0fec2db GetLastError 15385->15388 15386 7ff7a0fec351 GetProcAddress 15386->15384 15387->15386 15389 7ff7a0fec348 FreeLibrary 15387->15389 15388->15390 15389->15386 15390->15384 15390->15385 15390->15386 15391 7ff7a0fec2fd LoadLibraryExW 15390->15391 15391->15387 15391->15390 15393 7ff7a0ff81e1 15392->15393 15404 7ff7a0ff81dd 15392->15404 15413 7ff7a1001bfc GetEnvironmentStringsW 15393->15413 15396 7ff7a0ff81ee 15398 7ff7a0ff9f78 __free_lconv_num 11 API calls 15396->15398 15397 7ff7a0ff81fa 15420 7ff7a0ff8348 15397->15420 15398->15404 15401 7ff7a0ff9f78 __free_lconv_num 11 API calls 15402 7ff7a0ff8221 15401->15402 15403 7ff7a0ff9f78 __free_lconv_num 11 API calls 15402->15403 15403->15404 15404->15245 15405 7ff7a0ff8588 15404->15405 15406 7ff7a0ff85ab 15405->15406 15411 7ff7a0ff85c2 15405->15411 15406->15245 15407 7ff7a0ffdeb8 _get_daylight 11 API calls 15407->15411 15408 7ff7a0ff8636 15410 7ff7a0ff9f78 __free_lconv_num 11 API calls 15408->15410 15409 7ff7a0ffe870 MultiByteToWideChar _fread_nolock 15409->15411 15410->15406 15411->15406 15411->15407 15411->15408 15411->15409 15412 7ff7a0ff9f78 __free_lconv_num 11 API calls 15411->15412 15412->15411 15414 7ff7a0ff81e6 15413->15414 15416 7ff7a1001c20 15413->15416 15414->15396 15414->15397 15415 7ff7a0ffcc2c _fread_nolock 12 API calls 15417 7ff7a1001c57 memcpy_s 15415->15417 15416->15415 15418 7ff7a0ff9f78 __free_lconv_num 11 API calls 15417->15418 15419 7ff7a1001c77 FreeEnvironmentStringsW 15418->15419 15419->15414 15421 7ff7a0ff8370 15420->15421 15422 7ff7a0ffdeb8 _get_daylight 11 API calls 15421->15422 15434 7ff7a0ff83ab 15422->15434 15423 7ff7a0ff83b3 15424 7ff7a0ff9f78 __free_lconv_num 11 API calls 15423->15424 15425 7ff7a0ff8202 15424->15425 15425->15401 15426 7ff7a0ff842d 15427 7ff7a0ff9f78 __free_lconv_num 11 API calls 15426->15427 15427->15425 15428 7ff7a0ffdeb8 _get_daylight 11 API calls 15428->15434 15429 7ff7a0ff841c 15448 7ff7a0ff8464 15429->15448 15433 7ff7a0ff8450 15436 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 15433->15436 15434->15423 15434->15426 15434->15428 15434->15429 15434->15433 15437 7ff7a0ff9f78 __free_lconv_num 11 API calls 15434->15437 15439 7ff7a0fff9a4 15434->15439 15435 7ff7a0ff9f78 __free_lconv_num 11 API calls 15435->15423 15438 7ff7a0ff8462 15436->15438 15437->15434 15440 7ff7a0fff9b1 15439->15440 15441 7ff7a0fff9bb 15439->15441 15440->15441 15446 7ff7a0fff9d7 15440->15446 15442 7ff7a0ff6088 _get_daylight 11 API calls 15441->15442 15443 7ff7a0fff9c3 15442->15443 15444 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 15443->15444 15445 7ff7a0fff9cf 15444->15445 15445->15434 15446->15445 15447 7ff7a0ff6088 _get_daylight 11 API calls 15446->15447 15447->15443 15449 7ff7a0ff8424 15448->15449 15450 7ff7a0ff8469 15448->15450 15449->15435 15451 7ff7a0ff8492 15450->15451 15452 7ff7a0ff9f78 __free_lconv_num 11 API calls 15450->15452 15453 7ff7a0ff9f78 __free_lconv_num 11 API calls 15451->15453 15452->15450 15453->15449 15455 7ff7a0fe67df 15454->15455 15456 7ff7a0fe6830 WideCharToMultiByte 15455->15456 15457 7ff7a0fe67e7 __std_exception_copy 15455->15457 15458 7ff7a0fe6886 WideCharToMultiByte 15455->15458 15459 7ff7a0fe68d8 15455->15459 15456->15455 15456->15459 15457->15250 15458->15455 15458->15459 15768 7ff7a0fe1cb0 15459->15768 15464 7ff7a0ffecc0 15461->15464 15462 7ff7a0ffed13 15463 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15462->15463 15467 7ff7a0ffed3c 15463->15467 15464->15462 15465 7ff7a0ffed66 15464->15465 16118 7ff7a0ffeb98 15465->16118 15467->15252 15469 7ff7a0fe1b05 15468->15469 15470 7ff7a0fe1b20 15469->15470 16126 7ff7a0fe1c10 15469->16126 15470->15321 15472 7ff7a0fe2cd0 15470->15472 16149 7ff7a0fea130 15472->16149 15475 7ff7a0fe2d22 16151 7ff7a0fe6ec0 15475->16151 15476 7ff7a0fe2d0b 15477 7ff7a0fe1cb0 86 API calls 15476->15477 15479 7ff7a0fe2d1e 15477->15479 15482 7ff7a0fea100 _wfindfirst32i64 8 API calls 15479->15482 15481 7ff7a0fe1c50 86 API calls 15481->15479 15483 7ff7a0fe2d5f 15482->15483 15483->15258 15485 7ff7a0fe1b30 49 API calls 15484->15485 15486 7ff7a0fe2c6d 15485->15486 15486->15260 15488 7ff7a0fe5afa 15487->15488 15489 7ff7a0fe6db0 88 API calls 15488->15489 15490 7ff7a0fe5b1c GetEnvironmentVariableW 15489->15490 15491 7ff7a0fe5b34 ExpandEnvironmentStringsW 15490->15491 15492 7ff7a0fe5b86 15490->15492 15493 7ff7a0fe6ec0 88 API calls 15491->15493 15494 7ff7a0fea100 _wfindfirst32i64 8 API calls 15492->15494 15495 7ff7a0fe5b5c 15493->15495 15496 7ff7a0fe5b98 15494->15496 15495->15492 15497 7ff7a0fe5b66 15495->15497 15496->15262 16162 7ff7a0ff926c 15497->16162 15500 7ff7a0fea100 _wfindfirst32i64 8 API calls 15501 7ff7a0fe5b7e 15500->15501 15501->15262 15503 7ff7a0fe6db0 88 API calls 15502->15503 15504 7ff7a0fe6107 SetEnvironmentVariableW 15503->15504 15505 7ff7a0fe611f __std_exception_copy 15504->15505 15505->15266 15507 7ff7a0fe1b30 49 API calls 15506->15507 15508 7ff7a0fe1a00 15507->15508 15509 7ff7a0fe1b30 49 API calls 15508->15509 15515 7ff7a0fe1a7a 15508->15515 15510 7ff7a0fe1a22 15509->15510 15511 7ff7a0fe2c50 49 API calls 15510->15511 15510->15515 15512 7ff7a0fe1a3b 15511->15512 16169 7ff7a0fe17b0 15512->16169 15515->15269 15515->15271 15516 7ff7a0fee60c 74 API calls 15516->15515 15518 7ff7a0fe6dd1 MultiByteToWideChar 15517->15518 15519 7ff7a0fe6e57 MultiByteToWideChar 15517->15519 15520 7ff7a0fe6e1c 15518->15520 15521 7ff7a0fe6df7 15518->15521 15522 7ff7a0fe6e9f 15519->15522 15523 7ff7a0fe6e7a 15519->15523 15520->15519 15528 7ff7a0fe6e32 15520->15528 15524 7ff7a0fe1cb0 86 API calls 15521->15524 15522->15277 15525 7ff7a0fe1cb0 86 API calls 15523->15525 15526 7ff7a0fe6e0a 15524->15526 15527 7ff7a0fe6e8d 15525->15527 15526->15277 15527->15277 15529 7ff7a0fe1cb0 86 API calls 15528->15529 15530 7ff7a0fe6e45 15529->15530 15530->15277 15532 7ff7a0fe4fb5 15531->15532 15533 7ff7a0fe29e0 15532->15533 15534 7ff7a0fe1c10 86 API calls 15532->15534 15533->15290 15632 7ff7a0fe4c40 15533->15632 15534->15533 15537 7ff7a0fe23e4 15535->15537 15544 7ff7a0fe23a3 15535->15544 15536 7ff7a0fe2423 15539 7ff7a0fea100 _wfindfirst32i64 8 API calls 15536->15539 15537->15536 15538 7ff7a0fe1ab0 74 API calls 15537->15538 15538->15537 15540 7ff7a0fe2435 15539->15540 15540->15321 15545 7ff7a0fe6080 15540->15545 15544->15537 16242 7ff7a0fe1440 15544->16242 16276 7ff7a0fe1dc0 15544->16276 16331 7ff7a0fe1780 15544->16331 15546 7ff7a0fe6db0 88 API calls 15545->15546 15547 7ff7a0fe609f 15546->15547 15548 7ff7a0fe6db0 88 API calls 15547->15548 15549 7ff7a0fe60af 15548->15549 15550 7ff7a0ff6818 38 API calls 15549->15550 15551 7ff7a0fe60bd __std_exception_copy 15550->15551 15551->15312 15553 7ff7a0fe6140 15552->15553 15554 7ff7a0fe6db0 88 API calls 15553->15554 15555 7ff7a0fe6171 SetConsoleCtrlHandler GetStartupInfoW 15554->15555 15556 7ff7a0fe61d2 15555->15556 17185 7ff7a0ff92e4 15556->17185 15600 7ff7a0fe1c6e 15599->15600 15601 7ff7a0fe1b90 78 API calls 15600->15601 15602 7ff7a0fe1c8c 15601->15602 15603 7ff7a0fe1d00 86 API calls 15602->15603 15604 7ff7a0fe1c9b 15603->15604 15604->15321 15606 7ff7a0fe2dec 15605->15606 15607 7ff7a0fe6db0 88 API calls 15606->15607 15608 7ff7a0fe2e17 15607->15608 15609 7ff7a0fe6db0 88 API calls 15608->15609 15610 7ff7a0fe2e2a 15609->15610 17241 7ff7a0ff5538 15610->17241 15613 7ff7a0fea100 _wfindfirst32i64 8 API calls 15614 7ff7a0fe290a 15613->15614 15614->15289 15615 7ff7a0fe6360 15614->15615 15616 7ff7a0fe6384 15615->15616 15617 7ff7a0feec94 73 API calls 15616->15617 15620 7ff7a0fe645b __std_exception_copy 15616->15620 15618 7ff7a0fe639e 15617->15618 15618->15620 17620 7ff7a0ff7a9c 15618->17620 15620->15293 15621 7ff7a0feec94 73 API calls 15623 7ff7a0fe63b3 15621->15623 15622 7ff7a0fee95c _fread_nolock 53 API calls 15622->15623 15623->15620 15623->15621 15623->15622 15625 7ff7a0fee63c 15624->15625 17635 7ff7a0fee3e8 15625->17635 15627 7ff7a0fee655 15627->15289 15629 7ff7a0fe24b7 15628->15629 15630 7ff7a0fe24e0 15628->15630 15629->15630 15631 7ff7a0fe1780 86 API calls 15629->15631 15630->15272 15631->15629 15633 7ff7a0fe4c64 15632->15633 15638 7ff7a0fe4c91 15632->15638 15634 7ff7a0fe4c8c 15633->15634 15635 7ff7a0fe4c87 __std_exception_copy memcpy_s 15633->15635 15636 7ff7a0fe1780 86 API calls 15633->15636 15633->15638 17646 7ff7a0fe12b0 15634->17646 15635->15295 15636->15633 15638->15635 17672 7ff7a0fe2e60 15638->17672 15640 7ff7a0fe4cf7 15640->15635 15641 7ff7a0fe1c50 86 API calls 15640->15641 15641->15635 15643 7ff7a0fe47ba memcpy_s 15642->15643 15644 7ff7a0fe48df 15643->15644 15647 7ff7a0fe48fb 15643->15647 15650 7ff7a0fe2e60 49 API calls 15643->15650 15651 7ff7a0fe48c0 15643->15651 15659 7ff7a0fe1440 158 API calls 15643->15659 15660 7ff7a0fe48e1 15643->15660 17675 7ff7a0fe1650 15643->17675 15646 7ff7a0fe2e60 49 API calls 15644->15646 15648 7ff7a0fe4958 15646->15648 15649 7ff7a0fe1c50 86 API calls 15647->15649 15652 7ff7a0fe2e60 49 API calls 15648->15652 15655 7ff7a0fe48f1 __std_exception_copy 15649->15655 15650->15643 15651->15644 15653 7ff7a0fe2e60 49 API calls 15651->15653 15654 7ff7a0fe4988 15652->15654 15653->15644 15658 7ff7a0fe2e60 49 API calls 15654->15658 15656 7ff7a0fea100 _wfindfirst32i64 8 API calls 15655->15656 15657 7ff7a0fe2a09 15656->15657 15657->15303 15657->15304 15658->15655 15659->15643 15661 7ff7a0fe1c50 86 API calls 15660->15661 15661->15655 17680 7ff7a0fe6310 15662->17680 15664 7ff7a0fe4742 15665 7ff7a0fe6310 89 API calls 15664->15665 15666 7ff7a0fe4755 15665->15666 15667 7ff7a0fe477a 15666->15667 15668 7ff7a0fe476d GetProcAddress 15666->15668 15669 7ff7a0fe1c50 86 API calls 15667->15669 15672 7ff7a0fe50fc GetProcAddress 15668->15672 15673 7ff7a0fe50d9 15668->15673 15671 7ff7a0fe4786 15669->15671 15671->15311 15672->15673 15674 7ff7a0fe5121 GetProcAddress 15672->15674 15676 7ff7a0fe1cb0 86 API calls 15673->15676 15674->15673 15675 7ff7a0fe5146 GetProcAddress 15674->15675 15675->15673 15677 7ff7a0fe516e GetProcAddress 15675->15677 15678 7ff7a0fe50ec 15676->15678 15677->15673 15679 7ff7a0fe5196 GetProcAddress 15677->15679 15678->15311 15679->15673 15737 7ff7a0fe1b55 15736->15737 15738 7ff7a0ff3c80 49 API calls 15737->15738 15739 7ff7a0fe1b78 15738->15739 15739->15310 17684 7ff7a0fe3ac0 15740->17684 15743 7ff7a0fe231d 15743->15317 15745 7ff7a0fe22f4 15745->15743 17740 7ff7a0fe3840 15745->17740 15775 7ff7a0fe1d00 15768->15775 15776 7ff7a0fe1d10 15775->15776 15800 7ff7a0ff3c80 15776->15800 15780 7ff7a0fe1d70 15833 7ff7a0fe1b90 15780->15833 15783 7ff7a0fea100 _wfindfirst32i64 8 API calls 15784 7ff7a0fe1cd7 GetLastError 15783->15784 15785 7ff7a0fe6670 15784->15785 15786 7ff7a0fe667c 15785->15786 15787 7ff7a0fe669d FormatMessageW 15786->15787 15788 7ff7a0fe6697 GetLastError 15786->15788 15789 7ff7a0fe66d0 15787->15789 15790 7ff7a0fe66ec WideCharToMultiByte 15787->15790 15788->15787 15793 7ff7a0fe1cb0 83 API calls 15789->15793 15791 7ff7a0fe6726 15790->15791 15792 7ff7a0fe66e3 15790->15792 15794 7ff7a0fe1cb0 83 API calls 15791->15794 15795 7ff7a0fea100 _wfindfirst32i64 8 API calls 15792->15795 15793->15792 15794->15792 15796 7ff7a0fe1ce4 15795->15796 15797 7ff7a0fe1be0 15796->15797 15798 7ff7a0fe1d00 86 API calls 15797->15798 15799 7ff7a0fe1c02 15798->15799 15799->15457 15803 7ff7a0ff3cda 15800->15803 15801 7ff7a0ff3cff 15802 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15801->15802 15806 7ff7a0ff3d29 15802->15806 15803->15801 15804 7ff7a0ff3d3b 15803->15804 15837 7ff7a0ff16c4 15804->15837 15808 7ff7a0fea100 _wfindfirst32i64 8 API calls 15806->15808 15807 7ff7a0ff3e18 15809 7ff7a0ff9f78 __free_lconv_num 11 API calls 15807->15809 15811 7ff7a0fe1d58 15808->15811 15809->15806 15818 7ff7a0fe6bf0 MultiByteToWideChar 15811->15818 15812 7ff7a0ff3ded 15815 7ff7a0ff9f78 __free_lconv_num 11 API calls 15812->15815 15813 7ff7a0ff3e3c 15813->15807 15814 7ff7a0ff3e46 15813->15814 15817 7ff7a0ff9f78 __free_lconv_num 11 API calls 15814->15817 15815->15806 15816 7ff7a0ff3de4 15816->15807 15816->15812 15817->15806 15819 7ff7a0fe6c53 15818->15819 15820 7ff7a0fe6c39 15818->15820 15822 7ff7a0fe6c83 MultiByteToWideChar 15819->15822 15823 7ff7a0fe6c69 15819->15823 15821 7ff7a0fe1cb0 82 API calls 15820->15821 15832 7ff7a0fe6c4c __std_exception_copy 15821->15832 15825 7ff7a0fe6ca6 15822->15825 15826 7ff7a0fe6cc0 WideCharToMultiByte 15822->15826 15824 7ff7a0fe1cb0 82 API calls 15823->15824 15824->15832 15827 7ff7a0fe1cb0 82 API calls 15825->15827 15828 7ff7a0fe6cf6 15826->15828 15830 7ff7a0fe6ced 15826->15830 15827->15832 15829 7ff7a0fe6d1b WideCharToMultiByte 15828->15829 15828->15830 15829->15830 15829->15832 15831 7ff7a0fe1cb0 82 API calls 15830->15831 15831->15832 15832->15780 15834 7ff7a0fe1bb6 15833->15834 16103 7ff7a0ff3b5c 15834->16103 15836 7ff7a0fe1bcc 15836->15783 15838 7ff7a0ff1702 15837->15838 15843 7ff7a0ff16f2 15837->15843 15839 7ff7a0ff170b 15838->15839 15847 7ff7a0ff1739 15838->15847 15842 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15839->15842 15840 7ff7a0ff1731 15840->15807 15840->15812 15840->15813 15840->15816 15841 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15841->15840 15842->15840 15843->15841 15846 7ff7a0ff19e8 15849 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15846->15849 15847->15840 15847->15843 15847->15846 15851 7ff7a0ff2614 15847->15851 15877 7ff7a0ff1ea4 15847->15877 15907 7ff7a0ff120c 15847->15907 15910 7ff7a0ff3830 15847->15910 15849->15843 15852 7ff7a0ff2656 15851->15852 15853 7ff7a0ff26c9 15851->15853 15854 7ff7a0ff26f3 15852->15854 15855 7ff7a0ff265c 15852->15855 15856 7ff7a0ff2723 15853->15856 15857 7ff7a0ff26ce 15853->15857 15934 7ff7a0ff0150 15854->15934 15858 7ff7a0ff2661 15855->15858 15861 7ff7a0ff2732 15855->15861 15856->15854 15856->15861 15875 7ff7a0ff268c 15856->15875 15859 7ff7a0ff2703 15857->15859 15860 7ff7a0ff26d0 15857->15860 15866 7ff7a0ff2671 15858->15866 15867 7ff7a0ff26a4 15858->15867 15858->15875 15941 7ff7a0fefd40 15859->15941 15860->15866 15868 7ff7a0ff26df 15860->15868 15876 7ff7a0ff2761 15861->15876 15948 7ff7a0ff0560 15861->15948 15866->15876 15916 7ff7a0ff2f78 15866->15916 15867->15876 15926 7ff7a0ff3434 15867->15926 15868->15854 15869 7ff7a0ff26e4 15868->15869 15869->15876 15930 7ff7a0ff35cc 15869->15930 15871 7ff7a0fea100 _wfindfirst32i64 8 API calls 15873 7ff7a0ff29f7 15871->15873 15873->15847 15875->15876 15955 7ff7a0ffdb60 15875->15955 15876->15871 15878 7ff7a0ff1ec5 15877->15878 15879 7ff7a0ff1eaf 15877->15879 15880 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15878->15880 15881 7ff7a0ff1f03 15878->15881 15879->15881 15882 7ff7a0ff2656 15879->15882 15883 7ff7a0ff26c9 15879->15883 15880->15881 15881->15847 15884 7ff7a0ff26f3 15882->15884 15885 7ff7a0ff265c 15882->15885 15886 7ff7a0ff2723 15883->15886 15887 7ff7a0ff26ce 15883->15887 15890 7ff7a0ff0150 38 API calls 15884->15890 15894 7ff7a0ff2661 15885->15894 15898 7ff7a0ff2732 15885->15898 15886->15884 15886->15898 15906 7ff7a0ff268c 15886->15906 15888 7ff7a0ff2703 15887->15888 15889 7ff7a0ff26d0 15887->15889 15892 7ff7a0fefd40 38 API calls 15888->15892 15891 7ff7a0ff2671 15889->15891 15896 7ff7a0ff26df 15889->15896 15890->15906 15893 7ff7a0ff2f78 47 API calls 15891->15893 15904 7ff7a0ff2761 15891->15904 15892->15906 15893->15906 15894->15891 15897 7ff7a0ff26a4 15894->15897 15894->15906 15895 7ff7a0ff0560 38 API calls 15895->15906 15896->15884 15899 7ff7a0ff26e4 15896->15899 15900 7ff7a0ff3434 47 API calls 15897->15900 15897->15904 15898->15895 15898->15904 15902 7ff7a0ff35cc 37 API calls 15899->15902 15899->15904 15900->15906 15901 7ff7a0fea100 _wfindfirst32i64 8 API calls 15903 7ff7a0ff29f7 15901->15903 15902->15906 15903->15847 15904->15901 15905 7ff7a0ffdb60 47 API calls 15905->15906 15906->15904 15906->15905 16040 7ff7a0fef314 15907->16040 15911 7ff7a0ff3847 15910->15911 16057 7ff7a0ffccc0 15911->16057 15917 7ff7a0ff2f9a 15916->15917 15965 7ff7a0fef180 15917->15965 15922 7ff7a0ff3830 45 API calls 15924 7ff7a0ff30d7 15922->15924 15923 7ff7a0ff3830 45 API calls 15925 7ff7a0ff3160 15923->15925 15924->15923 15924->15924 15924->15925 15925->15875 15927 7ff7a0ff344c 15926->15927 15929 7ff7a0ff34b4 15926->15929 15928 7ff7a0ffdb60 47 API calls 15927->15928 15927->15929 15928->15929 15929->15875 15931 7ff7a0ff35ed 15930->15931 15932 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15931->15932 15933 7ff7a0ff361e 15931->15933 15932->15933 15933->15875 15935 7ff7a0ff0183 15934->15935 15936 7ff7a0ff01b2 15935->15936 15938 7ff7a0ff026f 15935->15938 15937 7ff7a0fef180 12 API calls 15936->15937 15940 7ff7a0ff01ef 15936->15940 15937->15940 15939 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15938->15939 15939->15940 15940->15875 15942 7ff7a0fefd73 15941->15942 15943 7ff7a0fefda2 15942->15943 15945 7ff7a0fefe5f 15942->15945 15944 7ff7a0fef180 12 API calls 15943->15944 15947 7ff7a0fefddf 15943->15947 15944->15947 15946 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15945->15946 15946->15947 15947->15875 15949 7ff7a0ff0593 15948->15949 15950 7ff7a0ff05c2 15949->15950 15952 7ff7a0ff067f 15949->15952 15951 7ff7a0fef180 12 API calls 15950->15951 15953 7ff7a0ff05ff 15950->15953 15951->15953 15954 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15952->15954 15953->15875 15954->15953 15956 7ff7a0ffdb88 15955->15956 15957 7ff7a0ffdbcd 15956->15957 15958 7ff7a0ff3830 45 API calls 15956->15958 15959 7ff7a0ffdb8d memcpy_s 15956->15959 15961 7ff7a0ffdbb6 memcpy_s 15956->15961 15957->15959 15957->15961 16037 7ff7a0fff138 15957->16037 15958->15957 15959->15875 15960 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15960->15959 15961->15959 15961->15960 15966 7ff7a0fef1b7 15965->15966 15971 7ff7a0fef1a6 15965->15971 15967 7ff7a0ffcc2c _fread_nolock 12 API calls 15966->15967 15966->15971 15968 7ff7a0fef1e4 15967->15968 15970 7ff7a0ff9f78 __free_lconv_num 11 API calls 15968->15970 15972 7ff7a0fef1f8 15968->15972 15969 7ff7a0ff9f78 __free_lconv_num 11 API calls 15969->15971 15970->15972 15973 7ff7a0ffd878 15971->15973 15972->15969 15974 7ff7a0ffd895 15973->15974 15975 7ff7a0ffd8c8 15973->15975 15976 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 15974->15976 15975->15974 15978 7ff7a0ffd8fa 15975->15978 15985 7ff7a0ff30b5 15976->15985 15977 7ff7a0ffda0d 15979 7ff7a0ffdaff 15977->15979 15981 7ff7a0ffdac5 15977->15981 15983 7ff7a0ffda94 15977->15983 15984 7ff7a0ffda57 15977->15984 15987 7ff7a0ffda4d 15977->15987 15978->15977 15990 7ff7a0ffd942 15978->15990 16028 7ff7a0ffcd64 15979->16028 16021 7ff7a0ffd0fc 15981->16021 16014 7ff7a0ffd3dc 15983->16014 16004 7ff7a0ffd60c 15984->16004 15985->15922 15985->15924 15987->15981 15989 7ff7a0ffda52 15987->15989 15989->15983 15989->15984 15990->15985 15995 7ff7a0ff930c 15990->15995 15993 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 15994 7ff7a0ffdb5c 15993->15994 15996 7ff7a0ff9323 15995->15996 15997 7ff7a0ff9319 15995->15997 15998 7ff7a0ff6088 _get_daylight 11 API calls 15996->15998 15997->15996 16002 7ff7a0ff933e 15997->16002 15999 7ff7a0ff932a 15998->15999 16000 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 15999->16000 16001 7ff7a0ff9336 16000->16001 16001->15985 16001->15993 16002->16001 16003 7ff7a0ff6088 _get_daylight 11 API calls 16002->16003 16003->15999 16005 7ff7a100324c 38 API calls 16004->16005 16006 7ff7a0ffd659 16005->16006 16007 7ff7a1002c94 37 API calls 16006->16007 16008 7ff7a0ffd6b4 16007->16008 16009 7ff7a0ffd709 16008->16009 16011 7ff7a0ffd6d4 16008->16011 16013 7ff7a0ffd6b8 16008->16013 16010 7ff7a0ffd1f8 45 API calls 16009->16010 16010->16013 16012 7ff7a0ffd4b4 45 API calls 16011->16012 16012->16013 16013->15985 16015 7ff7a100324c 38 API calls 16014->16015 16016 7ff7a0ffd426 16015->16016 16017 7ff7a1002c94 37 API calls 16016->16017 16018 7ff7a0ffd476 16017->16018 16019 7ff7a0ffd47a 16018->16019 16020 7ff7a0ffd4b4 45 API calls 16018->16020 16019->15985 16020->16019 16022 7ff7a100324c 38 API calls 16021->16022 16023 7ff7a0ffd147 16022->16023 16024 7ff7a1002c94 37 API calls 16023->16024 16025 7ff7a0ffd19f 16024->16025 16026 7ff7a0ffd1a3 16025->16026 16027 7ff7a0ffd1f8 45 API calls 16025->16027 16026->15985 16027->16026 16029 7ff7a0ffcddc 16028->16029 16030 7ff7a0ffcda9 16028->16030 16032 7ff7a0ffcdf4 16029->16032 16034 7ff7a0ffce75 16029->16034 16031 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16030->16031 16036 7ff7a0ffcdd5 memcpy_s 16031->16036 16033 7ff7a0ffd0fc 46 API calls 16032->16033 16033->16036 16035 7ff7a0ff3830 45 API calls 16034->16035 16034->16036 16035->16036 16036->15985 16039 7ff7a0fff15c WideCharToMultiByte 16037->16039 16041 7ff7a0fef353 16040->16041 16042 7ff7a0fef341 16040->16042 16044 7ff7a0fef39d 16041->16044 16046 7ff7a0fef360 16041->16046 16043 7ff7a0ff6088 _get_daylight 11 API calls 16042->16043 16045 7ff7a0fef346 16043->16045 16049 7ff7a0fef446 16044->16049 16050 7ff7a0ff6088 _get_daylight 11 API calls 16044->16050 16047 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 16045->16047 16048 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16046->16048 16054 7ff7a0fef351 16047->16054 16048->16054 16051 7ff7a0ff6088 _get_daylight 11 API calls 16049->16051 16049->16054 16052 7ff7a0fef43b 16050->16052 16053 7ff7a0fef4f0 16051->16053 16055 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 16052->16055 16056 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 16053->16056 16054->15847 16055->16049 16056->16054 16058 7ff7a0ffccd9 16057->16058 16060 7ff7a0ff386f 16057->16060 16058->16060 16065 7ff7a10024a4 16058->16065 16061 7ff7a0ffcd2c 16060->16061 16062 7ff7a0ffcd45 16061->16062 16063 7ff7a0ff387f 16061->16063 16062->16063 16100 7ff7a1001810 16062->16100 16063->15847 16077 7ff7a0ffa780 GetLastError 16065->16077 16068 7ff7a10024fe 16068->16060 16078 7ff7a0ffa7a4 FlsGetValue 16077->16078 16079 7ff7a0ffa7c1 FlsSetValue 16077->16079 16080 7ff7a0ffa7b1 16078->16080 16081 7ff7a0ffa7bb 16078->16081 16079->16080 16082 7ff7a0ffa7d3 16079->16082 16083 7ff7a0ffa82d SetLastError 16080->16083 16081->16079 16084 7ff7a0ffdeb8 _get_daylight 11 API calls 16082->16084 16085 7ff7a0ffa84d 16083->16085 16086 7ff7a0ffa83a 16083->16086 16087 7ff7a0ffa7e2 16084->16087 16088 7ff7a0ff936c _CallSETranslator 38 API calls 16085->16088 16086->16068 16099 7ff7a0fff808 EnterCriticalSection 16086->16099 16089 7ff7a0ffa800 FlsSetValue 16087->16089 16090 7ff7a0ffa7f0 FlsSetValue 16087->16090 16093 7ff7a0ffa852 16088->16093 16091 7ff7a0ffa81e 16089->16091 16092 7ff7a0ffa80c FlsSetValue 16089->16092 16094 7ff7a0ffa7f9 16090->16094 16095 7ff7a0ffa524 _get_daylight 11 API calls 16091->16095 16092->16094 16096 7ff7a0ff9f78 __free_lconv_num 11 API calls 16094->16096 16097 7ff7a0ffa826 16095->16097 16096->16080 16098 7ff7a0ff9f78 __free_lconv_num 11 API calls 16097->16098 16098->16083 16101 7ff7a0ffa780 _CallSETranslator 45 API calls 16100->16101 16102 7ff7a1001819 16101->16102 16105 7ff7a0ff3b86 16103->16105 16104 7ff7a0ff3bbe 16106 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16104->16106 16105->16104 16107 7ff7a0ff3bf1 16105->16107 16109 7ff7a0ff3be7 16106->16109 16110 7ff7a0fef140 16107->16110 16109->15836 16117 7ff7a0ff438c EnterCriticalSection 16110->16117 16125 7ff7a0ff438c EnterCriticalSection 16118->16125 16127 7ff7a0fe1d00 86 API calls 16126->16127 16128 7ff7a0fe1c37 16127->16128 16131 7ff7a0ff44e0 16128->16131 16132 7ff7a0ff450b 16131->16132 16135 7ff7a0ff43a4 16132->16135 16148 7ff7a0ff6d50 EnterCriticalSection 16135->16148 16150 7ff7a0fe2cdc GetModuleFileNameW 16149->16150 16150->15475 16150->15476 16152 7ff7a0fe6ee4 WideCharToMultiByte 16151->16152 16153 7ff7a0fe6f52 WideCharToMultiByte 16151->16153 16156 7ff7a0fe6f25 16152->16156 16157 7ff7a0fe6f0e 16152->16157 16154 7ff7a0fe2d35 16153->16154 16155 7ff7a0fe6f7f 16153->16155 16154->15479 16154->15481 16159 7ff7a0fe1cb0 86 API calls 16155->16159 16156->16153 16160 7ff7a0fe6f3b 16156->16160 16158 7ff7a0fe1cb0 86 API calls 16157->16158 16158->16154 16159->16154 16161 7ff7a0fe1cb0 86 API calls 16160->16161 16161->16154 16163 7ff7a0fe5b6e 16162->16163 16164 7ff7a0ff9283 16162->16164 16163->15500 16164->16163 16165 7ff7a0ff930c __std_exception_copy 37 API calls 16164->16165 16166 7ff7a0ff92b0 16165->16166 16166->16163 16167 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 16166->16167 16168 7ff7a0ff92e0 16167->16168 16170 7ff7a0fe17d4 16169->16170 16171 7ff7a0fe17e4 16169->16171 16172 7ff7a0fe2de0 120 API calls 16170->16172 16173 7ff7a0fe6360 83 API calls 16171->16173 16202 7ff7a0fe1842 16171->16202 16172->16171 16174 7ff7a0fe1815 16173->16174 16174->16202 16203 7ff7a0feec94 16174->16203 16176 7ff7a0fea100 _wfindfirst32i64 8 API calls 16178 7ff7a0fe19c0 16176->16178 16177 7ff7a0fe182b 16179 7ff7a0fe182f 16177->16179 16180 7ff7a0fe184c 16177->16180 16178->15515 16178->15516 16181 7ff7a0fe1c10 86 API calls 16179->16181 16207 7ff7a0fee95c 16180->16207 16181->16202 16184 7ff7a0fe1867 16186 7ff7a0fe1c10 86 API calls 16184->16186 16185 7ff7a0feec94 73 API calls 16187 7ff7a0fe18d1 16185->16187 16186->16202 16188 7ff7a0fe18e3 16187->16188 16189 7ff7a0fe18fe 16187->16189 16191 7ff7a0fe1c10 86 API calls 16188->16191 16190 7ff7a0fee95c _fread_nolock 53 API calls 16189->16190 16192 7ff7a0fe1913 16190->16192 16191->16202 16192->16184 16193 7ff7a0fe1925 16192->16193 16210 7ff7a0fee6d0 16193->16210 16196 7ff7a0fe193d 16197 7ff7a0fe1c50 86 API calls 16196->16197 16197->16202 16198 7ff7a0fe1993 16199 7ff7a0fee60c 74 API calls 16198->16199 16198->16202 16199->16202 16200 7ff7a0fe1950 16200->16198 16201 7ff7a0fe1c50 86 API calls 16200->16201 16201->16198 16202->16176 16204 7ff7a0feecc4 16203->16204 16216 7ff7a0feea24 16204->16216 16206 7ff7a0feecdd 16206->16177 16228 7ff7a0fee97c 16207->16228 16211 7ff7a0fee6d9 16210->16211 16215 7ff7a0fe1939 16210->16215 16212 7ff7a0ff6088 _get_daylight 11 API calls 16211->16212 16213 7ff7a0fee6de 16212->16213 16214 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 16213->16214 16214->16215 16215->16196 16215->16200 16217 7ff7a0feea8e 16216->16217 16218 7ff7a0feea4e 16216->16218 16217->16218 16220 7ff7a0feea9a 16217->16220 16219 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16218->16219 16226 7ff7a0feea75 16219->16226 16227 7ff7a0ff438c EnterCriticalSection 16220->16227 16226->16206 16229 7ff7a0fee9a6 16228->16229 16240 7ff7a0fe1861 16228->16240 16230 7ff7a0fee9b5 memcpy_s 16229->16230 16231 7ff7a0fee9f2 16229->16231 16229->16240 16234 7ff7a0ff6088 _get_daylight 11 API calls 16230->16234 16241 7ff7a0ff438c EnterCriticalSection 16231->16241 16236 7ff7a0fee9ca 16234->16236 16238 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 16236->16238 16238->16240 16240->16184 16240->16185 16335 7ff7a0fe5880 16242->16335 16244 7ff7a0fe1454 16245 7ff7a0fe1459 16244->16245 16344 7ff7a0fe5ba0 16244->16344 16245->15544 16248 7ff7a0fe14a7 16251 7ff7a0fe14e0 16248->16251 16253 7ff7a0fe2de0 120 API calls 16248->16253 16249 7ff7a0fe1487 16250 7ff7a0fe1c10 86 API calls 16249->16250 16252 7ff7a0fe149d 16250->16252 16254 7ff7a0feec94 73 API calls 16251->16254 16252->15544 16256 7ff7a0fe14bf 16253->16256 16255 7ff7a0fe14f2 16254->16255 16257 7ff7a0fe1516 16255->16257 16258 7ff7a0fe14f6 16255->16258 16256->16251 16259 7ff7a0fe14c7 16256->16259 16261 7ff7a0fe1534 16257->16261 16262 7ff7a0fe151c 16257->16262 16260 7ff7a0fe1c10 86 API calls 16258->16260 16263 7ff7a0fe1c50 86 API calls 16259->16263 16275 7ff7a0fe14d6 __std_exception_copy 16260->16275 16266 7ff7a0fe1556 16261->16266 16267 7ff7a0fe1575 16261->16267 16369 7ff7a0fe1050 16262->16369 16263->16275 16265 7ff7a0fe1624 16269 7ff7a0fee60c 74 API calls 16265->16269 16270 7ff7a0fe1c10 86 API calls 16266->16270 16271 7ff7a0fee95c _fread_nolock 53 API calls 16267->16271 16272 7ff7a0fe15d5 16267->16272 16267->16275 16387 7ff7a0fef09c 16267->16387 16268 7ff7a0fee60c 74 API calls 16268->16265 16269->16252 16270->16275 16271->16267 16274 7ff7a0fe1c10 86 API calls 16272->16274 16274->16275 16275->16265 16275->16268 16277 7ff7a0fe1dd6 16276->16277 16278 7ff7a0fe1b30 49 API calls 16277->16278 16280 7ff7a0fe1e0b 16278->16280 16279 7ff7a0fe2211 16280->16279 16281 7ff7a0fe2c50 49 API calls 16280->16281 16282 7ff7a0fe1e7f 16281->16282 16943 7ff7a0fe2230 16282->16943 16285 7ff7a0fe1ec1 16287 7ff7a0fe5880 127 API calls 16285->16287 16286 7ff7a0fe1efa 16288 7ff7a0fe2230 75 API calls 16286->16288 16289 7ff7a0fe1ec9 16287->16289 16290 7ff7a0fe1f4c 16288->16290 16291 7ff7a0fe1eea 16289->16291 16951 7ff7a0fe5760 16289->16951 16292 7ff7a0fe1fb6 16290->16292 16293 7ff7a0fe1f50 16290->16293 16294 7ff7a0fe1c50 86 API calls 16291->16294 16298 7ff7a0fe1ef3 16291->16298 16296 7ff7a0fe2230 75 API calls 16292->16296 16297 7ff7a0fe5880 127 API calls 16293->16297 16294->16298 16299 7ff7a0fe1fe2 16296->16299 16300 7ff7a0fe1f58 16297->16300 16304 7ff7a0fea100 _wfindfirst32i64 8 API calls 16298->16304 16301 7ff7a0fe2042 16299->16301 16305 7ff7a0fe2230 75 API calls 16299->16305 16300->16291 16302 7ff7a0fe5760 138 API calls 16300->16302 16301->16279 16303 7ff7a0fe5880 127 API calls 16301->16303 16306 7ff7a0fe1f75 16302->16306 16311 7ff7a0fe2052 16303->16311 16307 7ff7a0fe1fab 16304->16307 16308 7ff7a0fe2012 16305->16308 16306->16291 16309 7ff7a0fe21f6 16306->16309 16307->15544 16308->16301 16310 7ff7a0fe2230 75 API calls 16308->16310 16310->16301 16311->16279 16332 7ff7a0fe17a1 16331->16332 16333 7ff7a0fe1795 16331->16333 16332->15544 16334 7ff7a0fe1c50 86 API calls 16333->16334 16334->16332 16336 7ff7a0fe58c8 16335->16336 16337 7ff7a0fe5892 16335->16337 16336->16244 16391 7ff7a0fe16d0 16337->16391 16345 7ff7a0fe5bb0 16344->16345 16346 7ff7a0fe1b30 49 API calls 16345->16346 16347 7ff7a0fe5be1 16346->16347 16348 7ff7a0fe1b30 49 API calls 16347->16348 16359 7ff7a0fe5dab 16347->16359 16351 7ff7a0fe5c08 16348->16351 16349 7ff7a0fea100 _wfindfirst32i64 8 API calls 16350 7ff7a0fe147f 16349->16350 16350->16248 16350->16249 16351->16359 16906 7ff7a0ff5158 16351->16906 16353 7ff7a0fe5d19 16354 7ff7a0fe6db0 88 API calls 16353->16354 16355 7ff7a0fe5d31 16354->16355 16356 7ff7a0fe5dda 16355->16356 16358 7ff7a0fe5af0 92 API calls 16355->16358 16362 7ff7a0fe5d62 __std_exception_copy 16355->16362 16357 7ff7a0fe2de0 120 API calls 16356->16357 16357->16359 16358->16362 16359->16349 16360 7ff7a0fe5d9f 16361 7ff7a0fe5dce 16362->16360 16362->16361 16365 7ff7a0ff5158 49 API calls 16366 7ff7a0fe5c3d 16365->16366 16366->16353 16366->16359 16366->16365 16367 7ff7a0fe6db0 88 API calls 16366->16367 16368 7ff7a0fe6a60 58 API calls 16366->16368 16367->16366 16368->16366 16370 7ff7a0fe10a6 16369->16370 16371 7ff7a0fe10d3 16370->16371 16372 7ff7a0fe10ad 16370->16372 16375 7ff7a0fe10ed 16371->16375 16376 7ff7a0fe1109 16371->16376 16373 7ff7a0fe1c50 86 API calls 16372->16373 16374 7ff7a0fe10c0 16373->16374 16374->16275 16377 7ff7a0fe1c10 86 API calls 16375->16377 16378 7ff7a0fe111b 16376->16378 16386 7ff7a0fe1137 memcpy_s 16376->16386 16382 7ff7a0fe1104 __std_exception_copy 16377->16382 16380 7ff7a0fee95c _fread_nolock 53 API calls 16380->16386 16381 7ff7a0fee6d0 37 API calls 16381->16386 16382->16275 16383 7ff7a0fe11fe 16385 7ff7a0fef09c 76 API calls 16385->16386 16386->16380 16386->16381 16386->16382 16386->16383 16386->16385 16388 7ff7a0fef0cc 16387->16388 16928 7ff7a0feedec 16388->16928 16393 7ff7a0fe16f5 16391->16393 16392 7ff7a0fe1738 16395 7ff7a0fe58e0 16392->16395 16393->16392 16394 7ff7a0fe1c50 86 API calls 16393->16394 16394->16392 16396 7ff7a0fe58f8 16395->16396 16397 7ff7a0fe596b 16396->16397 16398 7ff7a0fe5918 16396->16398 16399 7ff7a0fe5970 GetTempPathW GetCurrentProcessId 16397->16399 16400 7ff7a0fe5af0 92 API calls 16398->16400 16434 7ff7a0fe6610 16399->16434 16402 7ff7a0fe5924 16400->16402 16458 7ff7a0fe55e0 16402->16458 16407 7ff7a0fea100 _wfindfirst32i64 8 API calls 16411 7ff7a0fe5a46 16413 7ff7a0fe6ec0 88 API calls 16411->16413 16414 7ff7a0fe599e __std_exception_copy 16414->16411 16416 7ff7a0fe59d1 16414->16416 16438 7ff7a0ff74d0 16414->16438 16441 7ff7a0fe6a60 16414->16441 16419 7ff7a0fe6db0 88 API calls 16416->16419 16433 7ff7a0fe5a0a __std_exception_copy 16416->16433 16433->16407 16435 7ff7a0fe6635 16434->16435 16492 7ff7a0ff3ed4 16435->16492 16664 7ff7a0ff70fc 16438->16664 16442 7ff7a0fea130 16441->16442 16459 7ff7a0fe55ec 16458->16459 16460 7ff7a0fe6db0 88 API calls 16459->16460 16461 7ff7a0fe560e 16460->16461 16462 7ff7a0fe5616 16461->16462 16463 7ff7a0fe5629 ExpandEnvironmentStringsW 16461->16463 16465 7ff7a0fe1c50 86 API calls 16462->16465 16464 7ff7a0fe564f __std_exception_copy 16463->16464 16466 7ff7a0fe5653 16464->16466 16467 7ff7a0fe5666 16464->16467 16471 7ff7a0fe5622 16465->16471 16468 7ff7a0fe1c50 86 API calls 16466->16468 16472 7ff7a0fe5674 16467->16472 16473 7ff7a0fe5680 16467->16473 16468->16471 16469 7ff7a0fea100 _wfindfirst32i64 8 API calls 16470 7ff7a0fe5748 16469->16470 16470->16433 16482 7ff7a0ff6818 16470->16482 16471->16469 16799 7ff7a0ff60a8 16472->16799 16806 7ff7a0ff53b8 16473->16806 16476 7ff7a0fe567e 16483 7ff7a0ff6825 16482->16483 16484 7ff7a0ff6838 16482->16484 16496 7ff7a0ff3f2e 16492->16496 16493 7ff7a0ff3f53 16494 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16493->16494 16498 7ff7a0ff3f7d 16494->16498 16495 7ff7a0ff3f8f 16510 7ff7a0ff1a44 16495->16510 16496->16493 16496->16495 16500 7ff7a0fea100 _wfindfirst32i64 8 API calls 16498->16500 16499 7ff7a0ff403c 16505 7ff7a0ff4070 16499->16505 16509 7ff7a0ff4045 16499->16509 16503 7ff7a0fe6654 16500->16503 16501 7ff7a0ff9f78 __free_lconv_num 11 API calls 16501->16498 16503->16414 16504 7ff7a0ff4096 16504->16505 16506 7ff7a0ff40a0 16504->16506 16505->16501 16508 7ff7a0ff9f78 __free_lconv_num 11 API calls 16506->16508 16507 7ff7a0ff9f78 __free_lconv_num 11 API calls 16507->16498 16508->16498 16509->16507 16511 7ff7a0ff1a82 16510->16511 16512 7ff7a0ff1a72 16510->16512 16513 7ff7a0ff1a8b 16511->16513 16518 7ff7a0ff1ab9 16511->16518 16514 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16512->16514 16515 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16513->16515 16516 7ff7a0ff1ab1 16514->16516 16515->16516 16516->16499 16516->16504 16516->16505 16516->16509 16518->16512 16518->16516 16521 7ff7a0ff2a18 16518->16521 16554 7ff7a0ff202c 16518->16554 16591 7ff7a0ff129c 16518->16591 16522 7ff7a0ff2acb 16521->16522 16523 7ff7a0ff2a5a 16521->16523 16524 7ff7a0ff2b24 16522->16524 16525 7ff7a0ff2ad0 16522->16525 16526 7ff7a0ff2af5 16523->16526 16527 7ff7a0ff2a60 16523->16527 16533 7ff7a0ff2b2e 16524->16533 16534 7ff7a0ff2b3b 16524->16534 16539 7ff7a0ff2b33 16524->16539 16528 7ff7a0ff2b05 16525->16528 16529 7ff7a0ff2ad2 16525->16529 16610 7ff7a0ff0354 16526->16610 16530 7ff7a0ff2a65 16527->16530 16531 7ff7a0ff2a94 16527->16531 16617 7ff7a0feff44 16528->16617 16532 7ff7a0ff2a74 16529->16532 16542 7ff7a0ff2ae1 16529->16542 16530->16534 16531->16539 16533->16526 16533->16539 16542->16526 16555 7ff7a0ff2050 16554->16555 16556 7ff7a0ff203a 16554->16556 16557 7ff7a0ff2090 16555->16557 16560 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16555->16560 16556->16557 16558 7ff7a0ff2acb 16556->16558 16559 7ff7a0ff2a5a 16556->16559 16557->16518 16561 7ff7a0ff2b24 16558->16561 16562 7ff7a0ff2ad0 16558->16562 16563 7ff7a0ff2af5 16559->16563 16564 7ff7a0ff2a60 16559->16564 16560->16557 16647 7ff7a0fef5c8 16591->16647 16648 7ff7a0fef60f 16647->16648 16649 7ff7a0fef5fd 16647->16649 16652 7ff7a0fef61d 16648->16652 16656 7ff7a0fef659 16648->16656 16650 7ff7a0ff6088 _get_daylight 11 API calls 16649->16650 16651 7ff7a0fef602 16650->16651 16654 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 16652->16654 16655 7ff7a0fef9d5 16656->16655 16657 7ff7a0ff6088 _get_daylight 11 API calls 16656->16657 16800 7ff7a0ff60c6 16799->16800 16803 7ff7a0ff60f9 16799->16803 16801 7ff7a0fff9a4 _wfindfirst32i64 37 API calls 16800->16801 16800->16803 16803->16476 16807 7ff7a0ff53d4 16806->16807 16808 7ff7a0ff5442 16806->16808 16807->16808 16810 7ff7a0ff53d9 16807->16810 16843 7ff7a0fff110 16808->16843 16907 7ff7a0ffa780 _CallSETranslator 45 API calls 16906->16907 16908 7ff7a0ff516d 16907->16908 16909 7ff7a0ffef17 16908->16909 16912 7ff7a0ffee36 16908->16912 16915 7ff7a0fea294 16909->16915 16913 7ff7a0fea100 _wfindfirst32i64 8 API calls 16912->16913 16914 7ff7a0ffef0f 16913->16914 16914->16366 16918 7ff7a0fea2a8 IsProcessorFeaturePresent 16915->16918 16919 7ff7a0fea2bf 16918->16919 16924 7ff7a0fea344 RtlCaptureContext RtlLookupFunctionEntry 16919->16924 16925 7ff7a0fea2d3 16924->16925 16926 7ff7a0fea374 RtlVirtualUnwind 16924->16926 16927 7ff7a0fea180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16925->16927 16926->16925 16929 7ff7a0feee39 16928->16929 16930 7ff7a0feee0c 16928->16930 16930->16929 16944 7ff7a0fe2264 16943->16944 16945 7ff7a0ff3c80 49 API calls 16944->16945 16946 7ff7a0fe228a 16945->16946 16947 7ff7a0fe229b 16946->16947 16975 7ff7a0ff4e70 16946->16975 16949 7ff7a0fea100 _wfindfirst32i64 8 API calls 16947->16949 16950 7ff7a0fe1ebd 16949->16950 16950->16285 16950->16286 16952 7ff7a0fe576e 16951->16952 16953 7ff7a0fe2de0 120 API calls 16952->16953 16954 7ff7a0fe5795 16953->16954 16955 7ff7a0fe5ba0 138 API calls 16954->16955 16956 7ff7a0fe57a3 16955->16956 16976 7ff7a0ff4e8d 16975->16976 16977 7ff7a0ff4e99 16975->16977 16992 7ff7a0ff46e8 16976->16992 17017 7ff7a0ff4a84 16977->17017 16984 7ff7a0ff4ed1 17028 7ff7a0ff456c 16984->17028 16985 7ff7a0ff4f41 16987 7ff7a0ff46e8 69 API calls 16985->16987 16986 7ff7a0ff4f2d 16988 7ff7a0ff4e92 16986->16988 16990 7ff7a0ff9f78 __free_lconv_num 11 API calls 16986->16990 16989 7ff7a0ff4f4d 16987->16989 16988->16947 16989->16988 16991 7ff7a0ff9f78 __free_lconv_num 11 API calls 16989->16991 16990->16988 16991->16988 16993 7ff7a0ff4702 16992->16993 16994 7ff7a0ff471f 16992->16994 16996 7ff7a0ff6068 _fread_nolock 11 API calls 16993->16996 16994->16993 16995 7ff7a0ff4732 CreateFileW 16994->16995 16997 7ff7a0ff4766 16995->16997 16998 7ff7a0ff479c 16995->16998 16999 7ff7a0ff4707 16996->16999 17050 7ff7a0ff483c GetFileType 16997->17050 17076 7ff7a0ff4d60 16998->17076 17002 7ff7a0ff6088 _get_daylight 11 API calls 16999->17002 17003 7ff7a0ff470f 17002->17003 17006 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 17003->17006 17012 7ff7a0ff471a 17006->17012 17009 7ff7a0ff47a5 17010 7ff7a0ff47d0 17012->16988 17018 7ff7a0ff4aa3 17017->17018 17019 7ff7a0ff4aa8 17017->17019 17018->16984 17025 7ff7a0ffe144 17018->17025 17019->17018 17020 7ff7a0ffa780 _CallSETranslator 45 API calls 17019->17020 17021 7ff7a0ff4ac3 17020->17021 17138 7ff7a0ffcc8c 17021->17138 17146 7ff7a0ffdf30 17025->17146 17029 7ff7a0ff4596 17028->17029 17030 7ff7a0ff45ba 17028->17030 17034 7ff7a0ff9f78 __free_lconv_num 11 API calls 17029->17034 17036 7ff7a0ff45a5 17029->17036 17031 7ff7a0ff4614 17030->17031 17032 7ff7a0ff45bf 17030->17032 17156 7ff7a0ffe870 17031->17156 17035 7ff7a0ff45d4 17032->17035 17032->17036 17037 7ff7a0ff9f78 __free_lconv_num 11 API calls 17032->17037 17034->17036 17038 7ff7a0ffcc2c _fread_nolock 12 API calls 17035->17038 17036->16985 17036->16986 17037->17035 17038->17036 17051 7ff7a0ff488a 17050->17051 17052 7ff7a0ff4947 17050->17052 17053 7ff7a0ff48b6 GetFileInformationByHandle 17051->17053 17056 7ff7a0ff4c5c 21 API calls 17051->17056 17054 7ff7a0ff4971 17052->17054 17055 7ff7a0ff494f 17052->17055 17057 7ff7a0ff4962 GetLastError 17053->17057 17058 7ff7a0ff48df 17053->17058 17060 7ff7a0ff4994 PeekNamedPipe 17054->17060 17075 7ff7a0ff4932 17054->17075 17055->17057 17059 7ff7a0ff4953 17055->17059 17061 7ff7a0ff48a4 17056->17061 17064 7ff7a0ff5ffc _fread_nolock 11 API calls 17057->17064 17062 7ff7a0ff4b20 51 API calls 17058->17062 17063 7ff7a0ff6088 _get_daylight 11 API calls 17059->17063 17060->17075 17061->17053 17061->17075 17066 7ff7a0ff48ea 17062->17066 17063->17075 17064->17075 17065 7ff7a0fea100 _wfindfirst32i64 8 API calls 17067 7ff7a0ff4774 17065->17067 17075->17065 17077 7ff7a0ff4d96 17076->17077 17078 7ff7a0ff4e2e __std_exception_copy 17077->17078 17079 7ff7a0ff6088 _get_daylight 11 API calls 17077->17079 17080 7ff7a0fea100 _wfindfirst32i64 8 API calls 17078->17080 17081 7ff7a0ff4da8 17079->17081 17082 7ff7a0ff47a1 17080->17082 17083 7ff7a0ff6088 _get_daylight 11 API calls 17081->17083 17082->17009 17082->17010 17084 7ff7a0ff4db0 17083->17084 17139 7ff7a0ffcca1 17138->17139 17140 7ff7a0ff4ae6 17138->17140 17139->17140 17141 7ff7a10024a4 45 API calls 17139->17141 17142 7ff7a0ffccf8 17140->17142 17141->17140 17143 7ff7a0ffcd20 17142->17143 17144 7ff7a0ffcd0d 17142->17144 17143->17018 17144->17143 17145 7ff7a1001810 45 API calls 17144->17145 17145->17143 17147 7ff7a0ffdf8d 17146->17147 17154 7ff7a0ffdf88 __vcrt_FlsAlloc 17146->17154 17147->16984 17148 7ff7a0ffdfbd LoadLibraryExW 17150 7ff7a0ffe092 17148->17150 17151 7ff7a0ffdfe2 GetLastError 17148->17151 17149 7ff7a0ffe0b2 GetProcAddress 17149->17147 17152 7ff7a0ffe0c3 17149->17152 17150->17149 17153 7ff7a0ffe0a9 FreeLibrary 17150->17153 17151->17154 17152->17147 17153->17149 17154->17147 17154->17148 17154->17149 17155 7ff7a0ffe01c LoadLibraryExW 17154->17155 17155->17150 17155->17154 17158 7ff7a0ffe879 MultiByteToWideChar 17156->17158 17186 7ff7a0ff92ed 17185->17186 17187 7ff7a0fe61da 17185->17187 17188 7ff7a0ff6088 _get_daylight 11 API calls 17186->17188 17191 7ff7a0ff705c 17187->17191 17189 7ff7a0ff92f2 17188->17189 17192 7ff7a0ff7065 17191->17192 17193 7ff7a0ff707a 17191->17193 17242 7ff7a0ff546c 17241->17242 17243 7ff7a0ff5492 17242->17243 17246 7ff7a0ff54c5 17242->17246 17244 7ff7a0ff6088 _get_daylight 11 API calls 17243->17244 17245 7ff7a0ff5497 17244->17245 17247 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 17245->17247 17248 7ff7a0ff54cb 17246->17248 17249 7ff7a0ff54d8 17246->17249 17250 7ff7a0fe2e39 17247->17250 17251 7ff7a0ff6088 _get_daylight 11 API calls 17248->17251 17260 7ff7a0ffa258 17249->17260 17250->15613 17251->17250 17273 7ff7a0fff808 EnterCriticalSection 17260->17273 17621 7ff7a0ff7acc 17620->17621 17624 7ff7a0ff75a8 17621->17624 17623 7ff7a0ff7ae5 17623->15623 17625 7ff7a0ff75c3 17624->17625 17626 7ff7a0ff75f2 17624->17626 17627 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 17625->17627 17634 7ff7a0ff438c EnterCriticalSection 17626->17634 17630 7ff7a0ff75e3 17627->17630 17630->17623 17636 7ff7a0fee403 17635->17636 17637 7ff7a0fee431 17635->17637 17639 7ff7a0ff9e44 _invalid_parameter_noinfo 37 API calls 17636->17639 17638 7ff7a0fee423 17637->17638 17645 7ff7a0ff438c EnterCriticalSection 17637->17645 17638->15627 17639->17638 17647 7ff7a0fe12c6 17646->17647 17648 7ff7a0fe12f8 17646->17648 17650 7ff7a0fe2de0 120 API calls 17647->17650 17649 7ff7a0feec94 73 API calls 17648->17649 17652 7ff7a0fe130a 17649->17652 17651 7ff7a0fe12d6 17650->17651 17651->17648 17653 7ff7a0fe12de 17651->17653 17654 7ff7a0fe132f 17652->17654 17655 7ff7a0fe130e 17652->17655 17656 7ff7a0fe1c50 86 API calls 17653->17656 17660 7ff7a0fe1364 17654->17660 17661 7ff7a0fe1344 17654->17661 17657 7ff7a0fe1c10 86 API calls 17655->17657 17658 7ff7a0fe12ee 17656->17658 17659 7ff7a0fe1325 17657->17659 17658->15638 17659->15638 17662 7ff7a0fe137e 17660->17662 17669 7ff7a0fe1395 17660->17669 17663 7ff7a0fe1c10 86 API calls 17661->17663 17664 7ff7a0fe1050 94 API calls 17662->17664 17668 7ff7a0fe135f __std_exception_copy 17663->17668 17664->17668 17665 7ff7a0fe1421 17665->15638 17666 7ff7a0fee95c _fread_nolock 53 API calls 17666->17669 17667 7ff7a0fee60c 74 API calls 17667->17665 17668->17665 17668->17667 17669->17666 17669->17668 17670 7ff7a0fe13de 17669->17670 17671 7ff7a0fe1c10 86 API calls 17670->17671 17671->17668 17673 7ff7a0fe1b30 49 API calls 17672->17673 17674 7ff7a0fe2e90 17673->17674 17674->15640 17676 7ff7a0fe16aa 17675->17676 17677 7ff7a0fe1666 17675->17677 17676->15643 17677->17676 17678 7ff7a0fe1c50 86 API calls 17677->17678 17679 7ff7a0fe16be 17678->17679 17679->15643 17681 7ff7a0fe6db0 88 API calls 17680->17681 17682 7ff7a0fe6327 LoadLibraryExW 17681->17682 17683 7ff7a0fe6344 __std_exception_copy 17682->17683 17683->15664 17685 7ff7a0fe3ad0 17684->17685 17686 7ff7a0fe1b30 49 API calls 17685->17686 17687 7ff7a0fe3b02 17686->17687 17688 7ff7a0fe3b2b 17687->17688 17689 7ff7a0fe3b0b 17687->17689 17691 7ff7a0fe3b82 17688->17691 17694 7ff7a0fe2e60 49 API calls 17688->17694 17690 7ff7a0fe1c50 86 API calls 17689->17690 17693 7ff7a0fe3b21 17690->17693 17692 7ff7a0fe2e60 49 API calls 17691->17692 17695 7ff7a0fe3b9b 17692->17695 17699 7ff7a0fea100 _wfindfirst32i64 8 API calls 17693->17699 17696 7ff7a0fe3b4c 17694->17696 17697 7ff7a0fe3bb9 17695->17697 17700 7ff7a0fe1c50 86 API calls 17695->17700 17698 7ff7a0fe3b6a 17696->17698 17702 7ff7a0fe1c50 86 API calls 17696->17702 17701 7ff7a0fe6310 89 API calls 17697->17701 17755 7ff7a0fe2d70 17698->17755 17704 7ff7a0fe22de 17699->17704 17700->17697 17705 7ff7a0fe3bc6 17701->17705 17702->17698 17704->15743 17712 7ff7a0fe3e40 17704->17712 17707 7ff7a0fe3bcb 17705->17707 17708 7ff7a0fe3bed 17705->17708 17709 7ff7a0fe1cb0 86 API calls 17707->17709 17761 7ff7a0fe2f20 GetProcAddress 17708->17761 17709->17693 17711 7ff7a0fe6310 89 API calls 17711->17691 17713 7ff7a0fe5af0 92 API calls 17712->17713 17715 7ff7a0fe3e55 17713->17715 17714 7ff7a0fe3e70 17716 7ff7a0fe6db0 88 API calls 17714->17716 17715->17714 17717 7ff7a0fe1c50 86 API calls 17715->17717 17718 7ff7a0fe3eb4 17716->17718 17717->17714 17719 7ff7a0fe3ed0 17718->17719 17720 7ff7a0fe3eb9 17718->17720 17723 7ff7a0fe6db0 88 API calls 17719->17723 17721 7ff7a0fe1c50 86 API calls 17720->17721 17722 7ff7a0fe3ec5 17721->17722 17722->15745 17725 7ff7a0fe3f05 17723->17725 17724 7ff7a0fe1c50 86 API calls 17726 7ff7a0fe40b1 17724->17726 17727 7ff7a0fe1b30 49 API calls 17725->17727 17738 7ff7a0fe3f0a __std_exception_copy 17725->17738 17726->15745 17728 7ff7a0fe3f87 17727->17728 17729 7ff7a0fe3fb3 17728->17729 17730 7ff7a0fe3f8e 17728->17730 17731 7ff7a0fe6db0 88 API calls 17729->17731 17732 7ff7a0fe1c50 86 API calls 17730->17732 17738->17724 17739 7ff7a0fe409a 17738->17739 17739->15745 17741 7ff7a0fe3857 17740->17741 17741->17741 17742 7ff7a0fe3880 17741->17742 17746 7ff7a0fe3897 __std_exception_copy 17741->17746 17756 7ff7a0fe2d7a 17755->17756 17757 7ff7a0fe6db0 88 API calls 17756->17757 17758 7ff7a0fe2da2 17757->17758 17759 7ff7a0fea100 _wfindfirst32i64 8 API calls 17758->17759 17760 7ff7a0fe2dca 17759->17760 17760->17691 17760->17711 17762 7ff7a0fe2f6b GetProcAddress 17761->17762 17767 7ff7a0fe2f48 17761->17767 17763 7ff7a0fe2f90 GetProcAddress 17762->17763 17762->17767 17765 7ff7a0fe2fb5 GetProcAddress 17763->17765 17763->17767 17764 7ff7a0fe1cb0 86 API calls 17766 7ff7a0fe2f5b 17764->17766 17765->17767 17768 7ff7a0fe2fdd GetProcAddress 17765->17768 17766->17693 17767->17764 17768->17767 17769 7ff7a0fe3005 GetProcAddress 17768->17769 17769->17767 17770 7ff7a0fe302d GetProcAddress 17769->17770 17771 7ff7a0fe3055 GetProcAddress 17770->17771 17772 7ff7a0fe3049 17770->17772 17773 7ff7a0fe3071 17771->17773 17774 7ff7a0fe307d GetProcAddress 17771->17774 17772->17771 17773->17774 17775 7ff7a0fe3099 17774->17775 17981 7ff7a0ffa780 _CallSETranslator 45 API calls 17980->17981 17982 7ff7a0ff9241 17981->17982 17985 7ff7a0ff936c 17982->17985 17994 7ff7a10027f0 17985->17994 18020 7ff7a10027a8 17994->18020 18025 7ff7a0fff808 EnterCriticalSection 18020->18025 18029 7ff7a0ff8919 18030 7ff7a0ff9238 45 API calls 18029->18030 18031 7ff7a0ff891e 18030->18031 18032 7ff7a0ff8945 GetModuleHandleW 18031->18032 18033 7ff7a0ff898f 18031->18033 18032->18033 18039 7ff7a0ff8952 18032->18039 18041 7ff7a0ff881c 18033->18041 18039->18033 18055 7ff7a0ff8a40 GetModuleHandleExW 18039->18055 18061 7ff7a0fff808 EnterCriticalSection 18041->18061 18056 7ff7a0ff8a74 GetProcAddress 18055->18056 18057 7ff7a0ff8a9d 18055->18057 18060 7ff7a0ff8a86 18056->18060 18058 7ff7a0ff8aa2 FreeLibrary 18057->18058 18059 7ff7a0ff8aa9 18057->18059 18058->18059 18059->18033 18060->18057 19073 7ff7a0ff8bb0 19076 7ff7a0ff8b30 19073->19076 19083 7ff7a0fff808 EnterCriticalSection 19076->19083 18818 7ff7a0fea430 18819 7ff7a0fea440 18818->18819 18835 7ff7a0ff580c 18819->18835 18821 7ff7a0fea44c 18841 7ff7a0fea748 18821->18841 18823 7ff7a0feaa2c 7 API calls 18824 7ff7a0fea4e5 18823->18824 18825 7ff7a0fea464 _RTC_Initialize 18833 7ff7a0fea4b9 18825->18833 18846 7ff7a0fea8f8 18825->18846 18827 7ff7a0fea479 18849 7ff7a0ff7fd0 18827->18849 18833->18823 18834 7ff7a0fea4d5 18833->18834 18836 7ff7a0ff581d 18835->18836 18837 7ff7a0ff5825 18836->18837 18838 7ff7a0ff6088 _get_daylight 11 API calls 18836->18838 18837->18821 18839 7ff7a0ff5834 18838->18839 18840 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18839->18840 18840->18837 18842 7ff7a0fea75e __scrt_release_startup_lock 18841->18842 18843 7ff7a0fea759 18841->18843 18842->18825 18843->18842 18844 7ff7a0feaa2c 7 API calls 18843->18844 18845 7ff7a0fea7d2 18844->18845 18874 7ff7a0fea8bc 18846->18874 18848 7ff7a0fea901 18848->18827 18850 7ff7a0fea485 18849->18850 18851 7ff7a0ff7ff0 18849->18851 18850->18833 18873 7ff7a0fea9cc InitializeSListHead 18850->18873 18852 7ff7a0ff800e GetModuleFileNameW 18851->18852 18853 7ff7a0ff7ff8 18851->18853 18857 7ff7a0ff8039 18852->18857 18854 7ff7a0ff6088 _get_daylight 11 API calls 18853->18854 18855 7ff7a0ff7ffd 18854->18855 18856 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18855->18856 18856->18850 18858 7ff7a0ff7f70 11 API calls 18857->18858 18859 7ff7a0ff8079 18858->18859 18860 7ff7a0ff8081 18859->18860 18864 7ff7a0ff8099 18859->18864 18861 7ff7a0ff6088 _get_daylight 11 API calls 18860->18861 18862 7ff7a0ff8086 18861->18862 18863 7ff7a0ff9f78 __free_lconv_num 11 API calls 18862->18863 18863->18850 18865 7ff7a0ff80bb 18864->18865 18867 7ff7a0ff8100 18864->18867 18868 7ff7a0ff80e7 18864->18868 18866 7ff7a0ff9f78 __free_lconv_num 11 API calls 18865->18866 18866->18850 18870 7ff7a0ff9f78 __free_lconv_num 11 API calls 18867->18870 18869 7ff7a0ff9f78 __free_lconv_num 11 API calls 18868->18869 18871 7ff7a0ff80f0 18869->18871 18870->18865 18872 7ff7a0ff9f78 __free_lconv_num 11 API calls 18871->18872 18872->18850 18875 7ff7a0fea8d6 18874->18875 18877 7ff7a0fea8cf 18874->18877 18878 7ff7a0ff904c 18875->18878 18877->18848 18881 7ff7a0ff8c88 18878->18881 18888 7ff7a0fff808 EnterCriticalSection 18881->18888 18889 7ff7a0ff4330 18890 7ff7a0ff433b 18889->18890 18898 7ff7a0ffe4c4 18890->18898 18911 7ff7a0fff808 EnterCriticalSection 18898->18911 15092 7ff7a0ffe95c 15093 7ff7a0ffeb4e 15092->15093 15095 7ff7a0ffe99e _isindst 15092->15095 15094 7ff7a0ff6088 _get_daylight 11 API calls 15093->15094 15112 7ff7a0ffeb3e 15094->15112 15095->15093 15098 7ff7a0ffea1e _isindst 15095->15098 15113 7ff7a1005434 15098->15113 15103 7ff7a0ffeb7a 15153 7ff7a0ff9f30 IsProcessorFeaturePresent 15103->15153 15110 7ff7a0ffea7b 15110->15112 15137 7ff7a1005478 15110->15137 15144 7ff7a0fea100 15112->15144 15114 7ff7a1005443 15113->15114 15117 7ff7a0ffea3c 15113->15117 15157 7ff7a0fff808 EnterCriticalSection 15114->15157 15119 7ff7a1004838 15117->15119 15120 7ff7a1004841 15119->15120 15121 7ff7a0ffea51 15119->15121 15122 7ff7a0ff6088 _get_daylight 11 API calls 15120->15122 15121->15103 15125 7ff7a1004868 15121->15125 15123 7ff7a1004846 15122->15123 15158 7ff7a0ff9f10 15123->15158 15126 7ff7a1004871 15125->15126 15127 7ff7a0ffea62 15125->15127 15128 7ff7a0ff6088 _get_daylight 11 API calls 15126->15128 15127->15103 15131 7ff7a1004898 15127->15131 15129 7ff7a1004876 15128->15129 15130 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 15129->15130 15130->15127 15132 7ff7a10048a1 15131->15132 15136 7ff7a0ffea73 15131->15136 15133 7ff7a0ff6088 _get_daylight 11 API calls 15132->15133 15134 7ff7a10048a6 15133->15134 15135 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 15134->15135 15135->15136 15136->15103 15136->15110 15198 7ff7a0fff808 EnterCriticalSection 15137->15198 15145 7ff7a0fea109 15144->15145 15146 7ff7a0fea1c0 IsProcessorFeaturePresent 15145->15146 15147 7ff7a0fea114 15145->15147 15148 7ff7a0fea1d8 15146->15148 15199 7ff7a0fea3b4 RtlCaptureContext 15148->15199 15154 7ff7a0ff9f43 15153->15154 15204 7ff7a0ff9c44 15154->15204 15160 7ff7a0ff9da8 15158->15160 15161 7ff7a0ff9dd3 15160->15161 15164 7ff7a0ff9e44 15161->15164 15163 7ff7a0ff9dfa 15172 7ff7a0ff9b8c 15164->15172 15169 7ff7a0ff9e7f 15169->15163 15170 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 15171 7ff7a0ff9f0f 15170->15171 15173 7ff7a0ff9be3 15172->15173 15174 7ff7a0ff9ba8 GetLastError 15172->15174 15173->15169 15178 7ff7a0ff9bf8 15173->15178 15175 7ff7a0ff9bb8 15174->15175 15181 7ff7a0ffa9c0 15175->15181 15179 7ff7a0ff9c14 GetLastError SetLastError 15178->15179 15180 7ff7a0ff9c2c 15178->15180 15179->15180 15180->15169 15180->15170 15182 7ff7a0ffa9df FlsGetValue 15181->15182 15183 7ff7a0ffa9fa FlsSetValue 15181->15183 15184 7ff7a0ffa9f4 15182->15184 15195 7ff7a0ff9bd3 SetLastError 15182->15195 15185 7ff7a0ffaa07 15183->15185 15183->15195 15184->15183 15186 7ff7a0ffdeb8 _get_daylight 11 API calls 15185->15186 15187 7ff7a0ffaa16 15186->15187 15188 7ff7a0ffaa34 FlsSetValue 15187->15188 15189 7ff7a0ffaa24 FlsSetValue 15187->15189 15191 7ff7a0ffaa52 15188->15191 15192 7ff7a0ffaa40 FlsSetValue 15188->15192 15190 7ff7a0ffaa2d 15189->15190 15193 7ff7a0ff9f78 __free_lconv_num 11 API calls 15190->15193 15194 7ff7a0ffa524 _get_daylight 11 API calls 15191->15194 15192->15190 15193->15195 15196 7ff7a0ffaa5a 15194->15196 15195->15173 15197 7ff7a0ff9f78 __free_lconv_num 11 API calls 15196->15197 15197->15195 15200 7ff7a0fea3ce RtlLookupFunctionEntry 15199->15200 15201 7ff7a0fea3e4 RtlVirtualUnwind 15200->15201 15202 7ff7a0fea1eb 15200->15202 15201->15200 15201->15202 15203 7ff7a0fea180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15202->15203 15205 7ff7a0ff9c7e _wfindfirst32i64 memcpy_s 15204->15205 15206 7ff7a0ff9ca6 RtlCaptureContext RtlLookupFunctionEntry 15205->15206 15207 7ff7a0ff9d16 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15206->15207 15208 7ff7a0ff9ce0 RtlVirtualUnwind 15206->15208 15209 7ff7a0ff9d68 _wfindfirst32i64 15207->15209 15208->15207 15210 7ff7a0fea100 _wfindfirst32i64 8 API calls 15209->15210 15211 7ff7a0ff9d87 GetCurrentProcess TerminateProcess 15210->15211 18965 7ff7a1000870 18976 7ff7a10067e4 18965->18976 18978 7ff7a10067f1 18976->18978 18977 7ff7a0ff9f78 __free_lconv_num 11 API calls 18977->18978 18978->18977 18979 7ff7a100680d 18978->18979 18980 7ff7a0ff9f78 __free_lconv_num 11 API calls 18979->18980 18981 7ff7a1000879 18979->18981 18980->18979 18982 7ff7a0fff808 EnterCriticalSection 18981->18982 15019 7ff7a0fe96f0 15020 7ff7a0fe971e 15019->15020 15021 7ff7a0fe9705 15019->15021 15021->15020 15024 7ff7a0ffcc2c 15021->15024 15025 7ff7a0ffcc77 15024->15025 15029 7ff7a0ffcc3b _get_daylight 15024->15029 15034 7ff7a0ff6088 15025->15034 15026 7ff7a0ffcc5e HeapAlloc 15028 7ff7a0fe977c 15026->15028 15026->15029 15029->15025 15029->15026 15031 7ff7a1002730 15029->15031 15037 7ff7a1002770 15031->15037 15043 7ff7a0ffa8f8 GetLastError 15034->15043 15036 7ff7a0ff6091 15036->15028 15042 7ff7a0fff808 EnterCriticalSection 15037->15042 15044 7ff7a0ffa939 FlsSetValue 15043->15044 15048 7ff7a0ffa91c 15043->15048 15045 7ff7a0ffa94b 15044->15045 15049 7ff7a0ffa929 SetLastError 15044->15049 15060 7ff7a0ffdeb8 15045->15060 15048->15044 15048->15049 15049->15036 15051 7ff7a0ffa978 FlsSetValue 15053 7ff7a0ffa996 15051->15053 15054 7ff7a0ffa984 FlsSetValue 15051->15054 15052 7ff7a0ffa968 FlsSetValue 15055 7ff7a0ffa971 15052->15055 15073 7ff7a0ffa524 15053->15073 15054->15055 15067 7ff7a0ff9f78 15055->15067 15066 7ff7a0ffdec9 _get_daylight 15060->15066 15061 7ff7a0ffdf1a 15063 7ff7a0ff6088 _get_daylight 10 API calls 15061->15063 15062 7ff7a0ffdefe HeapAlloc 15064 7ff7a0ffa95a 15062->15064 15062->15066 15063->15064 15064->15051 15064->15052 15065 7ff7a1002730 _get_daylight 2 API calls 15065->15066 15066->15061 15066->15062 15066->15065 15068 7ff7a0ff9f7d RtlFreeHeap 15067->15068 15069 7ff7a0ff9fac 15067->15069 15068->15069 15070 7ff7a0ff9f98 GetLastError 15068->15070 15069->15049 15071 7ff7a0ff9fa5 __free_lconv_num 15070->15071 15072 7ff7a0ff6088 _get_daylight 9 API calls 15071->15072 15072->15069 15078 7ff7a0ffa3fc 15073->15078 15090 7ff7a0fff808 EnterCriticalSection 15078->15090 19454 7ff7a0ffa600 19455 7ff7a0ffa605 19454->19455 19456 7ff7a0ffa61a 19454->19456 19460 7ff7a0ffa620 19455->19460 19461 7ff7a0ffa662 19460->19461 19462 7ff7a0ffa66a 19460->19462 19463 7ff7a0ff9f78 __free_lconv_num 11 API calls 19461->19463 19464 7ff7a0ff9f78 __free_lconv_num 11 API calls 19462->19464 19463->19462 19465 7ff7a0ffa677 19464->19465 19466 7ff7a0ff9f78 __free_lconv_num 11 API calls 19465->19466 19467 7ff7a0ffa684 19466->19467 19468 7ff7a0ff9f78 __free_lconv_num 11 API calls 19467->19468 19469 7ff7a0ffa691 19468->19469 19470 7ff7a0ff9f78 __free_lconv_num 11 API calls 19469->19470 19471 7ff7a0ffa69e 19470->19471 19472 7ff7a0ff9f78 __free_lconv_num 11 API calls 19471->19472 19473 7ff7a0ffa6ab 19472->19473 19474 7ff7a0ff9f78 __free_lconv_num 11 API calls 19473->19474 19475 7ff7a0ffa6b8 19474->19475 19476 7ff7a0ff9f78 __free_lconv_num 11 API calls 19475->19476 19477 7ff7a0ffa6c5 19476->19477 19478 7ff7a0ff9f78 __free_lconv_num 11 API calls 19477->19478 19479 7ff7a0ffa6d5 19478->19479 19480 7ff7a0ff9f78 __free_lconv_num 11 API calls 19479->19480 19481 7ff7a0ffa6e5 19480->19481 19486 7ff7a0ffa4c4 19481->19486 19500 7ff7a0fff808 EnterCriticalSection 19486->19500 19000 7ff7a1009792 19001 7ff7a10097ab 19000->19001 19002 7ff7a10097a1 19000->19002 19004 7ff7a0fff868 LeaveCriticalSection 19002->19004 18637 7ff7a0ff6878 18638 7ff7a0ff68a6 18637->18638 18639 7ff7a0ff68df 18637->18639 18641 7ff7a0ff6088 _get_daylight 11 API calls 18638->18641 18639->18638 18640 7ff7a0ff68e4 FindFirstFileExW 18639->18640 18642 7ff7a0ff6906 GetLastError 18640->18642 18643 7ff7a0ff694d 18640->18643 18644 7ff7a0ff68ab 18641->18644 18646 7ff7a0ff6911 18642->18646 18647 7ff7a0ff693d 18642->18647 18697 7ff7a0ff6ae8 18643->18697 18648 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18644->18648 18646->18647 18653 7ff7a0ff692d 18646->18653 18654 7ff7a0ff691b 18646->18654 18651 7ff7a0ff6088 _get_daylight 11 API calls 18647->18651 18650 7ff7a0ff68b6 18648->18650 18658 7ff7a0fea100 _wfindfirst32i64 8 API calls 18650->18658 18651->18650 18652 7ff7a0ff6ae8 _wfindfirst32i64 10 API calls 18655 7ff7a0ff6973 18652->18655 18657 7ff7a0ff6088 _get_daylight 11 API calls 18653->18657 18654->18647 18656 7ff7a0ff6920 18654->18656 18660 7ff7a0ff6ae8 _wfindfirst32i64 10 API calls 18655->18660 18661 7ff7a0ff6088 _get_daylight 11 API calls 18656->18661 18657->18650 18659 7ff7a0ff68ca 18658->18659 18662 7ff7a0ff6981 18660->18662 18661->18650 18663 7ff7a0fff9a4 _wfindfirst32i64 37 API calls 18662->18663 18664 7ff7a0ff699f 18663->18664 18664->18650 18665 7ff7a0ff69ab 18664->18665 18666 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18665->18666 18668 7ff7a0ff69bf 18666->18668 18667 7ff7a0ff69e9 18669 7ff7a0ff6088 _get_daylight 11 API calls 18667->18669 18668->18667 18670 7ff7a0ff6a28 FindNextFileW 18668->18670 18671 7ff7a0ff69ee 18669->18671 18673 7ff7a0ff6a37 GetLastError 18670->18673 18674 7ff7a0ff6a78 18670->18674 18672 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18671->18672 18675 7ff7a0ff69f9 18672->18675 18677 7ff7a0ff6a42 18673->18677 18678 7ff7a0ff6a6b 18673->18678 18676 7ff7a0ff6ae8 _wfindfirst32i64 10 API calls 18674->18676 18681 7ff7a0fea100 _wfindfirst32i64 8 API calls 18675->18681 18680 7ff7a0ff6a90 18676->18680 18677->18678 18683 7ff7a0ff6a5e 18677->18683 18684 7ff7a0ff6a4c 18677->18684 18679 7ff7a0ff6088 _get_daylight 11 API calls 18678->18679 18679->18675 18682 7ff7a0ff6ae8 _wfindfirst32i64 10 API calls 18680->18682 18686 7ff7a0ff6a0c 18681->18686 18687 7ff7a0ff6a9e 18682->18687 18685 7ff7a0ff6088 _get_daylight 11 API calls 18683->18685 18684->18678 18688 7ff7a0ff6a51 18684->18688 18685->18675 18689 7ff7a0ff6ae8 _wfindfirst32i64 10 API calls 18687->18689 18690 7ff7a0ff6088 _get_daylight 11 API calls 18688->18690 18691 7ff7a0ff6aac 18689->18691 18690->18675 18692 7ff7a0fff9a4 _wfindfirst32i64 37 API calls 18691->18692 18693 7ff7a0ff6aca 18692->18693 18693->18675 18694 7ff7a0ff6ad2 18693->18694 18695 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18694->18695 18696 7ff7a0ff6ae6 18695->18696 18698 7ff7a0ff6b06 FileTimeToSystemTime 18697->18698 18699 7ff7a0ff6b00 18697->18699 18700 7ff7a0ff6b2b 18698->18700 18701 7ff7a0ff6b15 SystemTimeToTzSpecificLocalTime 18698->18701 18699->18698 18699->18700 18702 7ff7a0fea100 _wfindfirst32i64 8 API calls 18700->18702 18701->18700 18703 7ff7a0ff6965 18702->18703 18703->18652 19005 7ff7a1009577 19006 7ff7a1009587 19005->19006 19009 7ff7a0ff4398 LeaveCriticalSection 19006->19009 19582 7ff7a10096fd 19585 7ff7a0ff4398 LeaveCriticalSection 19582->19585 18072 7ff7a0fffa88 18073 7ff7a0fffaac 18072->18073 18076 7ff7a0fffabc 18072->18076 18074 7ff7a0ff6088 _get_daylight 11 API calls 18073->18074 18075 7ff7a0fffab1 18074->18075 18077 7ff7a0fffd9c 18076->18077 18079 7ff7a0fffade 18076->18079 18078 7ff7a0ff6088 _get_daylight 11 API calls 18077->18078 18081 7ff7a0fffda1 18078->18081 18080 7ff7a0fffaff 18079->18080 18218 7ff7a1000144 18079->18218 18084 7ff7a0fffb71 18080->18084 18086 7ff7a0fffb25 18080->18086 18090 7ff7a0fffb65 18080->18090 18083 7ff7a0ff9f78 __free_lconv_num 11 API calls 18081->18083 18083->18075 18088 7ff7a0ffdeb8 _get_daylight 11 API calls 18084->18088 18103 7ff7a0fffb34 18084->18103 18085 7ff7a0fffc1e 18097 7ff7a0fffc3b 18085->18097 18104 7ff7a0fffc8d 18085->18104 18233 7ff7a0ff867c 18086->18233 18091 7ff7a0fffb87 18088->18091 18090->18085 18090->18103 18239 7ff7a100652c 18090->18239 18094 7ff7a0ff9f78 __free_lconv_num 11 API calls 18091->18094 18093 7ff7a0ff9f78 __free_lconv_num 11 API calls 18093->18075 18098 7ff7a0fffb95 18094->18098 18095 7ff7a0fffb2f 18099 7ff7a0ff6088 _get_daylight 11 API calls 18095->18099 18096 7ff7a0fffb4d 18096->18090 18102 7ff7a1000144 45 API calls 18096->18102 18100 7ff7a0ff9f78 __free_lconv_num 11 API calls 18097->18100 18098->18090 18098->18103 18107 7ff7a0ffdeb8 _get_daylight 11 API calls 18098->18107 18099->18103 18101 7ff7a0fffc44 18100->18101 18117 7ff7a0fffc49 18101->18117 18275 7ff7a100257c 18101->18275 18102->18090 18103->18093 18104->18103 18105 7ff7a100257c 40 API calls 18104->18105 18106 7ff7a0fffcca 18105->18106 18108 7ff7a0ff9f78 __free_lconv_num 11 API calls 18106->18108 18110 7ff7a0fffbb7 18107->18110 18111 7ff7a0fffcd4 18108->18111 18114 7ff7a0ff9f78 __free_lconv_num 11 API calls 18110->18114 18111->18103 18111->18117 18112 7ff7a0fffd90 18116 7ff7a0ff9f78 __free_lconv_num 11 API calls 18112->18116 18113 7ff7a0fffc75 18115 7ff7a0ff9f78 __free_lconv_num 11 API calls 18113->18115 18114->18090 18115->18117 18116->18075 18117->18112 18118 7ff7a0ffdeb8 _get_daylight 11 API calls 18117->18118 18119 7ff7a0fffd18 18118->18119 18120 7ff7a0fffd20 18119->18120 18121 7ff7a0fffd29 18119->18121 18122 7ff7a0ff9f78 __free_lconv_num 11 API calls 18120->18122 18123 7ff7a0ff930c __std_exception_copy 37 API calls 18121->18123 18125 7ff7a0fffd27 18122->18125 18124 7ff7a0fffd38 18123->18124 18126 7ff7a0fffd40 18124->18126 18127 7ff7a0fffdcb 18124->18127 18130 7ff7a0ff9f78 __free_lconv_num 11 API calls 18125->18130 18284 7ff7a1006644 18126->18284 18129 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18127->18129 18132 7ff7a0fffddf 18129->18132 18130->18075 18135 7ff7a0fffe08 18132->18135 18140 7ff7a0fffe18 18132->18140 18133 7ff7a0fffd88 18138 7ff7a0ff9f78 __free_lconv_num 11 API calls 18133->18138 18134 7ff7a0fffd67 18136 7ff7a0ff6088 _get_daylight 11 API calls 18134->18136 18137 7ff7a0ff6088 _get_daylight 11 API calls 18135->18137 18139 7ff7a0fffd6c 18136->18139 18162 7ff7a0fffe0d 18137->18162 18138->18112 18142 7ff7a0ff9f78 __free_lconv_num 11 API calls 18139->18142 18141 7ff7a10000fb 18140->18141 18143 7ff7a0fffe3a 18140->18143 18144 7ff7a0ff6088 _get_daylight 11 API calls 18141->18144 18142->18125 18145 7ff7a0fffe57 18143->18145 18203 7ff7a100022c 18143->18203 18146 7ff7a1000100 18144->18146 18149 7ff7a0fffecb 18145->18149 18151 7ff7a0fffe7f 18145->18151 18156 7ff7a0fffebf 18145->18156 18148 7ff7a0ff9f78 __free_lconv_num 11 API calls 18146->18148 18148->18162 18153 7ff7a0fffef3 18149->18153 18157 7ff7a0ffdeb8 _get_daylight 11 API calls 18149->18157 18173 7ff7a0fffe8e 18149->18173 18150 7ff7a0ffff7e 18161 7ff7a0ffff9b 18150->18161 18170 7ff7a0ffffee 18150->18170 18303 7ff7a0ff86b8 18151->18303 18153->18156 18159 7ff7a0ffdeb8 _get_daylight 11 API calls 18153->18159 18153->18173 18155 7ff7a0ff9f78 __free_lconv_num 11 API calls 18155->18162 18156->18150 18156->18173 18309 7ff7a10063ec 18156->18309 18163 7ff7a0fffee5 18157->18163 18160 7ff7a0ffff15 18159->18160 18166 7ff7a0ff9f78 __free_lconv_num 11 API calls 18160->18166 18167 7ff7a0ff9f78 __free_lconv_num 11 API calls 18161->18167 18168 7ff7a0ff9f78 __free_lconv_num 11 API calls 18163->18168 18164 7ff7a0fffe89 18169 7ff7a0ff6088 _get_daylight 11 API calls 18164->18169 18165 7ff7a0fffea7 18165->18156 18172 7ff7a100022c 45 API calls 18165->18172 18166->18156 18171 7ff7a0ffffa4 18167->18171 18168->18153 18169->18173 18170->18173 18174 7ff7a100257c 40 API calls 18170->18174 18177 7ff7a100257c 40 API calls 18171->18177 18180 7ff7a0ffffaa 18171->18180 18172->18156 18173->18155 18175 7ff7a100002c 18174->18175 18176 7ff7a0ff9f78 __free_lconv_num 11 API calls 18175->18176 18178 7ff7a1000036 18176->18178 18181 7ff7a0ffffd6 18177->18181 18178->18173 18178->18180 18179 7ff7a10000ef 18183 7ff7a0ff9f78 __free_lconv_num 11 API calls 18179->18183 18180->18179 18184 7ff7a0ffdeb8 _get_daylight 11 API calls 18180->18184 18182 7ff7a0ff9f78 __free_lconv_num 11 API calls 18181->18182 18182->18180 18183->18162 18185 7ff7a100007b 18184->18185 18186 7ff7a1000083 18185->18186 18187 7ff7a100008c 18185->18187 18189 7ff7a0ff9f78 __free_lconv_num 11 API calls 18186->18189 18188 7ff7a0fff9a4 _wfindfirst32i64 37 API calls 18187->18188 18190 7ff7a100009a 18188->18190 18191 7ff7a100008a 18189->18191 18192 7ff7a10000a2 SetEnvironmentVariableW 18190->18192 18193 7ff7a100012f 18190->18193 18197 7ff7a0ff9f78 __free_lconv_num 11 API calls 18191->18197 18194 7ff7a10000c6 18192->18194 18195 7ff7a10000e7 18192->18195 18196 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18193->18196 18198 7ff7a0ff6088 _get_daylight 11 API calls 18194->18198 18200 7ff7a0ff9f78 __free_lconv_num 11 API calls 18195->18200 18199 7ff7a1000143 18196->18199 18197->18162 18201 7ff7a10000cb 18198->18201 18200->18179 18202 7ff7a0ff9f78 __free_lconv_num 11 API calls 18201->18202 18202->18191 18204 7ff7a100026c 18203->18204 18210 7ff7a100024f 18203->18210 18205 7ff7a0ffdeb8 _get_daylight 11 API calls 18204->18205 18213 7ff7a1000290 18205->18213 18206 7ff7a0ff936c _CallSETranslator 45 API calls 18208 7ff7a100031a 18206->18208 18207 7ff7a10002f1 18209 7ff7a0ff9f78 __free_lconv_num 11 API calls 18207->18209 18209->18210 18210->18145 18211 7ff7a0ffdeb8 _get_daylight 11 API calls 18211->18213 18212 7ff7a0ff9f78 __free_lconv_num 11 API calls 18212->18213 18213->18207 18213->18211 18213->18212 18214 7ff7a0fff9a4 _wfindfirst32i64 37 API calls 18213->18214 18215 7ff7a1000300 18213->18215 18217 7ff7a1000314 18213->18217 18214->18213 18216 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18215->18216 18216->18217 18217->18206 18219 7ff7a1000161 18218->18219 18220 7ff7a1000179 18218->18220 18219->18080 18221 7ff7a0ffdeb8 _get_daylight 11 API calls 18220->18221 18227 7ff7a100019d 18221->18227 18222 7ff7a10001fe 18224 7ff7a0ff9f78 __free_lconv_num 11 API calls 18222->18224 18223 7ff7a0ff936c _CallSETranslator 45 API calls 18225 7ff7a1000228 18223->18225 18224->18219 18226 7ff7a0ffdeb8 _get_daylight 11 API calls 18226->18227 18227->18222 18227->18226 18228 7ff7a0ff9f78 __free_lconv_num 11 API calls 18227->18228 18229 7ff7a0ff930c __std_exception_copy 37 API calls 18227->18229 18230 7ff7a100020d 18227->18230 18232 7ff7a1000222 18227->18232 18228->18227 18229->18227 18231 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18230->18231 18231->18232 18232->18223 18234 7ff7a0ff868c 18233->18234 18237 7ff7a0ff8695 18233->18237 18234->18237 18333 7ff7a0ff8154 18234->18333 18237->18095 18237->18096 18240 7ff7a10056dc 18239->18240 18241 7ff7a1006539 18239->18241 18242 7ff7a100571f 18240->18242 18246 7ff7a10056e9 18240->18246 18243 7ff7a0ff4a84 45 API calls 18241->18243 18245 7ff7a1005749 18242->18245 18254 7ff7a100576e 18242->18254 18248 7ff7a100656d 18243->18248 18244 7ff7a0ff6088 _get_daylight 11 API calls 18249 7ff7a10056f3 18244->18249 18250 7ff7a0ff6088 _get_daylight 11 API calls 18245->18250 18246->18244 18263 7ff7a1005690 18246->18263 18247 7ff7a1006572 18247->18090 18248->18247 18251 7ff7a1006583 18248->18251 18255 7ff7a100659a 18248->18255 18252 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18249->18252 18253 7ff7a100574e 18250->18253 18256 7ff7a0ff6088 _get_daylight 11 API calls 18251->18256 18257 7ff7a10056fe 18252->18257 18258 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18253->18258 18262 7ff7a0ff4a84 45 API calls 18254->18262 18268 7ff7a1005759 18254->18268 18260 7ff7a10065b6 18255->18260 18261 7ff7a10065a4 18255->18261 18259 7ff7a1006588 18256->18259 18257->18090 18258->18268 18266 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18259->18266 18264 7ff7a10065de 18260->18264 18265 7ff7a10065c7 18260->18265 18267 7ff7a0ff6088 _get_daylight 11 API calls 18261->18267 18262->18268 18263->18090 18574 7ff7a1008408 18264->18574 18565 7ff7a100572c 18265->18565 18266->18247 18271 7ff7a10065a9 18267->18271 18268->18090 18273 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18271->18273 18273->18247 18274 7ff7a0ff6088 _get_daylight 11 API calls 18274->18247 18276 7ff7a100259e 18275->18276 18277 7ff7a10025bb 18275->18277 18276->18277 18278 7ff7a10025ac 18276->18278 18279 7ff7a10025c5 18277->18279 18614 7ff7a1007038 18277->18614 18280 7ff7a0ff6088 _get_daylight 11 API calls 18278->18280 18621 7ff7a0fffa0c 18279->18621 18283 7ff7a10025b1 memcpy_s 18280->18283 18283->18113 18285 7ff7a0ff4a84 45 API calls 18284->18285 18286 7ff7a10066aa 18285->18286 18287 7ff7a0ffe144 5 API calls 18286->18287 18288 7ff7a10066b8 18286->18288 18287->18288 18289 7ff7a0ff456c 14 API calls 18288->18289 18290 7ff7a1006714 18289->18290 18291 7ff7a10067a4 18290->18291 18292 7ff7a0ff4a84 45 API calls 18290->18292 18294 7ff7a10067b5 18291->18294 18295 7ff7a0ff9f78 __free_lconv_num 11 API calls 18291->18295 18293 7ff7a1006727 18292->18293 18297 7ff7a0ffe144 5 API calls 18293->18297 18300 7ff7a1006730 18293->18300 18296 7ff7a0fffd63 18294->18296 18298 7ff7a0ff9f78 __free_lconv_num 11 API calls 18294->18298 18295->18294 18296->18133 18296->18134 18297->18300 18298->18296 18299 7ff7a0ff456c 14 API calls 18301 7ff7a100678b 18299->18301 18300->18299 18301->18291 18302 7ff7a1006793 SetEnvironmentVariableW 18301->18302 18302->18291 18304 7ff7a0ff86c8 18303->18304 18308 7ff7a0ff86d1 18303->18308 18305 7ff7a0ff81c8 40 API calls 18304->18305 18304->18308 18306 7ff7a0ff86da 18305->18306 18307 7ff7a0ff8588 12 API calls 18306->18307 18306->18308 18307->18308 18308->18164 18308->18165 18310 7ff7a10063f9 18309->18310 18314 7ff7a1006426 18309->18314 18311 7ff7a10063fe 18310->18311 18310->18314 18312 7ff7a0ff6088 _get_daylight 11 API calls 18311->18312 18313 7ff7a1006403 18312->18313 18317 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18313->18317 18315 7ff7a100646a 18314->18315 18318 7ff7a1006489 18314->18318 18330 7ff7a100645e __crtLCMapStringW 18314->18330 18316 7ff7a0ff6088 _get_daylight 11 API calls 18315->18316 18319 7ff7a100646f 18316->18319 18320 7ff7a100640e 18317->18320 18321 7ff7a10064a5 18318->18321 18322 7ff7a1006493 18318->18322 18323 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18319->18323 18320->18156 18325 7ff7a0ff4a84 45 API calls 18321->18325 18324 7ff7a0ff6088 _get_daylight 11 API calls 18322->18324 18323->18330 18326 7ff7a1006498 18324->18326 18327 7ff7a10064b2 18325->18327 18328 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18326->18328 18327->18330 18633 7ff7a1007fc4 18327->18633 18328->18330 18330->18156 18332 7ff7a0ff6088 _get_daylight 11 API calls 18332->18330 18334 7ff7a0ff816d 18333->18334 18343 7ff7a0ff8169 18333->18343 18356 7ff7a10017b0 18334->18356 18339 7ff7a0ff817f 18341 7ff7a0ff9f78 __free_lconv_num 11 API calls 18339->18341 18340 7ff7a0ff818b 18382 7ff7a0ff8238 18340->18382 18341->18343 18343->18237 18348 7ff7a0ff84a8 18343->18348 18345 7ff7a0ff9f78 __free_lconv_num 11 API calls 18346 7ff7a0ff81b2 18345->18346 18347 7ff7a0ff9f78 __free_lconv_num 11 API calls 18346->18347 18347->18343 18349 7ff7a0ff84d1 18348->18349 18354 7ff7a0ff84ea 18348->18354 18349->18237 18350 7ff7a0ffdeb8 _get_daylight 11 API calls 18350->18354 18351 7ff7a0ff857a 18353 7ff7a0ff9f78 __free_lconv_num 11 API calls 18351->18353 18352 7ff7a0fff138 WideCharToMultiByte 18352->18354 18353->18349 18354->18349 18354->18350 18354->18351 18354->18352 18355 7ff7a0ff9f78 __free_lconv_num 11 API calls 18354->18355 18355->18354 18357 7ff7a10017bd 18356->18357 18361 7ff7a0ff8172 18356->18361 18401 7ff7a0ffa854 18357->18401 18362 7ff7a1001aec GetEnvironmentStringsW 18361->18362 18363 7ff7a1001b1c 18362->18363 18364 7ff7a0ff8177 18362->18364 18365 7ff7a0fff138 WideCharToMultiByte 18363->18365 18364->18339 18364->18340 18366 7ff7a1001b6d 18365->18366 18367 7ff7a1001b74 FreeEnvironmentStringsW 18366->18367 18368 7ff7a0ffcc2c _fread_nolock 12 API calls 18366->18368 18367->18364 18369 7ff7a1001b87 18368->18369 18370 7ff7a1001b8f 18369->18370 18371 7ff7a1001b98 18369->18371 18372 7ff7a0ff9f78 __free_lconv_num 11 API calls 18370->18372 18373 7ff7a0fff138 WideCharToMultiByte 18371->18373 18374 7ff7a1001b96 18372->18374 18375 7ff7a1001bbb 18373->18375 18374->18367 18376 7ff7a1001bbf 18375->18376 18377 7ff7a1001bc9 18375->18377 18378 7ff7a0ff9f78 __free_lconv_num 11 API calls 18376->18378 18379 7ff7a0ff9f78 __free_lconv_num 11 API calls 18377->18379 18380 7ff7a1001bc7 FreeEnvironmentStringsW 18378->18380 18379->18380 18380->18364 18383 7ff7a0ff825d 18382->18383 18384 7ff7a0ffdeb8 _get_daylight 11 API calls 18383->18384 18396 7ff7a0ff8293 18384->18396 18385 7ff7a0ff829b 18386 7ff7a0ff9f78 __free_lconv_num 11 API calls 18385->18386 18387 7ff7a0ff8193 18386->18387 18387->18345 18388 7ff7a0ff830e 18389 7ff7a0ff9f78 __free_lconv_num 11 API calls 18388->18389 18389->18387 18390 7ff7a0ffdeb8 _get_daylight 11 API calls 18390->18396 18391 7ff7a0ff82fd 18393 7ff7a0ff8464 11 API calls 18391->18393 18392 7ff7a0ff930c __std_exception_copy 37 API calls 18392->18396 18394 7ff7a0ff8305 18393->18394 18397 7ff7a0ff9f78 __free_lconv_num 11 API calls 18394->18397 18395 7ff7a0ff8333 18398 7ff7a0ff9f30 _wfindfirst32i64 17 API calls 18395->18398 18396->18385 18396->18388 18396->18390 18396->18391 18396->18392 18396->18395 18399 7ff7a0ff9f78 __free_lconv_num 11 API calls 18396->18399 18397->18385 18400 7ff7a0ff8346 18398->18400 18399->18396 18402 7ff7a0ffa865 FlsGetValue 18401->18402 18403 7ff7a0ffa880 FlsSetValue 18401->18403 18404 7ff7a0ffa872 18402->18404 18405 7ff7a0ffa87a 18402->18405 18403->18404 18406 7ff7a0ffa88d 18403->18406 18407 7ff7a0ffa878 18404->18407 18408 7ff7a0ff936c _CallSETranslator 45 API calls 18404->18408 18405->18403 18409 7ff7a0ffdeb8 _get_daylight 11 API calls 18406->18409 18421 7ff7a1001484 18407->18421 18410 7ff7a0ffa8f5 18408->18410 18411 7ff7a0ffa89c 18409->18411 18412 7ff7a0ffa8ba FlsSetValue 18411->18412 18413 7ff7a0ffa8aa FlsSetValue 18411->18413 18414 7ff7a0ffa8c6 FlsSetValue 18412->18414 18415 7ff7a0ffa8d8 18412->18415 18416 7ff7a0ffa8b3 18413->18416 18414->18416 18417 7ff7a0ffa524 _get_daylight 11 API calls 18415->18417 18418 7ff7a0ff9f78 __free_lconv_num 11 API calls 18416->18418 18419 7ff7a0ffa8e0 18417->18419 18418->18404 18420 7ff7a0ff9f78 __free_lconv_num 11 API calls 18419->18420 18420->18407 18444 7ff7a10016f4 18421->18444 18423 7ff7a10014b9 18459 7ff7a1001184 18423->18459 18426 7ff7a10014d6 18426->18361 18427 7ff7a0ffcc2c _fread_nolock 12 API calls 18428 7ff7a10014e7 18427->18428 18429 7ff7a10014ef 18428->18429 18431 7ff7a10014fe 18428->18431 18430 7ff7a0ff9f78 __free_lconv_num 11 API calls 18429->18430 18430->18426 18431->18431 18466 7ff7a100182c 18431->18466 18434 7ff7a10015fa 18435 7ff7a0ff6088 _get_daylight 11 API calls 18434->18435 18436 7ff7a10015ff 18435->18436 18440 7ff7a0ff9f78 __free_lconv_num 11 API calls 18436->18440 18437 7ff7a1001655 18439 7ff7a10016bc 18437->18439 18477 7ff7a1000fb4 18437->18477 18438 7ff7a1001614 18438->18437 18441 7ff7a0ff9f78 __free_lconv_num 11 API calls 18438->18441 18443 7ff7a0ff9f78 __free_lconv_num 11 API calls 18439->18443 18440->18426 18441->18437 18443->18426 18445 7ff7a1001717 18444->18445 18446 7ff7a1001721 18445->18446 18492 7ff7a0fff808 EnterCriticalSection 18445->18492 18448 7ff7a1001793 18446->18448 18451 7ff7a0ff936c _CallSETranslator 45 API calls 18446->18451 18448->18423 18453 7ff7a10017ab 18451->18453 18455 7ff7a0ffa854 50 API calls 18453->18455 18458 7ff7a1001802 18453->18458 18456 7ff7a10017ec 18455->18456 18457 7ff7a1001484 65 API calls 18456->18457 18457->18458 18458->18423 18460 7ff7a0ff4a84 45 API calls 18459->18460 18461 7ff7a1001198 18460->18461 18462 7ff7a10011b6 18461->18462 18463 7ff7a10011a4 GetOEMCP 18461->18463 18464 7ff7a10011cb 18462->18464 18465 7ff7a10011bb GetACP 18462->18465 18463->18464 18464->18426 18464->18427 18465->18464 18467 7ff7a1001184 47 API calls 18466->18467 18469 7ff7a1001859 18467->18469 18468 7ff7a10019af 18470 7ff7a0fea100 _wfindfirst32i64 8 API calls 18468->18470 18469->18468 18471 7ff7a1001896 IsValidCodePage 18469->18471 18475 7ff7a10018b0 memcpy_s 18469->18475 18472 7ff7a10015f1 18470->18472 18471->18468 18473 7ff7a10018a7 18471->18473 18472->18434 18472->18438 18474 7ff7a10018d6 GetCPInfo 18473->18474 18473->18475 18474->18468 18474->18475 18493 7ff7a100129c 18475->18493 18564 7ff7a0fff808 EnterCriticalSection 18477->18564 18494 7ff7a10012d9 GetCPInfo 18493->18494 18503 7ff7a10013cf 18493->18503 18500 7ff7a10012ec 18494->18500 18494->18503 18495 7ff7a0fea100 _wfindfirst32i64 8 API calls 18497 7ff7a100146e 18495->18497 18497->18468 18504 7ff7a1001fe0 18500->18504 18502 7ff7a1006f84 54 API calls 18502->18503 18503->18495 18505 7ff7a0ff4a84 45 API calls 18504->18505 18506 7ff7a1002022 18505->18506 18507 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18506->18507 18509 7ff7a1002058 18507->18509 18508 7ff7a100205f 18511 7ff7a0fea100 _wfindfirst32i64 8 API calls 18508->18511 18509->18508 18510 7ff7a0ffcc2c _fread_nolock 12 API calls 18509->18510 18512 7ff7a100211c 18509->18512 18515 7ff7a1002088 memcpy_s 18509->18515 18510->18515 18513 7ff7a1001363 18511->18513 18512->18508 18514 7ff7a0ff9f78 __free_lconv_num 11 API calls 18512->18514 18519 7ff7a1006f84 18513->18519 18514->18508 18515->18512 18516 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18515->18516 18517 7ff7a10020fe 18516->18517 18517->18512 18518 7ff7a1002102 GetStringTypeW 18517->18518 18518->18512 18520 7ff7a0ff4a84 45 API calls 18519->18520 18521 7ff7a1006fa9 18520->18521 18524 7ff7a1006c50 18521->18524 18525 7ff7a1006c91 18524->18525 18526 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18525->18526 18530 7ff7a1006cdb 18526->18530 18527 7ff7a1006f59 18528 7ff7a0fea100 _wfindfirst32i64 8 API calls 18527->18528 18531 7ff7a1001396 18528->18531 18529 7ff7a1006e11 18529->18527 18533 7ff7a0ff9f78 __free_lconv_num 11 API calls 18529->18533 18530->18527 18530->18529 18532 7ff7a0ffcc2c _fread_nolock 12 API calls 18530->18532 18534 7ff7a1006d13 18530->18534 18531->18502 18532->18534 18533->18527 18534->18529 18535 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18534->18535 18536 7ff7a1006d86 18535->18536 18536->18529 18555 7ff7a0ffe304 18536->18555 18539 7ff7a1006e22 18541 7ff7a0ffcc2c _fread_nolock 12 API calls 18539->18541 18544 7ff7a1006e40 18539->18544 18553 7ff7a1006ef4 18539->18553 18540 7ff7a1006dd1 18540->18529 18542 7ff7a0ffe304 __crtLCMapStringW 6 API calls 18540->18542 18541->18544 18542->18529 18543 7ff7a0ff9f78 __free_lconv_num 11 API calls 18543->18529 18544->18529 18545 7ff7a0ffe304 __crtLCMapStringW 6 API calls 18544->18545 18546 7ff7a1006ec0 18545->18546 18547 7ff7a1006ef6 18546->18547 18548 7ff7a1006ee0 18546->18548 18546->18553 18549 7ff7a0fff138 WideCharToMultiByte 18547->18549 18550 7ff7a0fff138 WideCharToMultiByte 18548->18550 18551 7ff7a1006eee 18549->18551 18550->18551 18552 7ff7a1006f0e 18551->18552 18551->18553 18552->18529 18554 7ff7a0ff9f78 __free_lconv_num 11 API calls 18552->18554 18553->18529 18553->18543 18554->18529 18556 7ff7a0ffdf30 __crtLCMapStringW 5 API calls 18555->18556 18557 7ff7a0ffe342 18556->18557 18560 7ff7a0ffe34a 18557->18560 18561 7ff7a0ffe3f0 18557->18561 18559 7ff7a0ffe3b3 LCMapStringW 18559->18560 18560->18529 18560->18539 18560->18540 18562 7ff7a0ffdf30 __crtLCMapStringW 5 API calls 18561->18562 18563 7ff7a0ffe41e __crtLCMapStringW 18562->18563 18563->18559 18566 7ff7a1005760 18565->18566 18567 7ff7a1005749 18565->18567 18566->18567 18570 7ff7a100576e 18566->18570 18568 7ff7a0ff6088 _get_daylight 11 API calls 18567->18568 18569 7ff7a100574e 18568->18569 18571 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18569->18571 18572 7ff7a0ff4a84 45 API calls 18570->18572 18573 7ff7a1005759 18570->18573 18571->18573 18572->18573 18573->18247 18575 7ff7a0ff4a84 45 API calls 18574->18575 18576 7ff7a100842d 18575->18576 18579 7ff7a1008084 18576->18579 18582 7ff7a10080d2 18579->18582 18580 7ff7a0fea100 _wfindfirst32i64 8 API calls 18581 7ff7a1006605 18580->18581 18581->18247 18581->18274 18583 7ff7a1008159 18582->18583 18585 7ff7a1008144 GetCPInfo 18582->18585 18588 7ff7a100815d 18582->18588 18584 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18583->18584 18583->18588 18586 7ff7a10081f1 18584->18586 18585->18583 18585->18588 18587 7ff7a0ffcc2c _fread_nolock 12 API calls 18586->18587 18586->18588 18589 7ff7a1008228 18586->18589 18587->18589 18588->18580 18589->18588 18590 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18589->18590 18591 7ff7a1008296 18590->18591 18592 7ff7a1008378 18591->18592 18593 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18591->18593 18592->18588 18594 7ff7a0ff9f78 __free_lconv_num 11 API calls 18592->18594 18595 7ff7a10082bc 18593->18595 18594->18588 18595->18592 18596 7ff7a0ffcc2c _fread_nolock 12 API calls 18595->18596 18597 7ff7a10082e9 18595->18597 18596->18597 18597->18592 18598 7ff7a0ffe870 _fread_nolock MultiByteToWideChar 18597->18598 18599 7ff7a1008360 18598->18599 18600 7ff7a1008380 18599->18600 18601 7ff7a1008366 18599->18601 18608 7ff7a0ffe188 18600->18608 18601->18592 18604 7ff7a0ff9f78 __free_lconv_num 11 API calls 18601->18604 18604->18592 18605 7ff7a10083bf 18605->18588 18607 7ff7a0ff9f78 __free_lconv_num 11 API calls 18605->18607 18606 7ff7a0ff9f78 __free_lconv_num 11 API calls 18606->18605 18607->18588 18609 7ff7a0ffdf30 __crtLCMapStringW 5 API calls 18608->18609 18610 7ff7a0ffe1c6 18609->18610 18611 7ff7a0ffe1ce 18610->18611 18612 7ff7a0ffe3f0 __crtLCMapStringW 5 API calls 18610->18612 18611->18605 18611->18606 18613 7ff7a0ffe237 CompareStringW 18612->18613 18613->18611 18615 7ff7a1007041 18614->18615 18616 7ff7a100705a HeapSize 18614->18616 18617 7ff7a0ff6088 _get_daylight 11 API calls 18615->18617 18618 7ff7a1007046 18617->18618 18619 7ff7a0ff9f10 _invalid_parameter_noinfo 37 API calls 18618->18619 18620 7ff7a1007051 18619->18620 18620->18279 18622 7ff7a0fffa21 18621->18622 18623 7ff7a0fffa2b 18621->18623 18624 7ff7a0ffcc2c _fread_nolock 12 API calls 18622->18624 18625 7ff7a0fffa30 18623->18625 18631 7ff7a0fffa37 _get_daylight 18623->18631 18630 7ff7a0fffa29 18624->18630 18628 7ff7a0ff9f78 __free_lconv_num 11 API calls 18625->18628 18626 7ff7a0fffa3d 18629 7ff7a0ff6088 _get_daylight 11 API calls 18626->18629 18627 7ff7a0fffa6a HeapReAlloc 18627->18630 18627->18631 18628->18630 18629->18630 18630->18283 18631->18626 18631->18627 18632 7ff7a1002730 _get_daylight 2 API calls 18631->18632 18632->18631 18634 7ff7a1007fed __crtLCMapStringW 18633->18634 18635 7ff7a10064ee 18634->18635 18636 7ff7a0ffe188 6 API calls 18634->18636 18635->18330 18635->18332 18636->18635

                                                                      Executed Functions

                                                                      Function 00007FF7A1004EA0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 135 7ff7a1004ea0-7ff7a1004edb call 7ff7a1004828 call 7ff7a1004830 call 7ff7a1004898 142 7ff7a1005105-7ff7a1005151 call 7ff7a0ff9f30 call 7ff7a1004828 call 7ff7a1004830 call 7ff7a1004898 135->142 143 7ff7a1004ee1-7ff7a1004eec call 7ff7a1004838 135->143 168 7ff7a100528f-7ff7a10052fd call 7ff7a0ff9f30 call 7ff7a1000738 142->168 169 7ff7a1005157-7ff7a1005162 call 7ff7a1004838 142->169 143->142 148 7ff7a1004ef2-7ff7a1004efc 143->148 150 7ff7a1004f1e-7ff7a1004f22 148->150 151 7ff7a1004efe-7ff7a1004f01 148->151 153 7ff7a1004f25-7ff7a1004f2d 150->153 154 7ff7a1004f04-7ff7a1004f0f 151->154 153->153 156 7ff7a1004f2f-7ff7a1004f42 call 7ff7a0ffcc2c 153->156 157 7ff7a1004f11-7ff7a1004f18 154->157 158 7ff7a1004f1a-7ff7a1004f1c 154->158 166 7ff7a1004f44-7ff7a1004f46 call 7ff7a0ff9f78 156->166 167 7ff7a1004f5a-7ff7a1004f66 call 7ff7a0ff9f78 156->167 157->154 157->158 158->150 162 7ff7a1004f4b-7ff7a1004f59 158->162 166->162 177 7ff7a1004f6d-7ff7a1004f75 167->177 187 7ff7a10052ff-7ff7a1005306 168->187 188 7ff7a100530b-7ff7a100530e 168->188 169->168 178 7ff7a1005168-7ff7a1005173 call 7ff7a1004868 169->178 177->177 180 7ff7a1004f77-7ff7a1004f88 call 7ff7a0fff9a4 177->180 178->168 189 7ff7a1005179-7ff7a100519c call 7ff7a0ff9f78 GetTimeZoneInformation 178->189 180->142 190 7ff7a1004f8e-7ff7a1004fe4 call 7ff7a0feb880 * 4 call 7ff7a1004dbc 180->190 191 7ff7a100539b-7ff7a100539e 187->191 192 7ff7a1005345-7ff7a1005358 call 7ff7a0ffcc2c 188->192 193 7ff7a1005310 188->193 205 7ff7a1005264-7ff7a100528e call 7ff7a1004820 call 7ff7a1004810 call 7ff7a1004818 189->205 206 7ff7a10051a2-7ff7a10051c3 189->206 248 7ff7a1004fe6-7ff7a1004fea 190->248 197 7ff7a10053a4-7ff7a10053ac call 7ff7a1004ea0 191->197 198 7ff7a1005313 call 7ff7a100511c 191->198 210 7ff7a1005363-7ff7a100537e call 7ff7a1000738 192->210 211 7ff7a100535a 192->211 193->198 212 7ff7a1005318-7ff7a1005344 call 7ff7a0ff9f78 call 7ff7a0fea100 197->212 198->212 213 7ff7a10051c5-7ff7a10051cb 206->213 214 7ff7a10051ce-7ff7a10051d5 206->214 234 7ff7a1005385-7ff7a1005397 call 7ff7a0ff9f78 210->234 235 7ff7a1005380-7ff7a1005383 210->235 217 7ff7a100535c-7ff7a1005361 call 7ff7a0ff9f78 211->217 213->214 220 7ff7a10051e9 214->220 221 7ff7a10051d7-7ff7a10051df 214->221 217->193 225 7ff7a10051eb-7ff7a100525f call 7ff7a0feb880 * 4 call 7ff7a1001cfc call 7ff7a10053b4 * 2 220->225 221->220 222 7ff7a10051e1-7ff7a10051e7 221->222 222->225 225->205 234->191 235->217 250 7ff7a1004ff0-7ff7a1004ff4 248->250 251 7ff7a1004fec 248->251 250->248 253 7ff7a1004ff6-7ff7a100501b call 7ff7a1007ce4 250->253 251->250 259 7ff7a100501e-7ff7a1005022 253->259 260 7ff7a1005024-7ff7a100502f 259->260 261 7ff7a1005031-7ff7a1005035 259->261 260->261 263 7ff7a1005037-7ff7a100503b 260->263 261->259 265 7ff7a100503d-7ff7a1005065 call 7ff7a1007ce4 263->265 266 7ff7a10050bc-7ff7a10050c0 263->266 275 7ff7a1005083-7ff7a1005087 265->275 276 7ff7a1005067 265->276 268 7ff7a10050c2-7ff7a10050c4 266->268 269 7ff7a10050c7-7ff7a10050d4 266->269 268->269 271 7ff7a10050d6-7ff7a10050ec call 7ff7a1004dbc 269->271 272 7ff7a10050ef-7ff7a10050fe call 7ff7a1004820 call 7ff7a1004810 269->272 271->272 272->142 275->266 281 7ff7a1005089-7ff7a10050a7 call 7ff7a1007ce4 275->281 279 7ff7a100506a-7ff7a1005071 276->279 279->275 282 7ff7a1005073-7ff7a1005081 279->282 287 7ff7a10050b3-7ff7a10050ba 281->287 282->275 282->279 287->266 288 7ff7a10050a9-7ff7a10050ad 287->288 288->266 289 7ff7a10050af 288->289 289->287
                                                                      APIs
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A1004EE5
                                                                        • Part of subcall function 00007FF7A1004838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100484C
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                        • Part of subcall function 00007FF7A0FF9F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7A0FF9F0F,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FF9F39
                                                                        • Part of subcall function 00007FF7A0FF9F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7A0FF9F0F,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FF9F5E
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A1004ED4
                                                                        • Part of subcall function 00007FF7A1004898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A10048AC
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100514A
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100515B
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100516C
                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A10053AC), ref: 00007FF7A1005193
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 4070488512-239921721
                                                                      • Opcode ID: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                      • Instruction ID: 0f9a1f0af36f8161cb05eb05e908e1f79921774425f34aa93328cad302c2d29f
                                                                      • Opcode Fuzzy Hash: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                      • Instruction Fuzzy Hash: AFD1B322A1A24286F714FF21D8401BEB761FF44794FC24436EA4D876A5DFBCE861CB60
                                                                      Function 00007FF7A0FE58E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF7A0FE58AD), ref: 00007FF7A0FE597A
                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF7A0FE58AD), ref: 00007FF7A0FE5980
                                                                        • Part of subcall function 00007FF7A0FE5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7A0FE2817,?,?,?,?,?,?), ref: 00007FF7A0FE5B2A
                                                                        • Part of subcall function 00007FF7A0FE5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE5B47
                                                                        • Part of subcall function 00007FF7A0FF6818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A0FF6831
                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7A0FE5A31
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                      • API String ID: 1556224225-1116378104
                                                                      • Opcode ID: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                      • Instruction ID: cebb1cccd155b11647ee9f3fe8f8850719d04f2aacddb4991d83dfd92378d86f
                                                                      • Opcode Fuzzy Hash: c805534fc36cce2f638f5d4b2e31efb0a3bdcbd638384fcea02245f06552b5c8
                                                                      • Instruction Fuzzy Hash: EF513721F0F64784FA55BB32A9552BAD2825F49BC0FC64835EC0E677A6ED6CF5018720
                                                                      Function 00007FF7A1005DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 390 7ff7a1005dec-7ff7a1005e5f call 7ff7a1005b20 393 7ff7a1005e61-7ff7a1005e6a call 7ff7a0ff6068 390->393 394 7ff7a1005e79-7ff7a1005e83 call 7ff7a0ff6e60 390->394 399 7ff7a1005e6d-7ff7a1005e74 call 7ff7a0ff6088 393->399 400 7ff7a1005e85-7ff7a1005e9c call 7ff7a0ff6068 call 7ff7a0ff6088 394->400 401 7ff7a1005e9e-7ff7a1005f07 CreateFileW 394->401 413 7ff7a10061ba-7ff7a10061da 399->413 400->399 404 7ff7a1005f84-7ff7a1005f8f GetFileType 401->404 405 7ff7a1005f09-7ff7a1005f0f 401->405 407 7ff7a1005fe2-7ff7a1005fe9 404->407 408 7ff7a1005f91-7ff7a1005fcc GetLastError call 7ff7a0ff5ffc CloseHandle 404->408 410 7ff7a1005f51-7ff7a1005f7f GetLastError call 7ff7a0ff5ffc 405->410 411 7ff7a1005f11-7ff7a1005f15 405->411 416 7ff7a1005ff1-7ff7a1005ff4 407->416 417 7ff7a1005feb-7ff7a1005fef 407->417 408->399 424 7ff7a1005fd2-7ff7a1005fdd call 7ff7a0ff6088 408->424 410->399 411->410 418 7ff7a1005f17-7ff7a1005f4f CreateFileW 411->418 422 7ff7a1005ffa-7ff7a100604f call 7ff7a0ff6d78 416->422 423 7ff7a1005ff6 416->423 417->422 418->404 418->410 428 7ff7a1006051-7ff7a100605d call 7ff7a1005d28 422->428 429 7ff7a100606e-7ff7a100609f call 7ff7a10058a0 422->429 423->422 424->399 428->429 435 7ff7a100605f 428->435 436 7ff7a10060a5-7ff7a10060e7 429->436 437 7ff7a10060a1-7ff7a10060a3 429->437 438 7ff7a1006061-7ff7a1006069 call 7ff7a0ffa0f0 435->438 439 7ff7a1006109-7ff7a1006114 436->439 440 7ff7a10060e9-7ff7a10060ed 436->440 437->438 438->413 443 7ff7a100611a-7ff7a100611e 439->443 444 7ff7a10061b8 439->444 440->439 442 7ff7a10060ef-7ff7a1006104 440->442 442->439 443->444 445 7ff7a1006124-7ff7a1006169 CloseHandle CreateFileW 443->445 444->413 447 7ff7a100619e-7ff7a10061b3 445->447 448 7ff7a100616b-7ff7a1006199 GetLastError call 7ff7a0ff5ffc call 7ff7a0ff6fa0 445->448 447->444 448->447
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                      • String ID:
                                                                      • API String ID: 1617910340-0
                                                                      • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                      • Instruction ID: cabf71382365bf184d8244860535987e9305c2f5e8bd34971652b538fc87f96e
                                                                      • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                      • Instruction Fuzzy Hash: C5C1F333B29A4285FB10EF64C4906AD7771FB48B98B864239DE1E977A5CF78E061C710
                                                                      Function 00007FF7A100511C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 795 7ff7a100511c-7ff7a1005151 call 7ff7a1004828 call 7ff7a1004830 call 7ff7a1004898 802 7ff7a100528f-7ff7a10052fd call 7ff7a0ff9f30 call 7ff7a1000738 795->802 803 7ff7a1005157-7ff7a1005162 call 7ff7a1004838 795->803 814 7ff7a10052ff-7ff7a1005306 802->814 815 7ff7a100530b-7ff7a100530e 802->815 803->802 808 7ff7a1005168-7ff7a1005173 call 7ff7a1004868 803->808 808->802 816 7ff7a1005179-7ff7a100519c call 7ff7a0ff9f78 GetTimeZoneInformation 808->816 817 7ff7a100539b-7ff7a100539e 814->817 818 7ff7a1005345-7ff7a1005358 call 7ff7a0ffcc2c 815->818 819 7ff7a1005310 815->819 828 7ff7a1005264-7ff7a100528e call 7ff7a1004820 call 7ff7a1004810 call 7ff7a1004818 816->828 829 7ff7a10051a2-7ff7a10051c3 816->829 821 7ff7a10053a4-7ff7a10053ac call 7ff7a1004ea0 817->821 822 7ff7a1005313 call 7ff7a100511c 817->822 832 7ff7a1005363-7ff7a100537e call 7ff7a1000738 818->832 833 7ff7a100535a 818->833 819->822 834 7ff7a1005318-7ff7a1005344 call 7ff7a0ff9f78 call 7ff7a0fea100 821->834 822->834 835 7ff7a10051c5-7ff7a10051cb 829->835 836 7ff7a10051ce-7ff7a10051d5 829->836 853 7ff7a1005385-7ff7a1005397 call 7ff7a0ff9f78 832->853 854 7ff7a1005380-7ff7a1005383 832->854 838 7ff7a100535c-7ff7a1005361 call 7ff7a0ff9f78 833->838 835->836 841 7ff7a10051e9 836->841 842 7ff7a10051d7-7ff7a10051df 836->842 838->819 845 7ff7a10051eb-7ff7a100525f call 7ff7a0feb880 * 4 call 7ff7a1001cfc call 7ff7a10053b4 * 2 841->845 842->841 843 7ff7a10051e1-7ff7a10051e7 842->843 843->845 845->828 853->817 854->838
                                                                      APIs
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100514A
                                                                        • Part of subcall function 00007FF7A1004898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A10048AC
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100515B
                                                                        • Part of subcall function 00007FF7A1004838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100484C
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100516C
                                                                        • Part of subcall function 00007FF7A1004868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100487C
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A10053AC), ref: 00007FF7A1005193
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 3458911817-239921721
                                                                      • Opcode ID: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                      • Instruction ID: 47abae04dbd86ed4a8925197b82e92c99b289b65f8c3b1ed7feef163d7268bc1
                                                                      • Opcode Fuzzy Hash: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                      • Instruction Fuzzy Hash: B6516232A1A64286F710FF21D9815AAF760BF48784FC24535EA4D837B5DFBCE5218B60
                                                                      Function 00007FF7A0FFFA88 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                      • String ID:
                                                                      • API String ID: 1010374628-0
                                                                      • Opcode ID: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                      • Instruction ID: e9d6edd6e220f5fa71bba9a9be91186b58e73eb1afb88089c4d0639be50e1de4
                                                                      • Opcode Fuzzy Hash: 036bb9af6ac8c728884dbc430cc13962f440282e35d529492d92ee50b2a68dd9
                                                                      • Instruction Fuzzy Hash: 6002C123B1F64349FB54BB31A44027AA680AF41B90FD74A35DE5E663F1DE7CB8258720
                                                                      Function 00007FF7A0FE17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                      • API String ID: 3405171723-4158440160
                                                                      • Opcode ID: 3dd81e11b18fc9e391ce97d87c5df179014315260915c8fdf2366e990ec26e09
                                                                      • Instruction ID: f3b2b437746adf8f79a4e9085ceba0e554a670209a17395f392f15e4b237b199
                                                                      • Opcode Fuzzy Hash: 3dd81e11b18fc9e391ce97d87c5df179014315260915c8fdf2366e990ec26e09
                                                                      • Instruction Fuzzy Hash: C3516972A0E606C6EF14EF39D45027DB3A0FB48B84B928935D90D933A9DE6CE550CB60
                                                                      Function 00007FF7A0FE1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 53 7ff7a0fe1440-7ff7a0fe1457 call 7ff7a0fe5880 56 7ff7a0fe1462-7ff7a0fe1485 call 7ff7a0fe5ba0 53->56 57 7ff7a0fe1459-7ff7a0fe1461 53->57 60 7ff7a0fe14a7-7ff7a0fe14ad 56->60 61 7ff7a0fe1487-7ff7a0fe14a2 call 7ff7a0fe1c10 56->61 63 7ff7a0fe14e0-7ff7a0fe14f4 call 7ff7a0feec94 60->63 64 7ff7a0fe14af-7ff7a0fe14ba call 7ff7a0fe2de0 60->64 69 7ff7a0fe1635-7ff7a0fe1647 61->69 71 7ff7a0fe1516-7ff7a0fe151a 63->71 72 7ff7a0fe14f6-7ff7a0fe1511 call 7ff7a0fe1c10 63->72 70 7ff7a0fe14bf-7ff7a0fe14c5 64->70 70->63 73 7ff7a0fe14c7-7ff7a0fe14db call 7ff7a0fe1c50 70->73 75 7ff7a0fe1534-7ff7a0fe1554 call 7ff7a0ff414c 71->75 76 7ff7a0fe151c-7ff7a0fe1528 call 7ff7a0fe1050 71->76 82 7ff7a0fe1617-7ff7a0fe161d 72->82 73->82 87 7ff7a0fe1556-7ff7a0fe1570 call 7ff7a0fe1c10 75->87 88 7ff7a0fe1575-7ff7a0fe157b 75->88 83 7ff7a0fe152d-7ff7a0fe152f 76->83 85 7ff7a0fe161f call 7ff7a0fee60c 82->85 86 7ff7a0fe162b-7ff7a0fe162e call 7ff7a0fee60c 82->86 83->82 95 7ff7a0fe1624 85->95 96 7ff7a0fe1633 86->96 99 7ff7a0fe160d-7ff7a0fe1612 87->99 92 7ff7a0fe1605-7ff7a0fe1608 call 7ff7a0ff4138 88->92 93 7ff7a0fe1581-7ff7a0fe1586 88->93 92->99 94 7ff7a0fe1590-7ff7a0fe15b2 call 7ff7a0fee95c 93->94 102 7ff7a0fe15b4-7ff7a0fe15cc call 7ff7a0fef09c 94->102 103 7ff7a0fe15e5-7ff7a0fe15ec 94->103 95->86 96->69 99->82 108 7ff7a0fe15d5-7ff7a0fe15e3 102->108 109 7ff7a0fe15ce-7ff7a0fe15d1 102->109 105 7ff7a0fe15f3-7ff7a0fe15fb call 7ff7a0fe1c10 103->105 112 7ff7a0fe1600 105->112 108->105 109->94 111 7ff7a0fe15d3 109->111 111->112 112->92
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                      • API String ID: 0-666925554
                                                                      • Opcode ID: 6a700ff59d1eae3cd4f1897966358a388e1f51ee3372cc3160cad33ce14096f4
                                                                      • Instruction ID: eb7a6a3adedc0293e9a2355b9cbcf134823dbbb4a0d86bbb805e83dafde25f6d
                                                                      • Opcode Fuzzy Hash: 6a700ff59d1eae3cd4f1897966358a388e1f51ee3372cc3160cad33ce14096f4
                                                                      • Instruction Fuzzy Hash: D7518D71B0E643C1FE20AB22A8106BAA360BB85B94FCA4831DD1D577B5EE7CF1558720
                                                                      Function 00007FF7A0FE6A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                      • API String ID: 4998090-2855260032
                                                                      • Opcode ID: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                      • Instruction ID: 34c951fb6fe23c871b6cb8ccc3a4473ff7589764b1697779b4b38b7ac6d21359
                                                                      • Opcode Fuzzy Hash: 04a4952acd007a2d57849bf4a7f549880b035f2fca275a5dfd27a02a5c87a0f0
                                                                      • Instruction Fuzzy Hash: AE41713161D687C2E710EF20E8446AAB361FB84794F854631EA5E577A4DF7CE448CB20
                                                                      Function 00007FF7A0FE6130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                      • API String ID: 2895956056-3524285272
                                                                      • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                      • Instruction ID: 8425f22972fb6c4705125320dc8d2d1ed0a894da8e2768be2501cc697fa55419
                                                                      • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                      • Instruction Fuzzy Hash: CE411232A0D78685EB20AB74E4452AAF360FF94360F914735E6AD47BE5DF7CE0548B10
                                                                      Function 00007FF7A0FE1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 453 7ff7a0fe1000-7ff7a0fe27b6 call 7ff7a0fee3e0 call 7ff7a0fee3d8 call 7ff7a0fe67c0 call 7ff7a0fea130 call 7ff7a0ff4310 call 7ff7a0ff4f7c call 7ff7a0fe1af0 469 7ff7a0fe27bc-7ff7a0fe27cb call 7ff7a0fe2cd0 453->469 470 7ff7a0fe28ca 453->470 469->470 475 7ff7a0fe27d1-7ff7a0fe27e4 call 7ff7a0fe2ba0 469->475 472 7ff7a0fe28cf-7ff7a0fe28ef call 7ff7a0fea100 470->472 475->470 479 7ff7a0fe27ea-7ff7a0fe27fd call 7ff7a0fe2c50 475->479 479->470 482 7ff7a0fe2803-7ff7a0fe282a call 7ff7a0fe5af0 479->482 485 7ff7a0fe286c-7ff7a0fe2894 call 7ff7a0fe60f0 call 7ff7a0fe19d0 482->485 486 7ff7a0fe282c-7ff7a0fe283b call 7ff7a0fe5af0 482->486 496 7ff7a0fe297d-7ff7a0fe298e 485->496 497 7ff7a0fe289a-7ff7a0fe28b0 call 7ff7a0fe19d0 485->497 486->485 492 7ff7a0fe283d-7ff7a0fe2843 486->492 494 7ff7a0fe2845-7ff7a0fe284d 492->494 495 7ff7a0fe284f-7ff7a0fe2869 call 7ff7a0ff4138 call 7ff7a0fe60f0 492->495 494->495 495->485 501 7ff7a0fe29a3-7ff7a0fe29bb call 7ff7a0fe6db0 496->501 502 7ff7a0fe2990-7ff7a0fe299a call 7ff7a0fe24a0 496->502 508 7ff7a0fe28f0-7ff7a0fe28f3 497->508 509 7ff7a0fe28b2-7ff7a0fe28c5 call 7ff7a0fe1c50 497->509 512 7ff7a0fe29ce-7ff7a0fe29d5 SetDllDirectoryW 501->512 513 7ff7a0fe29bd-7ff7a0fe29c9 call 7ff7a0fe1c50 501->513 516 7ff7a0fe299c 502->516 517 7ff7a0fe29db-7ff7a0fe29e8 call 7ff7a0fe4fa0 502->517 508->496 515 7ff7a0fe28f9-7ff7a0fe2910 call 7ff7a0fe2de0 508->515 509->470 512->517 513->470 524 7ff7a0fe2912-7ff7a0fe2915 515->524 525 7ff7a0fe2917-7ff7a0fe2943 call 7ff7a0fe6360 515->525 516->501 526 7ff7a0fe2a36-7ff7a0fe2a3b call 7ff7a0fe4f20 517->526 527 7ff7a0fe29ea-7ff7a0fe29fa call 7ff7a0fe4c40 517->527 528 7ff7a0fe2952-7ff7a0fe2968 call 7ff7a0fe1c50 524->528 536 7ff7a0fe2945-7ff7a0fe294d call 7ff7a0fee60c 525->536 537 7ff7a0fe296d-7ff7a0fe297b 525->537 534 7ff7a0fe2a40-7ff7a0fe2a43 526->534 527->526 541 7ff7a0fe29fc-7ff7a0fe2a0b call 7ff7a0fe47a0 527->541 528->470 539 7ff7a0fe2af6-7ff7a0fe2b05 call 7ff7a0fe2330 534->539 540 7ff7a0fe2a49-7ff7a0fe2a56 534->540 536->528 537->502 539->470 553 7ff7a0fe2b0b-7ff7a0fe2b42 call 7ff7a0fe6080 call 7ff7a0fe5af0 call 7ff7a0fe4540 539->553 544 7ff7a0fe2a60-7ff7a0fe2a6a 540->544 551 7ff7a0fe2a2c-7ff7a0fe2a31 call 7ff7a0fe49f0 541->551 552 7ff7a0fe2a0d-7ff7a0fe2a19 call 7ff7a0fe4730 541->552 548 7ff7a0fe2a73-7ff7a0fe2a75 544->548 549 7ff7a0fe2a6c-7ff7a0fe2a71 544->549 554 7ff7a0fe2ac1-7ff7a0fe2af1 call 7ff7a0fe2490 call 7ff7a0fe22d0 call 7ff7a0fe2480 call 7ff7a0fe49f0 call 7ff7a0fe4f20 548->554 555 7ff7a0fe2a77-7ff7a0fe2a9a call 7ff7a0fe1b30 548->555 549->544 549->548 551->526 552->551 566 7ff7a0fe2a1b-7ff7a0fe2a2a call 7ff7a0fe4df0 552->566 553->470 578 7ff7a0fe2b48-7ff7a0fe2b7d call 7ff7a0fe2490 call 7ff7a0fe6130 call 7ff7a0fe49f0 call 7ff7a0fe4f20 553->578 554->472 555->470 565 7ff7a0fe2aa0-7ff7a0fe2aab 555->565 569 7ff7a0fe2ab0-7ff7a0fe2abf 565->569 566->534 569->554 569->569 591 7ff7a0fe2b7f-7ff7a0fe2b82 call 7ff7a0fe5df0 578->591 592 7ff7a0fe2b87-7ff7a0fe2b8a call 7ff7a0fe1ab0 578->592 591->592 595 7ff7a0fe2b8f-7ff7a0fe2b91 592->595 595->472
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A0FE2CD0: GetModuleFileNameW.KERNEL32(?,00007FF7A0FE27C9,?,?,?,?,?,?), ref: 00007FF7A0FE2D01
                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7A0FE29D5
                                                                        • Part of subcall function 00007FF7A0FE5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7A0FE2817,?,?,?,?,?,?), ref: 00007FF7A0FE5B2A
                                                                        • Part of subcall function 00007FF7A0FE5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE5B47
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                      • API String ID: 2344891160-3602715111
                                                                      • Opcode ID: 9cc289c9195a371b6f24d31b42917e49a42ba6d60d8658c917f02b3ce32f2aaf
                                                                      • Instruction ID: 556024dbc34c0ee8d1bb4e0d7e29e77bd2abc92c444237f0d78aef6c86a688b3
                                                                      • Opcode Fuzzy Hash: 9cc289c9195a371b6f24d31b42917e49a42ba6d60d8658c917f02b3ce32f2aaf
                                                                      • Instruction Fuzzy Hash: E6C1C721A1E683C5FA60BB3194512FDA350BF44784FC64832EA4D677B6EF6CF6058720
                                                                      Function 00007FF7A0FE1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 596 7ff7a0fe1050-7ff7a0fe10ab call 7ff7a0fe9990 599 7ff7a0fe10d3-7ff7a0fe10eb call 7ff7a0ff414c 596->599 600 7ff7a0fe10ad-7ff7a0fe10d2 call 7ff7a0fe1c50 596->600 605 7ff7a0fe10ed-7ff7a0fe1104 call 7ff7a0fe1c10 599->605 606 7ff7a0fe1109-7ff7a0fe1119 call 7ff7a0ff414c 599->606 611 7ff7a0fe126c-7ff7a0fe12a0 call 7ff7a0fe9670 call 7ff7a0ff4138 * 2 605->611 612 7ff7a0fe111b-7ff7a0fe1132 call 7ff7a0fe1c10 606->612 613 7ff7a0fe1137-7ff7a0fe1147 606->613 612->611 614 7ff7a0fe1150-7ff7a0fe1175 call 7ff7a0fee95c 613->614 622 7ff7a0fe117b-7ff7a0fe1185 call 7ff7a0fee6d0 614->622 623 7ff7a0fe125e 614->623 622->623 630 7ff7a0fe118b-7ff7a0fe1197 622->630 625 7ff7a0fe1264 623->625 625->611 631 7ff7a0fe11a0-7ff7a0fe11c8 call 7ff7a0fe7de0 630->631 634 7ff7a0fe1241-7ff7a0fe125c call 7ff7a0fe1c50 631->634 635 7ff7a0fe11ca-7ff7a0fe11cd 631->635 634->625 636 7ff7a0fe11cf-7ff7a0fe11d9 635->636 637 7ff7a0fe123c 635->637 640 7ff7a0fe1203-7ff7a0fe1206 636->640 641 7ff7a0fe11db-7ff7a0fe11e8 call 7ff7a0fef09c 636->641 637->634 642 7ff7a0fe1208-7ff7a0fe1216 call 7ff7a0feaec0 640->642 643 7ff7a0fe1219-7ff7a0fe121e 640->643 647 7ff7a0fe11ed-7ff7a0fe11f0 641->647 642->643 643->631 646 7ff7a0fe1220-7ff7a0fe1223 643->646 651 7ff7a0fe1225-7ff7a0fe1228 646->651 652 7ff7a0fe1237-7ff7a0fe123a 646->652 648 7ff7a0fe11f2-7ff7a0fe11fc call 7ff7a0fee6d0 647->648 649 7ff7a0fe11fe-7ff7a0fe1201 647->649 648->643 648->649 649->634 651->634 654 7ff7a0fe122a-7ff7a0fe1232 651->654 652->625 654->614
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                      • API String ID: 0-1655038675
                                                                      • Opcode ID: af04965e2dbcd0d8e1621cd66b39530d0b4f4ad9fcd8e07e4d45104bc70e5302
                                                                      • Instruction ID: a97d040d534db438bebab68bced4857eaa38be83f8eebe72435ab77c63a8cc1b
                                                                      • Opcode Fuzzy Hash: af04965e2dbcd0d8e1621cd66b39530d0b4f4ad9fcd8e07e4d45104bc70e5302
                                                                      • Instruction Fuzzy Hash: 2151C632A0E643C5EA60BB22A8403BAB390BB84794FC64935DE4D977A5EE3CF455C710
                                                                      Function 00007FF7A0FFDF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF7A0FFE2CA,?,?,-00000018,00007FF7A0FFA383,?,?,?,00007FF7A0FFA27A,?,?,?,00007FF7A0FF54E2), ref: 00007FF7A0FFE0AC
                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF7A0FFE2CA,?,?,-00000018,00007FF7A0FFA383,?,?,?,00007FF7A0FFA27A,?,?,?,00007FF7A0FF54E2), ref: 00007FF7A0FFE0B8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeLibraryProc
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 3013587201-537541572
                                                                      • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                      • Instruction ID: 1c7500e100ee5bbf0150a1dd0151a66337301a0330c1dab55b15992dc5929fad
                                                                      • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                      • Instruction Fuzzy Hash: 1D413622B1F60389FB11EB269810676A392BF44BD0F8B4935DD0D673A8EE7CF4458324
                                                                      Function 00007FF7A0FFB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 682 7ff7a0ffb08c-7ff7a0ffb0b2 683 7ff7a0ffb0b4-7ff7a0ffb0c8 call 7ff7a0ff6068 call 7ff7a0ff6088 682->683 684 7ff7a0ffb0cd-7ff7a0ffb0d1 682->684 700 7ff7a0ffb4be 683->700 686 7ff7a0ffb4a7-7ff7a0ffb4b3 call 7ff7a0ff6068 call 7ff7a0ff6088 684->686 687 7ff7a0ffb0d7-7ff7a0ffb0de 684->687 706 7ff7a0ffb4b9 call 7ff7a0ff9f10 686->706 687->686 689 7ff7a0ffb0e4-7ff7a0ffb112 687->689 689->686 692 7ff7a0ffb118-7ff7a0ffb11f 689->692 695 7ff7a0ffb121-7ff7a0ffb133 call 7ff7a0ff6068 call 7ff7a0ff6088 692->695 696 7ff7a0ffb138-7ff7a0ffb13b 692->696 695->706 698 7ff7a0ffb4a3-7ff7a0ffb4a5 696->698 699 7ff7a0ffb141-7ff7a0ffb147 696->699 703 7ff7a0ffb4c1-7ff7a0ffb4d8 698->703 699->698 704 7ff7a0ffb14d-7ff7a0ffb150 699->704 700->703 704->695 707 7ff7a0ffb152-7ff7a0ffb177 704->707 706->700 710 7ff7a0ffb1aa-7ff7a0ffb1b1 707->710 711 7ff7a0ffb179-7ff7a0ffb17b 707->711 715 7ff7a0ffb186-7ff7a0ffb19d call 7ff7a0ff6068 call 7ff7a0ff6088 call 7ff7a0ff9f10 710->715 716 7ff7a0ffb1b3-7ff7a0ffb1db call 7ff7a0ffcc2c call 7ff7a0ff9f78 * 2 710->716 713 7ff7a0ffb1a2-7ff7a0ffb1a8 711->713 714 7ff7a0ffb17d-7ff7a0ffb184 711->714 719 7ff7a0ffb228-7ff7a0ffb23f 713->719 714->713 714->715 747 7ff7a0ffb330 715->747 743 7ff7a0ffb1dd-7ff7a0ffb1f3 call 7ff7a0ff6088 call 7ff7a0ff6068 716->743 744 7ff7a0ffb1f8-7ff7a0ffb223 call 7ff7a0ffb8b4 716->744 722 7ff7a0ffb241-7ff7a0ffb249 719->722 723 7ff7a0ffb2ba-7ff7a0ffb2c4 call 7ff7a1002abc 719->723 722->723 724 7ff7a0ffb24b-7ff7a0ffb24d 722->724 735 7ff7a0ffb34e 723->735 736 7ff7a0ffb2ca-7ff7a0ffb2df 723->736 724->723 728 7ff7a0ffb24f-7ff7a0ffb265 724->728 728->723 732 7ff7a0ffb267-7ff7a0ffb273 728->732 732->723 737 7ff7a0ffb275-7ff7a0ffb277 732->737 739 7ff7a0ffb353-7ff7a0ffb373 ReadFile 735->739 736->735 741 7ff7a0ffb2e1-7ff7a0ffb2f3 GetConsoleMode 736->741 737->723 742 7ff7a0ffb279-7ff7a0ffb291 737->742 745 7ff7a0ffb46d-7ff7a0ffb476 GetLastError 739->745 746 7ff7a0ffb379-7ff7a0ffb381 739->746 741->735 748 7ff7a0ffb2f5-7ff7a0ffb2fd 741->748 742->723 752 7ff7a0ffb293-7ff7a0ffb29f 742->752 743->747 744->719 749 7ff7a0ffb493-7ff7a0ffb496 745->749 750 7ff7a0ffb478-7ff7a0ffb48e call 7ff7a0ff6088 call 7ff7a0ff6068 745->750 746->745 754 7ff7a0ffb387 746->754 751 7ff7a0ffb333-7ff7a0ffb33d call 7ff7a0ff9f78 747->751 748->739 756 7ff7a0ffb2ff-7ff7a0ffb321 ReadConsoleW 748->756 760 7ff7a0ffb49c-7ff7a0ffb49e 749->760 761 7ff7a0ffb329-7ff7a0ffb32b call 7ff7a0ff5ffc 749->761 750->747 751->703 752->723 759 7ff7a0ffb2a1-7ff7a0ffb2a3 752->759 763 7ff7a0ffb38e-7ff7a0ffb3a3 754->763 765 7ff7a0ffb323 GetLastError 756->765 766 7ff7a0ffb342-7ff7a0ffb34c 756->766 759->723 770 7ff7a0ffb2a5-7ff7a0ffb2b5 759->770 760->751 761->747 763->751 772 7ff7a0ffb3a5-7ff7a0ffb3b0 763->772 765->761 766->763 770->723 775 7ff7a0ffb3b2-7ff7a0ffb3cb call 7ff7a0ffaca4 772->775 776 7ff7a0ffb3d7-7ff7a0ffb3df 772->776 784 7ff7a0ffb3d0-7ff7a0ffb3d2 775->784 777 7ff7a0ffb3e1-7ff7a0ffb3f3 776->777 778 7ff7a0ffb45b-7ff7a0ffb468 call 7ff7a0ffaae4 776->778 781 7ff7a0ffb3f5 777->781 782 7ff7a0ffb44e-7ff7a0ffb456 777->782 778->784 785 7ff7a0ffb3fa-7ff7a0ffb401 781->785 782->751 784->751 787 7ff7a0ffb403-7ff7a0ffb407 785->787 788 7ff7a0ffb43d-7ff7a0ffb448 785->788 789 7ff7a0ffb423 787->789 790 7ff7a0ffb409-7ff7a0ffb410 787->790 788->782 792 7ff7a0ffb429-7ff7a0ffb439 789->792 790->789 791 7ff7a0ffb412-7ff7a0ffb416 790->791 791->789 793 7ff7a0ffb418-7ff7a0ffb421 791->793 792->785 794 7ff7a0ffb43b 792->794 793->792 794->782
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                      • Instruction ID: 5463a08a91887a50ee6141645eb6728bde037d314db34532b84ed4c981d69689
                                                                      • Opcode Fuzzy Hash: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                      • Instruction Fuzzy Hash: EBC1F523A0E68789E721AF3594402BEB751EB81B80FD74535DA4E237B1CE7DF8458720
                                                                      Function 00007FF7A0FFC590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 872 7ff7a0ffc590-7ff7a0ffc5b5 873 7ff7a0ffc883 872->873 874 7ff7a0ffc5bb-7ff7a0ffc5be 872->874 877 7ff7a0ffc885-7ff7a0ffc895 873->877 875 7ff7a0ffc5c0-7ff7a0ffc5f2 call 7ff7a0ff9e44 874->875 876 7ff7a0ffc5f7-7ff7a0ffc623 874->876 875->877 879 7ff7a0ffc625-7ff7a0ffc62c 876->879 880 7ff7a0ffc62e-7ff7a0ffc634 876->880 879->875 879->880 882 7ff7a0ffc636-7ff7a0ffc63f call 7ff7a0ffb950 880->882 883 7ff7a0ffc644-7ff7a0ffc659 call 7ff7a1002abc 880->883 882->883 887 7ff7a0ffc773-7ff7a0ffc77c 883->887 888 7ff7a0ffc65f-7ff7a0ffc668 883->888 889 7ff7a0ffc7d0-7ff7a0ffc7f5 WriteFile 887->889 890 7ff7a0ffc77e-7ff7a0ffc784 887->890 888->887 891 7ff7a0ffc66e-7ff7a0ffc672 888->891 894 7ff7a0ffc800 889->894 895 7ff7a0ffc7f7-7ff7a0ffc7fd GetLastError 889->895 896 7ff7a0ffc786-7ff7a0ffc789 890->896 897 7ff7a0ffc7bc-7ff7a0ffc7ce call 7ff7a0ffc048 890->897 892 7ff7a0ffc674-7ff7a0ffc67c call 7ff7a0ff3830 891->892 893 7ff7a0ffc683-7ff7a0ffc68e 891->893 892->893 899 7ff7a0ffc690-7ff7a0ffc699 893->899 900 7ff7a0ffc69f-7ff7a0ffc6b4 GetConsoleMode 893->900 902 7ff7a0ffc803 894->902 895->894 903 7ff7a0ffc78b-7ff7a0ffc78e 896->903 904 7ff7a0ffc7a8-7ff7a0ffc7ba call 7ff7a0ffc268 896->904 917 7ff7a0ffc760-7ff7a0ffc767 897->917 899->887 899->900 907 7ff7a0ffc76c 900->907 908 7ff7a0ffc6ba-7ff7a0ffc6c0 900->908 910 7ff7a0ffc808 902->910 911 7ff7a0ffc814-7ff7a0ffc81e 903->911 912 7ff7a0ffc794-7ff7a0ffc7a6 call 7ff7a0ffc14c 903->912 904->917 907->887 915 7ff7a0ffc6c6-7ff7a0ffc6c9 908->915 916 7ff7a0ffc749-7ff7a0ffc75b call 7ff7a0ffbbd0 908->916 918 7ff7a0ffc80d 910->918 919 7ff7a0ffc820-7ff7a0ffc825 911->919 920 7ff7a0ffc87c-7ff7a0ffc881 911->920 912->917 924 7ff7a0ffc6d4-7ff7a0ffc6e2 915->924 925 7ff7a0ffc6cb-7ff7a0ffc6ce 915->925 916->917 917->910 918->911 921 7ff7a0ffc853-7ff7a0ffc85d 919->921 922 7ff7a0ffc827-7ff7a0ffc82a 919->922 920->877 929 7ff7a0ffc864-7ff7a0ffc873 921->929 930 7ff7a0ffc85f-7ff7a0ffc862 921->930 927 7ff7a0ffc843-7ff7a0ffc84e call 7ff7a0ff6044 922->927 928 7ff7a0ffc82c-7ff7a0ffc83b 922->928 931 7ff7a0ffc6e4 924->931 932 7ff7a0ffc740-7ff7a0ffc744 924->932 925->918 925->924 927->921 928->927 929->920 930->873 930->929 934 7ff7a0ffc6e8-7ff7a0ffc6ff call 7ff7a1002b88 931->934 932->902 938 7ff7a0ffc701-7ff7a0ffc70d 934->938 939 7ff7a0ffc737-7ff7a0ffc73d GetLastError 934->939 940 7ff7a0ffc70f-7ff7a0ffc721 call 7ff7a1002b88 938->940 941 7ff7a0ffc72c-7ff7a0ffc733 938->941 939->932 940->939 945 7ff7a0ffc723-7ff7a0ffc72a 940->945 941->932 943 7ff7a0ffc735 941->943 943->934 945->941
                                                                      APIs
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A0FFC57B), ref: 00007FF7A0FFC6AC
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A0FFC57B), ref: 00007FF7A0FFC737
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode
                                                                      • String ID:
                                                                      • API String ID: 953036326-0
                                                                      • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                      • Instruction ID: 832ec93f454a20827ddc5828f4ba714b060c8656d84a89a966b9ee70d3a1a9c4
                                                                      • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                      • Instruction Fuzzy Hash: 7691C633E0D66389F750AF7585402BDABA0AB44B88F964539DE0E63BA4DF38F445C760
                                                                      Function 00007FF7A0FFE95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_isindst
                                                                      • String ID:
                                                                      • API String ID: 4170891091-0
                                                                      • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                      • Instruction ID: b4e5ad5adfec3c391d48c4afc958090ac7912b07d988daa0485b3257c4703373
                                                                      • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                      • Instruction Fuzzy Hash: 7B510473F0A2124AFB14EF3898A56BCB761AB40358F960535DE1E66BF9DA38B4058710
                                                                      Function 00007FF7A0FF46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1279662727-0
                                                                      • Opcode ID: 3d6046d72fa2396df0887b114e3627fe285c38a7a8010f89346fd758d181b2b8
                                                                      • Instruction ID: 7b4cf955cf47064b45d86a929a05718054c887a9a782bb0d7f586b49600da0fc
                                                                      • Opcode Fuzzy Hash: 3d6046d72fa2396df0887b114e3627fe285c38a7a8010f89346fd758d181b2b8
                                                                      • Instruction Fuzzy Hash: 4841B023D1D7828BE710AB309510369B360FB957A4F519734EB9C13BE5DF6CB5A08720
                                                                      Function 00007FF7A0FEA51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 3058843127-0
                                                                      • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                      • Instruction ID: c58678816773adc8572dea1502ebecdbe9700d085d6e65ea43cb223496a5cdc2
                                                                      • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                      • Instruction Fuzzy Hash: 23312C21A0E203C6FA14BB3195513BAA391AF82784FCA4836E60D673F7DE6CF4458671
                                                                      Function 00007FF7A0FF89E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                      • Instruction ID: e58afa806e5413096c3b60ff6178302a5b6c7e66f9f89971266415482ff021cf
                                                                      • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                      • Instruction Fuzzy Hash: 4ED05E11F0E7039AFB043B30588517AA3119F48700F861838C80F123B3CD7CB46E4A20
                                                                      Function 00007FF7A0FEE6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                      • Instruction ID: 068edfd8a15634ee4025c715f4c78251d1ef34f81c57ba5f54519f62b7455db1
                                                                      • Opcode Fuzzy Hash: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                      • Instruction Fuzzy Hash: 5C51E621B0F643C6E768BA35A41067AA191AF44BA4F9A4E34DD7C137EDCE3CF5018620
                                                                      Function 00007FF7A0FFBA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID:
                                                                      • API String ID: 3000768030-0
                                                                      • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                      • Instruction ID: c8ab889cbf557ce8dee64d8b6bab9c487f281dd83bad44e83d157a8321022d64
                                                                      • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                      • Instruction Fuzzy Hash: 4E318122A1DB4785E7609B248580179AA50FB45BB0FAA1739DB6E173F4CF38F4A1D310
                                                                      Function 00007FF7A0FFB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7A0FFB750,00000000,?,?,?,00007FF7A0FE1023,00007FF7A0FFB859), ref: 00007FF7A0FFB7B0
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF7A0FFB750,00000000,?,?,?,00007FF7A0FE1023,00007FF7A0FFB859), ref: 00007FF7A0FFB7BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                      • Instruction ID: ce2c76060ca20c109cf52a75ca96723dbe856da5695de0d865951e3ac6113a0d
                                                                      • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                      • Instruction Fuzzy Hash: 6411B26361DA8385DA10AB35A444069F361AB84BF4F954731EE7D17BE9CE7CE0548740
                                                                      Function 00007FF7A0FF6AE8 Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FF6965), ref: 00007FF7A0FF6B0B
                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FF6965), ref: 00007FF7A0FF6B21
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Time$System$FileLocalSpecific
                                                                      • String ID:
                                                                      • API String ID: 1707611234-0
                                                                      • Opcode ID: ac061897d341fb700666fc9327f8304620b74f462cdcac4e9011de69f9e9d462
                                                                      • Instruction ID: f2ec509b48f983b81f7af627457856376eb2f66d0c5778e75230e3b62bb5160b
                                                                      • Opcode Fuzzy Hash: ac061897d341fb700666fc9327f8304620b74f462cdcac4e9011de69f9e9d462
                                                                      • Instruction Fuzzy Hash: 2301822250D652C6E7506B24E40123AF7A1FB81761F910635F7A9416E4DF7DE050DF20
                                                                      Function 00007FF7A0FF9F78 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                      • Instruction ID: 3390cfc0aa41ed6c4d80c58cff6af36a246291e23286fcd9c43fb636b25bf55a
                                                                      • Opcode Fuzzy Hash: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                      • Instruction Fuzzy Hash: 8BE08651F0F60387FF14BBB15844075E2515F84700BC64434D90EA63B1DE6CB8998730
                                                                      Function 00007FF7A0FF6850 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastRemove
                                                                      • String ID:
                                                                      • API String ID: 377330604-0
                                                                      • Opcode ID: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                      • Instruction ID: d54d0d15181a73b2087a2f8a8387555f5220ad4a8498c81f8fb4f35c661e242e
                                                                      • Opcode Fuzzy Hash: f10b0acbf04ce372ff2bba8e22346aa2cd94a9581c077f1b6ddec38c1268e9e8
                                                                      • Instruction Fuzzy Hash: 29D0C911E5E50385F61477751C05179A1A02F44760FD20A38D029913F0EE6CF4994621
                                                                      Function 00007FF7A0FF70D4 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 2018770650-0
                                                                      • Opcode ID: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                      • Instruction ID: 9f5cc4d21d8aa431d659cbf09e3c68c90835ce1fff198d696662bdeb92cdc138
                                                                      • Opcode Fuzzy Hash: d9df61864aacf0c38aa57b7a7eccc268b2766f97fd3960567bd6780660c5006e
                                                                      • Instruction Fuzzy Hash: E6D0C911E1E64389FA14377518850BAA6905F44720FD60A74E529903F0EF5DB1990521
                                                                      Function 00007FF7A0FFA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7A0FFA005,?,?,00000000,00007FF7A0FFA0BA), ref: 00007FF7A0FFA1F6
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FFA005,?,?,00000000,00007FF7A0FFA0BA), ref: 00007FF7A0FFA200
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                      • Instruction ID: f7b6f67864904d42c8c7961f79971157b68a2f8aac4c15b4abb84a1d20cfcb6c
                                                                      • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                      • Instruction Fuzzy Hash: 37212663F1E24348FE50B33098C027AE2819F84BA0F874636DA2E133E6DE6CB4444710
                                                                      Function 00007FF7A0FE5DF0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide_findclose
                                                                      • String ID:
                                                                      • API String ID: 2772937645-0
                                                                      • Opcode ID: 628285328bb618edcfe9754a4ff814bb64e2feda71a532fcc2d8bd8f687e193b
                                                                      • Instruction ID: 6206cf02c9e34784d3f2995bdcabe25b4df59dba4b49e97f01b35f8a639c9ef9
                                                                      • Opcode Fuzzy Hash: 628285328bb618edcfe9754a4ff814bb64e2feda71a532fcc2d8bd8f687e193b
                                                                      • Instruction Fuzzy Hash: 8F719252E1DAC681E611DB2CC5052FDA360F7A8B4CF95E725DB8C126A2EF28F2D5C700
                                                                      Function 00007FF7A0FFB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                      • Instruction ID: 5073d467be95b4380257440a31eedc2bbf81d6638c0b249d5825f81afbf83e9d
                                                                      • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                      • Instruction Fuzzy Hash: 1A41B53390E2438BEA24AB39E550179F3A0EB55780F991935D68E937E4DF6CF402C761
                                                                      Function 00007FF7A0FE6360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 840049012-0
                                                                      • Opcode ID: 993a316b67e1a5470b37351ffa5bd549d8cb4e822877a3b89e8fb3a25b8ef871
                                                                      • Instruction ID: 843732166087193c3b4bd479b930939bf04d785a9dc1d593b277d9c581659430
                                                                      • Opcode Fuzzy Hash: 993a316b67e1a5470b37351ffa5bd549d8cb4e822877a3b89e8fb3a25b8ef871
                                                                      • Instruction Fuzzy Hash: CF215121B0E69785EA15FB3269043BAE651BF45BD4FCA4830EE0D277A6CE7DF045C214
                                                                      Function 00007FF7A0FFAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                      • Instruction ID: 0f2d716754e0fe45d6c2ce7c67bf32f5d412338b1a4540310b4de1b779e73c7f
                                                                      • Opcode Fuzzy Hash: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                      • Instruction Fuzzy Hash: 37318F63A1E60389E7117B75884127DA650AB40B94FD3093AEA2D273F2DE7DF8418770
                                                                      Function 00007FF7A0FF8919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                      • Instruction ID: bc1fc2dcc68eb3ed5005af2896d0d64da5a7f992fb900c706428ee22377883fe
                                                                      • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                      • Instruction Fuzzy Hash: 3D219132A0A7038DEB24AF74C4402FC77A0EB04718F891A35D65D16BE5DF78E445C755
                                                                      Function 00007FF7A0FF5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                      • Instruction ID: a8e39c0ad3a5b0698e442d1a8dedbb73d4212c6d20efc95fd47c80e04b83a9b8
                                                                      • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                      • Instruction Fuzzy Hash: B711C223E0E64349EA60FF61951027DE260AF81F80F9A4835EB8C677A6CF3DF4404760
                                                                      Function 00007FF7A10057DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                      • Instruction ID: 1ac43b42f8a601f90f49a0f267b1950a43f1cb6800720d07b62f342ef253a118
                                                                      • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                      • Instruction Fuzzy Hash: 4221C532A19A4287E760AF28D44037AB7B0FB84B54F954234EB5D876E5DF7CD4118F10
                                                                      Function 00007FF7A0FEE97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                      • Instruction ID: 3efcb3ce69b49dab7a9395bf4b0d01a3fffb160dc92fb1e0024ea8bafc60127d
                                                                      • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                      • Instruction Fuzzy Hash: DD01A522A0D75381EA44BB72A90016DE695AF95FE0F894A31DE5C63BEACE3CF4018710
                                                                      Function 00007FF7A0FF64DC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                      • Instruction ID: c4b0075b040b12ec91bc3148c51252f3effc3e208f057d22309f06e670712943
                                                                      • Opcode Fuzzy Hash: ec6a8bbc8393b9a035b98e996b47f7bdc6c1af4ae5fba4cb41e2bad1113de79b
                                                                      • Instruction Fuzzy Hash: 02018E62E0F24344FA60B7756A44139E290AF00798FCE0939EA1DB27EADE6CF8504620
                                                                      Function 00007FF7A0FF6818 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                      • Instruction ID: 0056be54ce09d4be0b36bd6e4dc79f873d16c22242240485a03e0735e38c7784
                                                                      • Opcode Fuzzy Hash: d8ddd072cb9aeb27808c6bd09a31392064f42f391621abce153dcee42f6a1f6e
                                                                      • Instruction Fuzzy Hash: BBE0EC92E0E2074AF6147AB44DC257891109F94380FD6483CD949663E7DE1DB8499631
                                                                      Function 00007FF7A0FE6490 Relevance: 1.3, APIs: 1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastRemove
                                                                      • String ID:
                                                                      • API String ID: 377330604-0
                                                                      • Opcode ID: 739fc36d95d46a0547d4d4511d317fb5cae8f37791182581b6b727d6f7db331d
                                                                      • Instruction ID: 1a1973ca1a1dc73f9cd64fa8b89bef9eb9fe2ade4fd59b7ea4bb233115c63fce
                                                                      • Opcode Fuzzy Hash: 739fc36d95d46a0547d4d4511d317fb5cae8f37791182581b6b727d6f7db331d
                                                                      • Instruction Fuzzy Hash: 91419C16E1D7C6C1E611AB3499012BCA360FBA5784F86A732EF8D12257EF28F1D8C310
                                                                      Function 00007FF7A0FFDEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF7A0FFAA16,?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E), ref: 00007FF7A0FFDF0D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                      • Instruction ID: 60d25a15de4bb44a908ee8fadc611ec979f646ae0b6a7ab853fa07482e191d90
                                                                      • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                      • Instruction Fuzzy Hash: C7F06242B0F20348FF547B7158506B5E2965F55B40FCE4835C90EA63F1DE6CF4968230
                                                                      Function 00007FF7A0FFCC2C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7A0FEF1E4,?,?,?,00007FF7A0FF06F6,?,?,?,?,?,00007FF7A0FF275D), ref: 00007FF7A0FFCC6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                      • Instruction ID: 7b8295c527dde28eafc97f38e9c7d7b79d26541761fcf5aebc551f257abbd478
                                                                      • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                      • Instruction Fuzzy Hash: D0F05E12B0F29748FE1577725A40676B2805F457A0F8A0A34DD2E553F1DE6CB4519670

                                                                      Non-executed Functions

                                                                      Function 00007FF7A0FE2F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F36
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F75
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F9A
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2FBF
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2FE7
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE300F
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE3037
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE305F
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE3087
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                      • API String ID: 190572456-3109299426
                                                                      • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                      • Instruction ID: 894c70b344a960cb9a0167f8d7b024dc209ea6b856359841b0bad061bb578792
                                                                      • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                      • Instruction Fuzzy Hash: 9C42DE68A0FB47D1FB54FB14A948176B3A1AF04781BCA5435D84E06378FFECB5689B20
                                                                      Function 00007FF7A100324C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                      • API String ID: 808467561-2761157908
                                                                      • Opcode ID: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                      • Instruction ID: 769a1b235eed9712141b0513d7f44674e35308b3b72741cd6d90a3e68f133985
                                                                      • Opcode Fuzzy Hash: 94a7ddbc9dfde8fb095d9bbce1265888f255539b2e0e0fd568165e141f3b5970
                                                                      • Instruction Fuzzy Hash: 5EB20572B192828FF7259E24D4407FEB7A1FB44348F825135DA0D5BA94DFB8AA10CF54
                                                                      Function 00007FF7A0FE6670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(WideCharToMultiByte,00007FF7A0FE1CE4,?,?,00000000,00007FF7A0FE6904), ref: 00007FF7A0FE6697
                                                                      • FormatMessageW.KERNEL32 ref: 00007FF7A0FE66C6
                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF7A0FE671C
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                      • API String ID: 2383786077-2573406579
                                                                      • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                      • Instruction ID: 7f02f95556f4eb5cbe42aea558fc1df5f2e19fd4a4f97b92b7f33852a94631cb
                                                                      • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                      • Instruction Fuzzy Hash: 1121AF31A1EA47C1FB60BB25E8446AAB365FB48384FC60135E54D927B4EF7CE1198B20
                                                                      Function 00007FF7A0FEAA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                      • Instruction ID: 65c4408e85e13c48355ea3a47fa881d158b505ddd24887d27d1ebb40e3841358
                                                                      • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                      • Instruction Fuzzy Hash: F2316572609B82C6EB609F60E8403EEB365FB84744F85443ADA4D57794DF7CD658C720
                                                                      Function 00007FF7A0FF9C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                      • Instruction ID: 410f41abf22ace8a9b9ee82eae3ff362fcb1bdbe64dd3d3d72de2daa626ece71
                                                                      • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                      • Instruction Fuzzy Hash: 0F315132619B82C6E760DF25E8402EEB3A4FB88794F950536EA8D53B64DF3CD155CB10
                                                                      Function 00007FF7A1000A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2227656907-0
                                                                      • Opcode ID: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                      • Instruction ID: b25d6f7195e529e0be4cd2f455d680eb5e8fcd52451b616e01b757171ced677c
                                                                      • Opcode Fuzzy Hash: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                      • Instruction Fuzzy Hash: D6B1C72AB1EA8641FB60BB2194005BEF350EB44BD4F854132E94F57BE9DE7CE451CB20
                                                                      Function 00007FF7A1002DB0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1502251526-0
                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                      • Instruction ID: 413e53abe3a835b59a801d283ee1d98d2f57f10aaac7921013a377831f66b63b
                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                      • Instruction Fuzzy Hash: 5DC11572B1A2868BE725DF19A04466BF7A1F788784F828138DB4E47754DB7DE911CF00
                                                                      Function 00007FF7A1008BE8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                      • Instruction ID: 6ca02552d587428e44eaa527fa8cc24991fb14b2013c0cf8ec8d3477e8f1ee70
                                                                      • Opcode Fuzzy Hash: ce95b3d84f14f29cd4e01f3d624d654ffebb0793079cdf733c9da6505e2ad06c
                                                                      • Instruction Fuzzy Hash: FBB1B073A01B998BEB15DF29C84536E7BA0F740B48F158922DB5D83BB4CB79D861CB10
                                                                      Function 00007FF7A0FE69E0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID:
                                                                      • API String ID: 2295610775-0
                                                                      • Opcode ID: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                      • Instruction ID: d7a343d4ce8f52a35c456f4129c416dbf6bcec078992dbb504a5aaa8cad8ef09
                                                                      • Opcode Fuzzy Hash: 0b7e5a9930ef76a70c4e782aa580d8521c3892be20b9910ca6b4e20049941746
                                                                      • Instruction Fuzzy Hash: 52F0F432A1E686C6F760EF70E89836BB350AB44764F864735E66D127E4DF3CE0188B10
                                                                      Function 00007FF7A0FF2A18 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $
                                                                      • API String ID: 0-227171996
                                                                      • Opcode ID: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                      • Instruction ID: 06ccbec6a59059b0564c97c5fc3ee29df31c882e874162f7148984a50b8f210a
                                                                      • Opcode Fuzzy Hash: 12f3629fc0db3b94ce06ee7fe38b00bcc3d57b8cb20d1c91e47922b02d0d68b8
                                                                      • Instruction Fuzzy Hash: 0EE1943390E6478AEBA8AE35805017DB3A0FB45B58F964935DE4E277B4DF29F841C720
                                                                      Function 00007FF7A0FFD1F8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: e+000$gfff
                                                                      • API String ID: 0-3030954782
                                                                      • Opcode ID: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                      • Instruction ID: 489132a5a59218ac27cab9499e431e00a259d1c156e7cac2a9eb8d569bec96a3
                                                                      • Opcode Fuzzy Hash: 7f3e0c3824b7b5cf876389fd48d0d53d421d0873473af5a4edca9f3cc5d4c2f0
                                                                      • Instruction Fuzzy Hash: 26517823B1E6C24AE7249E359800769FB92E744B94F8A8631CB9857BE5CF3DF400C711
                                                                      Function 00007FF7A0FFCD64 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: gfffffff
                                                                      • API String ID: 0-1523873471
                                                                      • Opcode ID: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                      • Instruction ID: 357dfcd97f2c64a07a58075db417fe4afc55c3e5288d43b230159fd7b3e8d060
                                                                      • Opcode Fuzzy Hash: 7cb6c3f32e91a926ccbf64ab8ba01f2a38c928c6639247976dccb01524fe6e1b
                                                                      • Instruction Fuzzy Hash: CBA15763A0E7974AEB21DB3591007A9F792EB50B84F468432DE4D577E5EE3DE402C321
                                                                      Function 00007FF7A0FF70FC Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: TMP
                                                                      • API String ID: 3215553584-3125297090
                                                                      • Opcode ID: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                      • Instruction ID: 2a9c23f25177135ba4763725bf3017521e70d1edc9912c72277db3e444e2f2c3
                                                                      • Opcode Fuzzy Hash: 549cbbde4d05edb679bd0e1e8d8321e2e2e00e2b49b4b0b32e90adc79d383972
                                                                      • Instruction Fuzzy Hash: D251D316F0E30345FA68BA36598057AE291AF50BC4FCA4834DE0E677F5EE7DF4168620
                                                                      Function 00007FF7A1002620 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                      • Instruction ID: 10679c59ff535538733e286be5083fe723bf0d77db4bcc8e016ca36f63b41c6a
                                                                      • Opcode Fuzzy Hash: 5644672d7aec8b178d5bd48a95ace976e45fdc56d1edf0a539dccc581205543b
                                                                      • Instruction Fuzzy Hash: 43B09220E07B02C2FB083B216C82615B3A47F58B20FDA4078C10C40330DFAC24BA5B20
                                                                      Function 00007FF7A0FF21DC Relevance: .4, Instructions: 351COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                      • Instruction ID: e7bcf9cddad72d98170b949407246c96520d00beeb4e34e4f1fd8de60fd915e4
                                                                      • Opcode Fuzzy Hash: 7d7d821e27f440e8d5d3622ff09e7c05bc36f3fd6b9038f787498be69d76432a
                                                                      • Instruction Fuzzy Hash: DAE1A573A0E6038DF7A8AA38855437CA791AB45B54F9A4A35CA0D663F5CF2DF841C720
                                                                      Function 00007FF7A0FF2614 Relevance: .3, Instructions: 327COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                      • Instruction ID: 853f6af17829300ead8476e84a33afadbe31d80ea6f51d0dc23693f54835cdb1
                                                                      • Opcode Fuzzy Hash: c2f3b43ccd68eb767627d2655b116bae7479589a7f74a5058ab0c91b2e39ac12
                                                                      • Instruction Fuzzy Hash: DAD1D533A0E64389EBA8AA35805027DA7A0FB05B48F964935CE0D677B4DF3DF841D760
                                                                      Function 00007FF7A0FE7420 Relevance: .3, Instructions: 287COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                      • Instruction ID: 20dacfd6bc6176b876ea43758f19ee7b8515b511c4eedf3989e3ee106d57a128
                                                                      • Opcode Fuzzy Hash: b723f182358e09e7314f6f73ac964ac7abcdc7414507ad18988289416ad7b41b
                                                                      • Instruction Fuzzy Hash: C2C1E6722241E08BE689EB29F45987A73D2F788309FD9403AEB8747785CA3DE414D760
                                                                      Function 00007FF7A0FF132C Relevance: .2, Instructions: 250COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                      • Instruction ID: 3d17c9a60d650b385788bf73f28e4c6ac2c81dd080fc6da169718b28177c7f8c
                                                                      • Opcode Fuzzy Hash: 6c5c392cbfffe41992f0743bc4a0c2c3fe46246456b6811ff0c5dafdd99ec142
                                                                      • Instruction Fuzzy Hash: 11B18E73A0E68689EF64DF39C05023DBBA0FB45B48F5A0535DA4E673A9DF29E440C720
                                                                      Function 00007FF7A0FF16C4 Relevance: .2, Instructions: 241COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                      • Instruction ID: ef91cfb99f44eb25054133534c4b7a7b4c044b1777dae6a0ee924e2961392047
                                                                      • Opcode Fuzzy Hash: 85060b88648c64536cd03416e20448513b0a4375a109c0566769b76d71526d0c
                                                                      • Instruction Fuzzy Hash: CEB19E73A0E68689EB65AF39C05023CBBA0F745F48FA60535CA4E673A5CF79E441C760
                                                                      Function 00007FF7A0FFD878 Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                      • Instruction ID: c1272e3c84bdbda763af44f6e2bb3b2a52306680ad637abf9f0d1a42d261c7c9
                                                                      • Opcode Fuzzy Hash: 59ad0bfc87d4107bda453f5e7c9a116e1e97c6e992cf3a610b4e267b4cffcaca
                                                                      • Instruction Fuzzy Hash: 7A81F473A0E7828AEB74DF299040369B692FB857D4F954635DA9D53BA9CF3CE400CB10
                                                                      Function 00007FF7A10058A0 Relevance: .2, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8dfee0b8021c5070d705f5e50186fe905afbb1e28c839da737e773f9c2d0648d
                                                                      • Instruction ID: 34f65db68a731fabc98acffb42cd2870d267cc460f3a60567ade0338d9b68518
                                                                      • Opcode Fuzzy Hash: 8dfee0b8021c5070d705f5e50186fe905afbb1e28c839da737e773f9c2d0648d
                                                                      • Instruction Fuzzy Hash: 0C611D22E1E38245F764A528848433FF7A1AF41770FDA4239D65EC76E5DEEDE8508B20
                                                                      Function 00007FF7A0FF0354 Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                      • Instruction ID: 1f971dcb417bea481079485db07f538bd8c35c81760a786ed281ab3443b46afc
                                                                      • Opcode Fuzzy Hash: 4e0632a4a7e014686f42235b66fbebb9a54d6c0d44d943c89546efb0de6bc1d6
                                                                      • Instruction Fuzzy Hash: 0C51B177A1E6578AE7249B39C040238B3A0EB44B68F694531CE8C277B5CB7AFC52C750
                                                                      Function 00007FF7A0FEFF44 Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                      • Instruction ID: 1e94f4ae017dd50f25d4f946a596396c6b48a6b850277649d9115c55aa64187b
                                                                      • Opcode Fuzzy Hash: 9a7d583fdacf7a8c68166448a21aae8e03012e85621840fd7aae1b2904462282
                                                                      • Instruction Fuzzy Hash: 2F518037A1EA52C6E7249B39D040328A7A0EB85B68F654631DA4D277A4CF3AFC52C750
                                                                      Function 00007FF7A0FF0764 Relevance: .1, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                      • Instruction ID: 2765c3fa52ad2999dc4dad6d091df1c59be7995c760d0b4f9c95a2acb353bff7
                                                                      • Opcode Fuzzy Hash: e009b45869f76b4bc0fd62373217406c0429eee7efa8b33e1f678da67ddd1256
                                                                      • Instruction Fuzzy Hash: 47516177A1E6538AE7249B39C040239A3A0EB54B68F664531CA4D277A5DB3AFC43C790
                                                                      Function 00007FF7A0FF0150 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                      • Instruction ID: 3566af218783fce917167628d6c70b96247f2d353469023902ed10798d664341
                                                                      • Opcode Fuzzy Hash: e8fed526c0ef6e22bd960d06d2221fad266d41c34a47db8c9ca14c01ed2528e2
                                                                      • Instruction Fuzzy Hash: 3A51B337A1E6528AE7649B39C04423DA7A1EB44B58FA59531CE4C277B4CF3AFC42C760
                                                                      Function 00007FF7A0FEFD40 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                      • Instruction ID: 2ff37a4da00de5490b33b97d05c594c08fa0ff6f251391ad88dcf837bc9e5309
                                                                      • Opcode Fuzzy Hash: 1122cbedd3da6cae4974dcedcaf2c480ad91f4dcca857e3bd784bf5366bd6c74
                                                                      • Instruction Fuzzy Hash: 7A519133A1E652C6E7349F39C440328B7A0EB45B58FA64531CA4C677B5CB3AF866C790
                                                                      Function 00007FF7A0FF0560 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                      • Instruction ID: 038ff01127008787ac2dbec83f2288c616df70bcf7b369ce21ce9ab7dc6f9fbc
                                                                      • Opcode Fuzzy Hash: bbc3e59ea296ef31dc5cb467e3ef236485a99d13d7a42ba6bd49c72ea64a61b5
                                                                      • Instruction Fuzzy Hash: E451B637A1E6568AE7249B38C040238A3A1EB84B58F694531CE4D677B4DF3AFC53CB50
                                                                      Function 00007FF7A0FF4FC0 Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                      • Instruction ID: 47021bb4cab0baa89f11dbc579b0a3203d8812605c8e991274dfd794d963ee7d
                                                                      • Opcode Fuzzy Hash: 7e13b74b0b529d91a8ac9ee6727b9f2d590474870fceb05c3e17ea5803dfc50d
                                                                      • Instruction Fuzzy Hash: 82419153D4F64B0CE955993807007B8A680AF63FA0D9A6AB4EE99373F7CD0D7587C160
                                                                      Function 00007FF7A0FF8D00 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                      • Instruction ID: 69fe04271dbf29c26f1b45983dea2b2cbcab12cf14ff74c2c312956438dd8179
                                                                      • Opcode Fuzzy Hash: 71af8a295fdb51eaf04f4fd3d3cb7b5e4e2b88d375af3dc160b99af84fd8c420
                                                                      • Instruction Fuzzy Hash: 52414863B19A4586FF04DF3AD914169B391BB48FD0B8A9432EE0D97B64EE3CD1428300
                                                                      Function 00007FF7A0FF66C4 Relevance: .1, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                      • Instruction ID: 1ad1cfcc142395a1427da151860067f456bf369a51501425548976b9a8feae15
                                                                      • Opcode Fuzzy Hash: ff02aa40d47e1f81f312e06ee07fce20c9eb6e0e746124aa9fd8eb4087d69ca8
                                                                      • Instruction Fuzzy Hash: 1B31A33371EB4386E714BF35A84012EA695AF84BA0F95463CEA4E63BE5DF3CE4124714
                                                                      Function 00007FF7A1008A30 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                      • Instruction ID: 7ee7d7c1462b4b6111138f6ab402369257b9f97d1ba268260bce0e3f9b8fa594
                                                                      • Opcode Fuzzy Hash: 0a7304cda62ef4e3fce1e8e531a8e9660a3231e70ec23179b9d25e44c0445acc
                                                                      • Instruction Fuzzy Hash: 9BF06871B292568AEB989F69E40262A77D0F7083C0F90C07AD68D83F24D67C94608F14
                                                                      Function 00007FF7A0FEABD4 Relevance: .0, Instructions: 2COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                      • Instruction ID: 6978234b67a65d668135e19dc442e943d05118cf71b876c7d4cad4305754ece1
                                                                      • Opcode Fuzzy Hash: 53f093bed3a5d0e4e42a94d80c7232e3ca8df1b9ab80f13d9c22a8443e6849f1
                                                                      • Instruction Fuzzy Hash: BAA0012990E803D0E644AB20A860161A321BB98340B8A0532D04D511B0AE6CB8608760
                                                                      Function 00007FF7A0FE4730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                      • API String ID: 2238633743-1453502826
                                                                      • Opcode ID: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                      • Instruction ID: 1e1312ffbf3155ff6f875402f7222400617e2bf4cb4dbc8870ed8000b53fe5c1
                                                                      • Opcode Fuzzy Hash: 387b05963c1573a630a89e02a7d3e5c8a0eed87054fdcdadb8995d5c72bb8a89
                                                                      • Instruction Fuzzy Hash: 96E1D564E0FB03C0FB54FB54A950176B3A2AF04B90BDB9471D90D167B4EFACB5689B20
                                                                      Function 00007FF7A0FE6BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF7A0FE6C2C
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                      • API String ID: 203985260-1562484376
                                                                      • Opcode ID: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                      • Instruction ID: 4dbc4542f05a7c0d9f5d8de521071bb6d408ef0a3d75bc4fbf6a0370f0e743a5
                                                                      • Opcode Fuzzy Hash: 3649c6f93bb09270b823ff22ec7b0eec6d42e79460650eefbf3c7b929506c9f8
                                                                      • Instruction Fuzzy Hash: BD41AC31A0EA4781F720BB26AC4007AB7A1AB94BD0FD64935E94D57BB5EF7CF1118720
                                                                      Function 00007FF7A0FEF5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$f$p$p$f
                                                                      • API String ID: 3215553584-1325933183
                                                                      • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                      • Instruction ID: 1376f2ed82f21cc8a3053e6375fd8c82302e73d3daa04c5f69775688a4e2ed8a
                                                                      • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                      • Instruction Fuzzy Hash: 72129122E0E143C6FB207A34E45477AF651EB80754FD64832D68A667E4DF3CF4A88B21
                                                                      Function 00007FF7A0FE12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                      • API String ID: 0-3659356012
                                                                      • Opcode ID: 66106678d73968f8f9bf7a6153e1cbcb228120b56c71b69a984f9e797006a6c3
                                                                      • Instruction ID: 740288d7a6f258cde2a65b09df276193882e5df21fa283da16f27b5c43a81cd6
                                                                      • Opcode Fuzzy Hash: 66106678d73968f8f9bf7a6153e1cbcb228120b56c71b69a984f9e797006a6c3
                                                                      • Instruction Fuzzy Hash: 05417331A0E643C5FE10EB26A8402AAE3A1FB447D0FD64832DA4D57B65EE7CF541C710
                                                                      Function 00007FF7A0FECF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 849930591-393685449
                                                                      • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                      • Instruction ID: 35646820e0ffd6beca7f766515bdad3345d96875fc14ce1adb297487633da4fa
                                                                      • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                      • Instruction Fuzzy Hash: 28E18132A0E742CAEB20AB7594402ADB7A0FB44B98F410935EF4D67BA5CF38F581C751
                                                                      Function 00007FF7A0FE67C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE685F
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE68AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 626452242-27947307
                                                                      • Opcode ID: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                      • Instruction ID: 5c4f35b75a9974c4a8a0ead7dab40317ae771b5907a4ae1a0061a937b4fc281f
                                                                      • Opcode Fuzzy Hash: 8d77172852237fffccb974c6d54fb7d37946d1ed41806d5f964de7f541550d5e
                                                                      • Instruction Fuzzy Hash: 72418F32A0EB86C5E720EF21B84016AF7A4FB84790F9A4535DA8D53BA5DF3CE456C710
                                                                      Function 00007FF7A0FE6EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A0FE2D35,?,?,?,?,?,?), ref: 00007FF7A0FE6F01
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A0FE2D35,?,?,?,?,?,?), ref: 00007FF7A0FE6F75
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 1717984340-27947307
                                                                      • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                      • Instruction ID: 868a5c692a679927c1a713e24e5e62ccca2b5dcaf26b81d3eb04cf931a0dba97
                                                                      • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                      • Instruction Fuzzy Hash: 1C218F31A0EB47C5EB10EF66AD40069F761AB84BD0B9A4936D60D937B4EF7CF4148710
                                                                      Function 00007FF7A0FF93C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$p$p
                                                                      • API String ID: 3215553584-1995029353
                                                                      • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                      • Instruction ID: 7f2ba4d71a3e605b990f9ebccbae81249e5ad05052547974ca69faa27e316fb4
                                                                      • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                      • Instruction Fuzzy Hash: C6128F23E0E2438BFB64BE259054279B691EB80754FDA4835D68B667E4DB3CF580CB24
                                                                      Function 00007FF7A0FE6FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 626452242-876015163
                                                                      • Opcode ID: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                      • Instruction ID: 93cf522844e28c3f99538b463e2291c0075f913f8895167438c805dc14e63813
                                                                      • Opcode Fuzzy Hash: 9e091cbaac830d0070f3842cc1d5ec76c8d2d2f90cb19691d00490de1532936c
                                                                      • Instruction Fuzzy Hash: 30415E32A0EB83C6E620EF25A84016AB6A5FB84790F964535EA4D57BB4DF3CE452C710
                                                                      Function 00007FF7A0FEC248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC2CD
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC2DB
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC305
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC34B
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC357
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                      • Instruction ID: 182f602713a5d4a495b2c887e662605aa1106808852997e7545fe454b59de3af
                                                                      • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                      • Instruction Fuzzy Hash: F331D221A0F603C5FE51EB22A400679B394FF08BA0F8A8935EE1D56364EF3CF0468764
                                                                      Function 00007FF7A0FE55E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A0FE6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6DEA
                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7A0FE592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7A0FE563F
                                                                      Strings
                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7A0FE569A
                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7A0FE5616
                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7A0FE5653
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                      • API String ID: 2001182103-3498232454
                                                                      • Opcode ID: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                      • Instruction ID: 45303cd5b6fe38ab36463e0350fe55557fe3b0614eb00d994b8378dbb345b133
                                                                      • Opcode Fuzzy Hash: aa564683267f47d688a8517bb88a9b0a9054f6e1f4b3a9048b672f302df95511
                                                                      • Instruction Fuzzy Hash: EE319551F1E787C0FA20F73599552BAE251AF987C0FC64835DA4E627B6EE6CF1048620
                                                                      Function 00007FF7A0FE6DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6DEA
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6E70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 1717984340-876015163
                                                                      • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                      • Instruction ID: 9e23e5d207b52d7c345b156b0d306be23436765d22af0750b3233c9b118a1b45
                                                                      • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                      • Instruction Fuzzy Hash: 65218525B0DA4281EB20EB29F90016AF761FB847C4F994531DB4C93BB9EE6CE5618B10
                                                                      Function 00007FF7A0FFA780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA78F
                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7A4
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7C5
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7F2
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA803
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA814
                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA82F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                      • Instruction ID: 1fb7bb6ca5008547a7bedc54972005c1b6681a96b200ffce9a3c6eca03b0ed47
                                                                      • Opcode Fuzzy Hash: 69b8ad2768efc01d88fd7f8132853dff404c26667984aa111fd74584065afc1c
                                                                      • Instruction Fuzzy Hash: 4B21CF22E0F2034AFA587334555513AE1524F447E0F864F32E83E27BFAEEACB4018221
                                                                      Function 00007FF7A10070EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                      • Instruction ID: 9b49fa47425af62f293bdc3b6b76db92b8217f5e1286a45095ecf0cf76b4e36c
                                                                      • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                      • Instruction Fuzzy Hash: A711D621719A41C6F3509B46E85436AB7A0FB48BE4F860234EA5E437A0DFBCD4248B10
                                                                      Function 00007FF7A0FFA8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA907
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA93D
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA96A
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA97B
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA98C
                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA9A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                      • Instruction ID: 094714f0d5656302f15b55ba7ca6b3e46e64998b9a29ae4773c1d0867c864eff
                                                                      • Opcode Fuzzy Hash: 9b225a077f4281318a7ef705813386e144cc6119260bee2e0aedcf55e065e7dc
                                                                      • Instruction Fuzzy Hash: 9E118E62E0F2034AF6647735595113AE2564F457B0F874B36E82E277FAEEACB4404621
                                                                      Function 00007FF7A0FEBC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                      • String ID: csm$f
                                                                      • API String ID: 2395640692-629598281
                                                                      • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                      • Instruction ID: 1f3cd410928f786d26bebffb71ace2f72bc76f173cbc22f800c298f38bed488b
                                                                      • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                      • Instruction Fuzzy Hash: 9C51C731A0E607C6E724EF25E844A6AB795FF44B88F928930EA4E57758DF78F841C710
                                                                      Function 00007FF7A0FF8A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                      • Instruction ID: 2c7d178b77e54cd06e99e70d2dd5575f63cd51a1c6cfebc2a750a76fbfedb4c4
                                                                      • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                      • Instruction Fuzzy Hash: 64F0A42160E70781FB14AB24E44433AA360EF45760F994635DA6D452F0DF7CD059C720
                                                                      Function 00007FF7A1008824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                      • Instruction ID: a61ab7e3ddfef7993947f84cd1a861545593166b489affc3b43af5734c096617
                                                                      • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                      • Instruction Fuzzy Hash: 63115122D19A2201F7583124F445377B3417F54364FDA063BE66E46EF7CFAC96604B21
                                                                      Function 00007FF7A0FFA9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFA9DF
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFA9FE
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA26
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA37
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA48
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                      • Instruction ID: 0d34eb0bfa98a57a037437e75d6176c8d433dab1f813a0902e9e3eb3b3174e35
                                                                      • Opcode Fuzzy Hash: 7e9f7daeefede5d6cf057412dd821cf39c29068a7a1c9ec5056b211d60d8f6b4
                                                                      • Instruction Fuzzy Hash: 6511D252F0F60349FA587335995113AE1425F407A0F8A5B32D83E277FAEE6CF5018621
                                                                      Function 00007FF7A0FFA854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA865
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA884
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8AC
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8BD
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8CE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                      • Instruction ID: 5efd20efc5296850051bb42871049d5ee472620afb2a9e060b331497b723cc90
                                                                      • Opcode Fuzzy Hash: beb9e1a05ea758e4ab17276de5b2837cba649d003c822ebdac11e23849688a82
                                                                      • Instruction Fuzzy Hash: 18112152E0F20349FA587375485117AD1564F453B0EDA4F36D83E2A3F6EDACB4418631
                                                                      Function 00007FF7A0FFF218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                      • API String ID: 3215553584-1196891531
                                                                      • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                      • Instruction ID: 293fc3dd89f73f03c9ec8142df3124491b173244bcd4a63a3f3c3c3e82a65f0c
                                                                      • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                      • Instruction Fuzzy Hash: 76817033E0E2038DF764AE35C15027DA6A0AF11B44FD74835DA0AA73B5DB2DB9299721
                                                                      Function 00007FF7A0FED468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 3544855599-2084237596
                                                                      • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                      • Instruction ID: 21259876b261b5e62deee886bb36e270fc330fb23cf49f49b6149484f0152c21
                                                                      • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                      • Instruction Fuzzy Hash: 7A615933A0AB46CAE720AF65D4403ADB7A0FB44B88F454625EF5D27BA8CB38E155C710
                                                                      Function 00007FF7A0FED7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                      • String ID: csm$csm
                                                                      • API String ID: 3896166516-3733052814
                                                                      • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                      • Instruction ID: 0c1da04b581f2884887fd6ce59cb5216208997f7dddff8a2da3e7d0503674e2d
                                                                      • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                      • Instruction Fuzzy Hash: C7518C3290E283C6EB64AB21984036CB7A0BB45F94F954536DA9C67FA6CF3CF4518710
                                                                      Function 00007FF7A0FE2CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7A0FE27C9,?,?,?,?,?,?), ref: 00007FF7A0FE2D01
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastModuleName
                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                      • API String ID: 2776309574-1977442011
                                                                      • Opcode ID: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                      • Instruction ID: f25f036429538a7bf5fb28d3135c03aa4ddd6e000e72864fb92455bdbdaa40af
                                                                      • Opcode Fuzzy Hash: 7987a5ce4ff3c8cba7d8c38c60f2d05ca27952d1a3ea66f3204455115dc1ef10
                                                                      • Instruction Fuzzy Hash: 64015E21B1E647C1FB61B734E8153BAA251AF583C0FC30836E94D963B6EE5CF2148B20
                                                                      Function 00007FF7A0FFBBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                      • String ID:
                                                                      • API String ID: 2718003287-0
                                                                      • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                      • Instruction ID: e76407afcf71fd885b0c2ed64b50d419bf81f8610d2e91e14df376f61eb7da32
                                                                      • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                      • Instruction Fuzzy Hash: D4D10273B1AA828DE710DF75D4402ACB7B1FB44B98B854635CE4DA7BA9DE38E016C710
                                                                      Function 00007FF7A0FF483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 2780335769-0
                                                                      • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                      • Instruction ID: a51699f3814eb14b54e46d3bebec3ebef36825cedb0fefb40d031626f1b039fc
                                                                      • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                      • Instruction Fuzzy Hash: 75518F23B096428AFB20EF70D4503BE73A1AB44B58F528935DE4D677A9DF78F4818760
                                                                      Function 00007FF7A1004DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID: ?
                                                                      • API String ID: 1286766494-1684325040
                                                                      • Opcode ID: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                      • Instruction ID: 9d5baceb8d70e047dd4847cc82184518fbd47d703997f42a55781bf7ea0229f2
                                                                      • Opcode Fuzzy Hash: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                      • Instruction Fuzzy Hash: 9E415822A0E28246FB20AB25940137BF750EB80BA4F914235EE5C87BF9DF7CD461CB14
                                                                      Function 00007FF7A0FF7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A0FF8002
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7A0FEA485), ref: 00007FF7A0FF8020
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                      • String ID: C:\Users\user\Desktop\PumpBot.exe
                                                                      • API String ID: 3580290477-104690940
                                                                      • Opcode ID: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                      • Instruction ID: e48084457fd9a854f7760e1b44f1e81ede3b0e7fc9adf8a455af0624bab349ca
                                                                      • Opcode Fuzzy Hash: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                      • Instruction Fuzzy Hash: 01416137A0EA038AE714AF3199400B9A7A4EF447C4BD64435EA4E53BA5DF3DE4528720
                                                                      Function 00007FF7A0FFC268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                      • Instruction ID: e38c3922872d4bb2aee54f9f32913e60f5d2c50cf1af540f86c1d490580096f2
                                                                      • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                      • Instruction Fuzzy Hash: 3041C323A1DA5285EB209F25E4443AAB760FB887D4F824431EE4D97768DF7CE441CB50
                                                                      Function 00007FF7A0FFE588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID: :
                                                                      • API String ID: 1611563598-336475711
                                                                      • Opcode ID: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                      • Instruction ID: 54966ce0ddd3feba175b5735393dd2e02bf747d1a2addb429e63982cc81d78da
                                                                      • Opcode Fuzzy Hash: 299dd2601fabda0eaedb6d74bbca1af16fe573635883c06f79dbd5a665f7b651
                                                                      • Instruction Fuzzy Hash: BA21F723B1D24285FB20AB25D05426DB3B2FB94B44FC64435D64D533A4CF7CF5458B61
                                                                      Function 00007FF7A0FEE310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                      • Instruction ID: 63d1362316309a2ae423e63998444ca59cba39d2511bdbb26260581c95df1738
                                                                      • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                      • Instruction Fuzzy Hash: 37114F32609B4182EB109F25F44026ABBA4FB88B94F594631EE8D07768DF7CD5618B00
                                                                      Function 00007FF7A0FFF08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2146716304.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000000.00000002.2146701396.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146742541.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146762742.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2146798872.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                      • String ID: :
                                                                      • API String ID: 2595371189-336475711
                                                                      • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                      • Instruction ID: 2f87856dfd5d7da467de950ec5c49de9a0bee163f1d9e7137ae971a4d63de0d2
                                                                      • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                      • Instruction Fuzzy Hash: 09018F62A1D6038AF720BF70946167EA3A0EF44744FC6083AD54DA27A2DF2CF5598B34

                                                                      Execution Graph

                                                                      Execution Coverage:4.3%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:745
                                                                      Total number of Limit Nodes:16
                                                                      execution_graph 28761 7ff7a0fe99a0 28762 7ff7a0fe99c3 28761->28762 28763 7ff7a0fe99df memcpy_s 28761->28763 28765 7ff7a0ffcc2c 28762->28765 28766 7ff7a0ffcc77 28765->28766 28770 7ff7a0ffcc3b _get_daylight 28765->28770 28773 7ff7a0ff6088 11 API calls _get_daylight 28766->28773 28768 7ff7a0ffcc5e HeapAlloc 28769 7ff7a0ffcc75 28768->28769 28768->28770 28769->28763 28770->28766 28770->28768 28772 7ff7a1002730 EnterCriticalSection LeaveCriticalSection _get_daylight 28770->28772 28772->28770 28773->28769 28774 7ff7a0fea51c 28795 7ff7a0fea6fc 28774->28795 28777 7ff7a0fea673 28896 7ff7a0feaa2c 7 API calls 2 library calls 28777->28896 28778 7ff7a0fea53d __scrt_acquire_startup_lock 28780 7ff7a0fea67d 28778->28780 28786 7ff7a0fea55b __scrt_release_startup_lock 28778->28786 28897 7ff7a0feaa2c 7 API calls 2 library calls 28780->28897 28782 7ff7a0fea580 28783 7ff7a0fea688 __CxxCallCatchBlock 28784 7ff7a0fea606 28803 7ff7a0ff8738 28784->28803 28786->28782 28786->28784 28893 7ff7a0ff8ae4 45 API calls 28786->28893 28788 7ff7a0fea60b 28809 7ff7a0fe1000 28788->28809 28792 7ff7a0fea62f 28792->28783 28895 7ff7a0fea890 7 API calls __scrt_initialize_crt 28792->28895 28794 7ff7a0fea646 28794->28782 28898 7ff7a0feaccc 28795->28898 28798 7ff7a0fea72b 28900 7ff7a0ff91ec 28798->28900 28799 7ff7a0fea535 28799->28777 28799->28778 28804 7ff7a0ff875d 28803->28804 28805 7ff7a0ff8748 28803->28805 28804->28788 28805->28804 28917 7ff7a0ff81c8 40 API calls Concurrency::details::SchedulerProxy::DeleteThis 28805->28917 28807 7ff7a0ff8766 28807->28804 28918 7ff7a0ff8588 12 API calls 3 library calls 28807->28918 28810 7ff7a0fe1011 28809->28810 28919 7ff7a0fe67c0 28810->28919 28812 7ff7a0fe1023 28926 7ff7a0ff4f7c 28812->28926 28814 7ff7a0fe27ab 28933 7ff7a0fe1af0 28814->28933 28820 7ff7a0fe27c9 28856 7ff7a0fe28ca 28820->28856 28949 7ff7a0fe2c50 28820->28949 28822 7ff7a0fe27fb 28822->28856 28952 7ff7a0fe5af0 28822->28952 28824 7ff7a0fe2817 28825 7ff7a0fe2863 28824->28825 28827 7ff7a0fe5af0 92 API calls 28824->28827 28967 7ff7a0fe60f0 28825->28967 28831 7ff7a0fe2838 __std_exception_destroy 28827->28831 28828 7ff7a0fe2878 28971 7ff7a0fe19d0 28828->28971 28831->28825 28834 7ff7a0fe60f0 89 API calls 28831->28834 28832 7ff7a0fe2998 28842 7ff7a0fe29db 28832->28842 28982 7ff7a0fe6db0 28832->28982 28833 7ff7a0fe19d0 121 API calls 28837 7ff7a0fe28ae 28833->28837 28834->28825 28839 7ff7a0fe28f0 28837->28839 28840 7ff7a0fe28b2 28837->28840 28838 7ff7a0fe29b8 28843 7ff7a0fe29ce SetDllDirectoryW 28838->28843 28844 7ff7a0fe29bd 28838->28844 28859 7ff7a0fe296d 28839->28859 29053 7ff7a0fe2de0 28839->29053 29038 7ff7a0fe1c50 28840->29038 28996 7ff7a0fe4fa0 28842->28996 28843->28842 28847 7ff7a0fe1c50 86 API calls 28844->28847 28847->28856 28852 7ff7a0fe1c50 86 API calls 28852->28856 28853 7ff7a0fe2a36 28857 7ff7a0fe2af6 28853->28857 28866 7ff7a0fe2a49 28853->28866 28854 7ff7a0fe29f8 28854->28853 29078 7ff7a0fe47a0 158 API calls 3 library calls 28854->29078 28855 7ff7a0fe2940 28858 7ff7a0fe2945 28855->28858 28855->28859 29044 7ff7a0fea100 28856->29044 29028 7ff7a0fe2330 28857->29028 29072 7ff7a0fee60c 28858->29072 28859->28832 29076 7ff7a0fe24a0 86 API calls 28859->29076 28863 7ff7a0fe2a09 28867 7ff7a0fe2a2c 28863->28867 28868 7ff7a0fe2a0d 28863->28868 28865 7ff7a0fe2912 28865->28852 28873 7ff7a0fe2a95 28866->28873 29082 7ff7a0fe1b30 28866->29082 29081 7ff7a0fe49f0 FreeLibrary 28867->29081 29079 7ff7a0fe4730 120 API calls 28868->29079 28873->28856 29000 7ff7a0fe22d0 28873->29000 28874 7ff7a0fe2a17 28874->28867 28877 7ff7a0fe2a1b 28874->28877 28875 7ff7a0fe2b2b 28878 7ff7a0fe5af0 92 API calls 28875->28878 29080 7ff7a0fe4df0 87 API calls 28877->29080 28881 7ff7a0fe2b37 28878->28881 28879 7ff7a0fe2ad1 29086 7ff7a0fe49f0 FreeLibrary 28879->29086 28881->28856 28883 7ff7a0fe2b48 28881->28883 28882 7ff7a0fe2a2a 28882->28853 29088 7ff7a0fe6130 94 API calls 2 library calls 28883->29088 28886 7ff7a0fe2b60 29089 7ff7a0fe49f0 FreeLibrary 28886->29089 28888 7ff7a0fe2b6c 28889 7ff7a0fe2b87 28888->28889 29090 7ff7a0fe5df0 98 API calls 2 library calls 28888->29090 29091 7ff7a0fe1ab0 74 API calls __std_exception_destroy 28889->29091 28892 7ff7a0fe2b8f 28892->28856 28893->28784 28894 7ff7a0feab80 GetModuleHandleW 28894->28792 28895->28794 28896->28780 28897->28783 28899 7ff7a0fea71e __scrt_dllmain_crt_thread_attach 28898->28899 28899->28798 28899->28799 28901 7ff7a100264c 28900->28901 28902 7ff7a0fea730 28901->28902 28905 7ff7a0ffbb50 28901->28905 28902->28799 28904 7ff7a0febe28 7 API calls 2 library calls 28902->28904 28904->28799 28916 7ff7a0fff808 EnterCriticalSection 28905->28916 28907 7ff7a0ffbb60 28908 7ff7a0ff6ca8 43 API calls 28907->28908 28909 7ff7a0ffbb69 28908->28909 28910 7ff7a0ffbb77 28909->28910 28911 7ff7a0ffb958 45 API calls 28909->28911 28912 7ff7a0fff868 _isindst LeaveCriticalSection 28910->28912 28913 7ff7a0ffbb72 28911->28913 28914 7ff7a0ffbb83 28912->28914 28915 7ff7a0ffba48 GetStdHandle GetFileType 28913->28915 28914->28901 28915->28910 28917->28807 28918->28804 28922 7ff7a0fe67df 28919->28922 28920 7ff7a0fe67e7 __std_exception_destroy 28920->28812 28921 7ff7a0fe6830 WideCharToMultiByte 28921->28922 28924 7ff7a0fe68d8 28921->28924 28922->28920 28922->28921 28923 7ff7a0fe6886 WideCharToMultiByte 28922->28923 28922->28924 28923->28922 28923->28924 29092 7ff7a0fe1cb0 86 API calls 28924->29092 28927 7ff7a0ffecc0 28926->28927 28929 7ff7a0ffed66 28927->28929 28930 7ff7a0ffed13 28927->28930 29094 7ff7a0ffeb98 71 API calls _fread_nolock 28929->29094 29093 7ff7a0ff9e44 37 API calls 2 library calls 28930->29093 28932 7ff7a0ffed3c 28932->28814 28934 7ff7a0fe1b05 28933->28934 28935 7ff7a0fe1b20 28934->28935 29095 7ff7a0fe1c10 86 API calls 28934->29095 28935->28856 28937 7ff7a0fe2cd0 28935->28937 29096 7ff7a0fea130 28937->29096 28940 7ff7a0fe2d22 29099 7ff7a0fe6ec0 88 API calls 28940->29099 28941 7ff7a0fe2d0b 29098 7ff7a0fe1cb0 86 API calls 28941->29098 28944 7ff7a0fe2d35 28945 7ff7a0fe2d1e 28944->28945 28946 7ff7a0fe1c50 86 API calls 28944->28946 28947 7ff7a0fea100 _wfindfirst32i64 8 API calls 28945->28947 28946->28945 28948 7ff7a0fe2d5f 28947->28948 28948->28820 28950 7ff7a0fe1b30 49 API calls 28949->28950 28951 7ff7a0fe2c6d 28950->28951 28951->28822 28953 7ff7a0fe5afa 28952->28953 28954 7ff7a0fe6db0 88 API calls 28953->28954 28955 7ff7a0fe5b1c GetEnvironmentVariableW 28954->28955 28956 7ff7a0fe5b34 ExpandEnvironmentStringsW 28955->28956 28957 7ff7a0fe5b86 28955->28957 29100 7ff7a0fe6ec0 88 API calls 28956->29100 28958 7ff7a0fea100 _wfindfirst32i64 8 API calls 28957->28958 28960 7ff7a0fe5b98 28958->28960 28960->28824 28961 7ff7a0fe5b5c 28961->28957 28962 7ff7a0fe5b66 28961->28962 29101 7ff7a0ff926c 37 API calls 2 library calls 28962->29101 28964 7ff7a0fe5b6e 28965 7ff7a0fea100 _wfindfirst32i64 8 API calls 28964->28965 28966 7ff7a0fe5b7e 28965->28966 28966->28824 28968 7ff7a0fe6db0 88 API calls 28967->28968 28969 7ff7a0fe6107 SetEnvironmentVariableW 28968->28969 28970 7ff7a0fe611f __std_exception_destroy 28969->28970 28970->28828 28972 7ff7a0fe1b30 49 API calls 28971->28972 28973 7ff7a0fe1a00 28972->28973 28974 7ff7a0fe1b30 49 API calls 28973->28974 28979 7ff7a0fe1a7a 28973->28979 28975 7ff7a0fe1a22 28974->28975 28976 7ff7a0fe2c50 49 API calls 28975->28976 28975->28979 28977 7ff7a0fe1a3b 28976->28977 29102 7ff7a0fe17b0 28977->29102 28979->28833 28979->28859 28981 7ff7a0fee60c 74 API calls 28981->28979 28983 7ff7a0fe6dd1 MultiByteToWideChar 28982->28983 28984 7ff7a0fe6e57 MultiByteToWideChar 28982->28984 28987 7ff7a0fe6e1c 28983->28987 28988 7ff7a0fe6df7 28983->28988 28985 7ff7a0fe6e9f 28984->28985 28986 7ff7a0fe6e7a 28984->28986 28985->28838 29185 7ff7a0fe1cb0 86 API calls 28986->29185 28987->28984 28993 7ff7a0fe6e32 28987->28993 29183 7ff7a0fe1cb0 86 API calls 28988->29183 28991 7ff7a0fe6e8d 28991->28838 28992 7ff7a0fe6e0a 28992->28838 29184 7ff7a0fe1cb0 86 API calls 28993->29184 28995 7ff7a0fe6e45 28995->28838 28997 7ff7a0fe4fb5 28996->28997 28999 7ff7a0fe29e0 28997->28999 29186 7ff7a0fe1c10 86 API calls 28997->29186 28999->28853 29077 7ff7a0fe4c40 120 API calls 2 library calls 28999->29077 29187 7ff7a0fe3ac0 29000->29187 29003 7ff7a0fe231d 29003->28879 29005 7ff7a0fe22f4 29005->29003 29243 7ff7a0fe3840 29005->29243 29007 7ff7a0fe2300 29007->29003 29253 7ff7a0fe39a0 29007->29253 29009 7ff7a0fe230c 29009->29003 29010 7ff7a0fe255c 29009->29010 29011 7ff7a0fe2547 29009->29011 29014 7ff7a0fe257c 29010->29014 29020 7ff7a0fe2592 __std_exception_destroy 29010->29020 29012 7ff7a0fe1c50 86 API calls 29011->29012 29013 7ff7a0fe2553 29012->29013 29016 7ff7a0fea100 _wfindfirst32i64 8 API calls 29013->29016 29015 7ff7a0fe1c50 86 API calls 29014->29015 29015->29013 29017 7ff7a0fe26ea 29016->29017 29017->28879 29020->29013 29021 7ff7a0fe1b30 49 API calls 29020->29021 29022 7ff7a0fe273f 29020->29022 29024 7ff7a0fe2719 29020->29024 29026 7ff7a0fe26f6 29020->29026 29258 7ff7a0fe12b0 29020->29258 29284 7ff7a0fe1780 86 API calls 29020->29284 29021->29020 29023 7ff7a0fe1c50 86 API calls 29022->29023 29023->29013 29025 7ff7a0fe1c50 86 API calls 29024->29025 29025->29013 29027 7ff7a0fe1c50 86 API calls 29026->29027 29027->29013 29030 7ff7a0fe23e4 29028->29030 29034 7ff7a0fe23a3 29028->29034 29029 7ff7a0fe2423 29032 7ff7a0fea100 _wfindfirst32i64 8 API calls 29029->29032 29030->29029 29424 7ff7a0fe1ab0 74 API calls __std_exception_destroy 29030->29424 29033 7ff7a0fe2435 29032->29033 29033->28856 29087 7ff7a0fe6080 88 API calls __std_exception_destroy 29033->29087 29034->29030 29368 7ff7a0fe1dc0 29034->29368 29423 7ff7a0fe1440 158 API calls 2 library calls 29034->29423 29425 7ff7a0fe1780 86 API calls 29034->29425 29039 7ff7a0fe1c6e 29038->29039 29522 7ff7a0fe1b90 29039->29522 29045 7ff7a0fea109 29044->29045 29046 7ff7a0fea1c0 IsProcessorFeaturePresent 29045->29046 29047 7ff7a0fe28de 29045->29047 29048 7ff7a0fea1d8 29046->29048 29047->28894 29571 7ff7a0fea3b4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 29048->29571 29050 7ff7a0fea1eb 29572 7ff7a0fea180 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 29050->29572 29054 7ff7a0fe2dec 29053->29054 29055 7ff7a0fe6db0 88 API calls 29054->29055 29056 7ff7a0fe2e17 29055->29056 29057 7ff7a0fe6db0 88 API calls 29056->29057 29058 7ff7a0fe2e2a 29057->29058 29573 7ff7a0ff5538 29058->29573 29061 7ff7a0fea100 _wfindfirst32i64 8 API calls 29062 7ff7a0fe290a 29061->29062 29062->28865 29063 7ff7a0fe6360 29062->29063 29064 7ff7a0fe6384 29063->29064 29065 7ff7a0fe645b __std_exception_destroy 29064->29065 29066 7ff7a0feec94 73 API calls 29064->29066 29065->28855 29067 7ff7a0fe639e 29066->29067 29067->29065 29741 7ff7a0ff7a9c 29067->29741 29069 7ff7a0fe63b3 29069->29065 29070 7ff7a0feec94 73 API calls 29069->29070 29071 7ff7a0fee95c _fread_nolock 53 API calls 29069->29071 29070->29069 29071->29069 29073 7ff7a0fee63c 29072->29073 29757 7ff7a0fee3e8 29073->29757 29075 7ff7a0fee655 29075->28865 29076->28832 29077->28854 29078->28863 29079->28874 29080->28882 29081->28853 29083 7ff7a0fe1b55 29082->29083 29084 7ff7a0ff3c80 49 API calls 29083->29084 29085 7ff7a0fe1b78 29084->29085 29085->28873 29086->28856 29087->28875 29088->28886 29089->28888 29090->28889 29091->28892 29092->28920 29093->28932 29094->28932 29095->28935 29097 7ff7a0fe2cdc GetModuleFileNameW 29096->29097 29097->28940 29097->28941 29098->28945 29099->28944 29100->28961 29101->28964 29103 7ff7a0fe17d4 29102->29103 29104 7ff7a0fe17e4 29102->29104 29105 7ff7a0fe2de0 120 API calls 29103->29105 29106 7ff7a0fe6360 83 API calls 29104->29106 29135 7ff7a0fe1842 29104->29135 29105->29104 29107 7ff7a0fe1815 29106->29107 29107->29135 29136 7ff7a0feec94 29107->29136 29109 7ff7a0fea100 _wfindfirst32i64 8 API calls 29111 7ff7a0fe19c0 29109->29111 29110 7ff7a0fe182b 29112 7ff7a0fe182f 29110->29112 29113 7ff7a0fe184c 29110->29113 29111->28979 29111->28981 29149 7ff7a0fe1c10 86 API calls 29112->29149 29140 7ff7a0fee95c 29113->29140 29117 7ff7a0feec94 73 API calls 29119 7ff7a0fe18d1 29117->29119 29120 7ff7a0fe18e3 29119->29120 29121 7ff7a0fe18fe 29119->29121 29151 7ff7a0fe1c10 86 API calls 29120->29151 29123 7ff7a0fee95c _fread_nolock 53 API calls 29121->29123 29124 7ff7a0fe1913 29123->29124 29125 7ff7a0fe1925 29124->29125 29126 7ff7a0fe1867 29124->29126 29143 7ff7a0fee6d0 29125->29143 29150 7ff7a0fe1c10 86 API calls 29126->29150 29129 7ff7a0fe193d 29130 7ff7a0fe1c50 86 API calls 29129->29130 29130->29135 29131 7ff7a0fe1993 29133 7ff7a0fee60c 74 API calls 29131->29133 29131->29135 29132 7ff7a0fe1950 29132->29131 29134 7ff7a0fe1c50 86 API calls 29132->29134 29133->29135 29134->29131 29135->29109 29137 7ff7a0feecc4 29136->29137 29152 7ff7a0feea24 29137->29152 29139 7ff7a0feecdd 29139->29110 29165 7ff7a0fee97c 29140->29165 29144 7ff7a0fee6d9 29143->29144 29148 7ff7a0fe1939 29143->29148 29181 7ff7a0ff6088 11 API calls _get_daylight 29144->29181 29146 7ff7a0fee6de 29182 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29146->29182 29148->29129 29148->29132 29149->29135 29150->29135 29151->29135 29153 7ff7a0feea8e 29152->29153 29154 7ff7a0feea4e 29152->29154 29153->29154 29156 7ff7a0feea9a 29153->29156 29164 7ff7a0ff9e44 37 API calls 2 library calls 29154->29164 29163 7ff7a0ff438c EnterCriticalSection 29156->29163 29157 7ff7a0feea75 29157->29139 29159 7ff7a0feea9f 29160 7ff7a0feeba8 71 API calls 29159->29160 29161 7ff7a0feeab1 29160->29161 29162 7ff7a0ff4398 _fread_nolock LeaveCriticalSection 29161->29162 29162->29157 29164->29157 29166 7ff7a0fee9a6 29165->29166 29177 7ff7a0fe1861 29165->29177 29167 7ff7a0fee9b5 memcpy_s 29166->29167 29168 7ff7a0fee9f2 29166->29168 29166->29177 29179 7ff7a0ff6088 11 API calls _get_daylight 29167->29179 29178 7ff7a0ff438c EnterCriticalSection 29168->29178 29170 7ff7a0fee9fa 29173 7ff7a0fee6fc _fread_nolock 51 API calls 29170->29173 29172 7ff7a0fee9ca 29180 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29172->29180 29175 7ff7a0feea11 29173->29175 29176 7ff7a0ff4398 _fread_nolock LeaveCriticalSection 29175->29176 29176->29177 29177->29117 29177->29126 29179->29172 29181->29146 29183->28992 29184->28995 29185->28991 29186->28999 29188 7ff7a0fe3ad0 29187->29188 29189 7ff7a0fe1b30 49 API calls 29188->29189 29190 7ff7a0fe3b02 29189->29190 29191 7ff7a0fe3b2b 29190->29191 29192 7ff7a0fe3b0b 29190->29192 29194 7ff7a0fe3b82 29191->29194 29285 7ff7a0fe2e60 29191->29285 29193 7ff7a0fe1c50 86 API calls 29192->29193 29214 7ff7a0fe3b21 29193->29214 29195 7ff7a0fe2e60 49 API calls 29194->29195 29197 7ff7a0fe3b9b 29195->29197 29199 7ff7a0fe3bb9 29197->29199 29204 7ff7a0fe1c50 86 API calls 29197->29204 29198 7ff7a0fea100 _wfindfirst32i64 8 API calls 29203 7ff7a0fe22de 29198->29203 29294 7ff7a0fe6310 29199->29294 29200 7ff7a0fe3b4c 29201 7ff7a0fe3b6a 29200->29201 29206 7ff7a0fe1c50 86 API calls 29200->29206 29288 7ff7a0fe2d70 29201->29288 29203->29003 29215 7ff7a0fe3e40 29203->29215 29204->29199 29206->29201 29208 7ff7a0fe3bc6 29209 7ff7a0fe3bcb 29208->29209 29210 7ff7a0fe3bed 29208->29210 29298 7ff7a0fe1cb0 86 API calls 29209->29298 29299 7ff7a0fe2f20 141 API calls 29210->29299 29212 7ff7a0fe6310 89 API calls 29212->29194 29214->29198 29216 7ff7a0fe5af0 92 API calls 29215->29216 29219 7ff7a0fe3e55 29216->29219 29217 7ff7a0fe3e70 29218 7ff7a0fe6db0 88 API calls 29217->29218 29220 7ff7a0fe3eb4 29218->29220 29219->29217 29221 7ff7a0fe1c50 86 API calls 29219->29221 29222 7ff7a0fe3ed0 29220->29222 29223 7ff7a0fe3eb9 29220->29223 29221->29217 29226 7ff7a0fe6db0 88 API calls 29222->29226 29224 7ff7a0fe1c50 86 API calls 29223->29224 29225 7ff7a0fe3ec5 29224->29225 29225->29005 29227 7ff7a0fe3f05 29226->29227 29229 7ff7a0fe1b30 49 API calls 29227->29229 29241 7ff7a0fe3f0a __std_exception_destroy 29227->29241 29228 7ff7a0fe1c50 86 API calls 29230 7ff7a0fe40b1 29228->29230 29231 7ff7a0fe3f87 29229->29231 29230->29005 29232 7ff7a0fe3fb3 29231->29232 29233 7ff7a0fe3f8e 29231->29233 29235 7ff7a0fe6db0 88 API calls 29232->29235 29234 7ff7a0fe1c50 86 API calls 29233->29234 29236 7ff7a0fe3fa3 29234->29236 29237 7ff7a0fe3fcc 29235->29237 29236->29005 29237->29241 29300 7ff7a0fe3c20 29237->29300 29241->29228 29242 7ff7a0fe409a 29241->29242 29242->29005 29244 7ff7a0fe3857 29243->29244 29244->29244 29245 7ff7a0fe3880 29244->29245 29252 7ff7a0fe3897 __std_exception_destroy 29244->29252 29246 7ff7a0fe1c50 86 API calls 29245->29246 29247 7ff7a0fe388c 29246->29247 29247->29007 29248 7ff7a0fe397b 29248->29007 29249 7ff7a0fe12b0 120 API calls 29249->29252 29251 7ff7a0fe1c50 86 API calls 29251->29252 29252->29248 29252->29249 29252->29251 29342 7ff7a0fe1780 86 API calls 29252->29342 29254 7ff7a0fe3aa7 29253->29254 29256 7ff7a0fe39bb 29253->29256 29254->29009 29256->29254 29257 7ff7a0fe1c50 86 API calls 29256->29257 29343 7ff7a0fe1780 86 API calls 29256->29343 29257->29256 29259 7ff7a0fe12c6 29258->29259 29260 7ff7a0fe12f8 29258->29260 29262 7ff7a0fe2de0 120 API calls 29259->29262 29261 7ff7a0feec94 73 API calls 29260->29261 29263 7ff7a0fe130a 29261->29263 29264 7ff7a0fe12d6 29262->29264 29265 7ff7a0fe132f 29263->29265 29266 7ff7a0fe130e 29263->29266 29264->29260 29267 7ff7a0fe12de 29264->29267 29272 7ff7a0fe1364 29265->29272 29273 7ff7a0fe1344 29265->29273 29362 7ff7a0fe1c10 86 API calls 29266->29362 29268 7ff7a0fe1c50 86 API calls 29267->29268 29270 7ff7a0fe12ee 29268->29270 29270->29020 29271 7ff7a0fe1325 29271->29020 29275 7ff7a0fe137e 29272->29275 29281 7ff7a0fe1395 29272->29281 29363 7ff7a0fe1c10 86 API calls 29273->29363 29344 7ff7a0fe1050 29275->29344 29277 7ff7a0fe135f __std_exception_destroy 29278 7ff7a0fe1421 29277->29278 29280 7ff7a0fee60c 74 API calls 29277->29280 29278->29020 29279 7ff7a0fee95c _fread_nolock 53 API calls 29279->29281 29280->29278 29281->29277 29281->29279 29282 7ff7a0fe13de 29281->29282 29364 7ff7a0fe1c10 86 API calls 29282->29364 29284->29020 29286 7ff7a0fe1b30 49 API calls 29285->29286 29287 7ff7a0fe2e90 29286->29287 29287->29200 29287->29287 29289 7ff7a0fe2d7a 29288->29289 29290 7ff7a0fe6db0 88 API calls 29289->29290 29291 7ff7a0fe2da2 29290->29291 29292 7ff7a0fea100 _wfindfirst32i64 8 API calls 29291->29292 29293 7ff7a0fe2dca 29292->29293 29293->29194 29293->29212 29295 7ff7a0fe6db0 88 API calls 29294->29295 29296 7ff7a0fe6327 LoadLibraryExW 29295->29296 29297 7ff7a0fe6344 __std_exception_destroy 29296->29297 29297->29208 29298->29214 29299->29214 29307 7ff7a0fe3c3a 29300->29307 29301 7ff7a0fea100 _wfindfirst32i64 8 API calls 29303 7ff7a0fe3e10 29301->29303 29327 7ff7a0fe6fb0 88 API calls __std_exception_destroy 29303->29327 29304 7ff7a0fe3d53 29313 7ff7a0fe3df1 29304->29313 29330 7ff7a0ff92e4 29304->29330 29307->29304 29309 7ff7a0fe3e29 29307->29309 29307->29313 29328 7ff7a0ff5740 47 API calls 29307->29328 29329 7ff7a0fe1780 86 API calls 29307->29329 29311 7ff7a0fe1c50 86 API calls 29309->29311 29311->29313 29312 7ff7a0fe3d76 29314 7ff7a0ff92e4 _fread_nolock 37 API calls 29312->29314 29313->29301 29315 7ff7a0fe3d88 29314->29315 29337 7ff7a0ff584c 39 API calls 3 library calls 29315->29337 29317 7ff7a0fe3d94 29338 7ff7a0ff5dd4 73 API calls 29317->29338 29319 7ff7a0fe3da6 29339 7ff7a0ff5dd4 73 API calls 29319->29339 29321 7ff7a0fe3db8 29322 7ff7a0ff4f7c 71 API calls 29321->29322 29323 7ff7a0fe3dc9 29322->29323 29324 7ff7a0ff4f7c 71 API calls 29323->29324 29325 7ff7a0fe3ddd 29324->29325 29326 7ff7a0ff4f7c 71 API calls 29325->29326 29326->29313 29327->29241 29328->29307 29329->29307 29331 7ff7a0fe3d6a 29330->29331 29332 7ff7a0ff92ed 29330->29332 29336 7ff7a0ff584c 39 API calls 3 library calls 29331->29336 29340 7ff7a0ff6088 11 API calls _get_daylight 29332->29340 29334 7ff7a0ff92f2 29341 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29334->29341 29336->29312 29337->29317 29338->29319 29339->29321 29340->29334 29342->29252 29343->29256 29345 7ff7a0fe10a6 29344->29345 29346 7ff7a0fe10d3 29345->29346 29347 7ff7a0fe10ad 29345->29347 29350 7ff7a0fe10ed 29346->29350 29351 7ff7a0fe1109 29346->29351 29348 7ff7a0fe1c50 86 API calls 29347->29348 29349 7ff7a0fe10c0 29348->29349 29349->29277 29365 7ff7a0fe1c10 86 API calls 29350->29365 29353 7ff7a0fe111b 29351->29353 29361 7ff7a0fe1137 memcpy_s 29351->29361 29366 7ff7a0fe1c10 86 API calls 29353->29366 29355 7ff7a0fee95c _fread_nolock 53 API calls 29355->29361 29356 7ff7a0fee6d0 37 API calls 29356->29361 29357 7ff7a0fe1104 __std_exception_destroy 29357->29277 29358 7ff7a0fe11fe 29359 7ff7a0fe1c50 86 API calls 29358->29359 29359->29357 29361->29355 29361->29356 29361->29357 29361->29358 29367 7ff7a0fef09c 76 API calls 29361->29367 29362->29271 29363->29277 29364->29277 29365->29357 29366->29357 29367->29361 29369 7ff7a0fe1dd6 29368->29369 29370 7ff7a0fe1b30 49 API calls 29369->29370 29372 7ff7a0fe1e0b 29370->29372 29371 7ff7a0fe2211 29372->29371 29373 7ff7a0fe2c50 49 API calls 29372->29373 29374 7ff7a0fe1e7f 29373->29374 29426 7ff7a0fe2230 29374->29426 29377 7ff7a0fe1ec1 29434 7ff7a0fe5880 127 API calls 29377->29434 29378 7ff7a0fe1efa 29379 7ff7a0fe2230 75 API calls 29378->29379 29381 7ff7a0fe1f4c 29379->29381 29383 7ff7a0fe1fb6 29381->29383 29384 7ff7a0fe1f50 29381->29384 29382 7ff7a0fe1ec9 29385 7ff7a0fe1eea 29382->29385 29435 7ff7a0fe5760 138 API calls 2 library calls 29382->29435 29387 7ff7a0fe2230 75 API calls 29383->29387 29436 7ff7a0fe5880 127 API calls 29384->29436 29389 7ff7a0fe1c50 86 API calls 29385->29389 29392 7ff7a0fe1ef3 29385->29392 29390 7ff7a0fe1fe2 29387->29390 29389->29392 29393 7ff7a0fe2042 29390->29393 29395 7ff7a0fe2230 75 API calls 29390->29395 29391 7ff7a0fe1f58 29391->29385 29437 7ff7a0fe5760 138 API calls 2 library calls 29391->29437 29394 7ff7a0fea100 _wfindfirst32i64 8 API calls 29392->29394 29393->29371 29438 7ff7a0fe5880 127 API calls 29393->29438 29398 7ff7a0fe1fab 29394->29398 29399 7ff7a0fe2012 29395->29399 29398->29034 29399->29393 29402 7ff7a0fe2230 75 API calls 29399->29402 29400 7ff7a0fe1f75 29400->29385 29404 7ff7a0fe21f6 29400->29404 29401 7ff7a0fe2052 29401->29371 29403 7ff7a0fe1af0 86 API calls 29401->29403 29415 7ff7a0fe216f 29401->29415 29402->29393 29405 7ff7a0fe20af 29403->29405 29406 7ff7a0fe1c50 86 API calls 29404->29406 29405->29371 29408 7ff7a0fe1b30 49 API calls 29405->29408 29407 7ff7a0fe216a 29406->29407 29441 7ff7a0fe1ab0 74 API calls __std_exception_destroy 29407->29441 29410 7ff7a0fe20d7 29408->29410 29410->29404 29412 7ff7a0fe1b30 49 API calls 29410->29412 29411 7ff7a0fe21db 29411->29404 29440 7ff7a0fe1440 158 API calls 2 library calls 29411->29440 29413 7ff7a0fe2104 29412->29413 29413->29404 29416 7ff7a0fe1b30 49 API calls 29413->29416 29415->29411 29439 7ff7a0fe1780 86 API calls 29415->29439 29417 7ff7a0fe2131 29416->29417 29417->29404 29419 7ff7a0fe17b0 121 API calls 29417->29419 29420 7ff7a0fe2153 29419->29420 29420->29415 29421 7ff7a0fe2157 29420->29421 29422 7ff7a0fe1c50 86 API calls 29421->29422 29422->29407 29423->29034 29424->29030 29425->29034 29427 7ff7a0fe2264 29426->29427 29442 7ff7a0ff3c80 29427->29442 29430 7ff7a0fe229b 29432 7ff7a0fea100 _wfindfirst32i64 8 API calls 29430->29432 29433 7ff7a0fe1ebd 29432->29433 29433->29377 29433->29378 29434->29382 29435->29385 29436->29391 29437->29400 29438->29401 29439->29415 29440->29411 29441->29371 29445 7ff7a0ff3cda 29442->29445 29443 7ff7a0ff3cff 29477 7ff7a0ff9e44 37 API calls 2 library calls 29443->29477 29445->29443 29446 7ff7a0ff3d3b 29445->29446 29478 7ff7a0ff16c4 49 API calls _invalid_parameter_noinfo 29446->29478 29448 7ff7a0ff3d29 29449 7ff7a0fea100 _wfindfirst32i64 8 API calls 29448->29449 29451 7ff7a0fe228a 29449->29451 29450 7ff7a0ff9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 29450->29448 29451->29430 29460 7ff7a0ff4e70 29451->29460 29452 7ff7a0ff3dd2 29453 7ff7a0ff3e3c 29452->29453 29454 7ff7a0ff3e18 29452->29454 29455 7ff7a0ff3de4 29452->29455 29459 7ff7a0ff3ded 29452->29459 29453->29454 29456 7ff7a0ff3e46 29453->29456 29454->29450 29455->29454 29455->29459 29458 7ff7a0ff9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 29456->29458 29458->29448 29479 7ff7a0ff9f78 29459->29479 29461 7ff7a0ff4e8d 29460->29461 29462 7ff7a0ff4e99 29460->29462 29486 7ff7a0ff46e8 29461->29486 29511 7ff7a0ff4a84 45 API calls __CxxCallCatchBlock 29462->29511 29465 7ff7a0ff4ec1 29466 7ff7a0ff4ed1 29465->29466 29512 7ff7a0ffe144 5 API calls __crtLCMapStringW 29465->29512 29513 7ff7a0ff456c 14 API calls 3 library calls 29466->29513 29469 7ff7a0ff4f29 29470 7ff7a0ff4f41 29469->29470 29471 7ff7a0ff4f2d 29469->29471 29473 7ff7a0ff46e8 69 API calls 29470->29473 29472 7ff7a0ff4e92 29471->29472 29474 7ff7a0ff9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 29471->29474 29472->29430 29475 7ff7a0ff4f4d 29473->29475 29474->29472 29475->29472 29476 7ff7a0ff9f78 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 29475->29476 29476->29472 29477->29448 29478->29452 29480 7ff7a0ff9f7d RtlFreeHeap 29479->29480 29481 7ff7a0ff9fac 29479->29481 29480->29481 29482 7ff7a0ff9f98 GetLastError 29480->29482 29481->29448 29483 7ff7a0ff9fa5 Concurrency::details::SchedulerProxy::DeleteThis 29482->29483 29485 7ff7a0ff6088 11 API calls _get_daylight 29483->29485 29485->29481 29487 7ff7a0ff4702 29486->29487 29488 7ff7a0ff471f 29486->29488 29514 7ff7a0ff6068 11 API calls _get_daylight 29487->29514 29488->29487 29490 7ff7a0ff4732 CreateFileW 29488->29490 29492 7ff7a0ff4766 29490->29492 29493 7ff7a0ff479c 29490->29493 29491 7ff7a0ff4707 29515 7ff7a0ff6088 11 API calls _get_daylight 29491->29515 29517 7ff7a0ff483c 59 API calls 3 library calls 29492->29517 29518 7ff7a0ff4d60 46 API calls 3 library calls 29493->29518 29497 7ff7a0ff4774 29500 7ff7a0ff4791 CloseHandle 29497->29500 29501 7ff7a0ff477b CloseHandle 29497->29501 29498 7ff7a0ff47a1 29502 7ff7a0ff47a5 29498->29502 29503 7ff7a0ff47d0 29498->29503 29499 7ff7a0ff470f 29516 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29499->29516 29505 7ff7a0ff471a 29500->29505 29501->29505 29519 7ff7a0ff5ffc 11 API calls 2 library calls 29502->29519 29520 7ff7a0ff4b20 51 API calls 29503->29520 29505->29472 29508 7ff7a0ff47dd 29521 7ff7a0ff4c5c 21 API calls _fread_nolock 29508->29521 29510 7ff7a0ff47af 29510->29505 29511->29465 29512->29466 29513->29469 29514->29491 29515->29499 29517->29497 29518->29498 29519->29510 29520->29508 29521->29510 29523 7ff7a0fe1bb6 29522->29523 29536 7ff7a0ff3b5c 29523->29536 29525 7ff7a0fe1bcc 29526 7ff7a0fe1d00 29525->29526 29527 7ff7a0fe1d10 29526->29527 29528 7ff7a0ff3c80 49 API calls 29527->29528 29529 7ff7a0fe1d58 29528->29529 29552 7ff7a0fe6bf0 MultiByteToWideChar 29529->29552 29531 7ff7a0fe1d70 29532 7ff7a0fe1b90 78 API calls 29531->29532 29533 7ff7a0fe1d9e 29532->29533 29534 7ff7a0fea100 _wfindfirst32i64 8 API calls 29533->29534 29535 7ff7a0fe1c9b 29534->29535 29535->28856 29538 7ff7a0ff3b86 29536->29538 29537 7ff7a0ff3bbe 29550 7ff7a0ff9e44 37 API calls 2 library calls 29537->29550 29538->29537 29540 7ff7a0ff3bf1 29538->29540 29543 7ff7a0fef140 29540->29543 29542 7ff7a0ff3be7 29542->29525 29551 7ff7a0ff438c EnterCriticalSection 29543->29551 29545 7ff7a0fef15d 29546 7ff7a0ff1084 76 API calls 29545->29546 29547 7ff7a0fef166 29546->29547 29548 7ff7a0ff4398 _fread_nolock LeaveCriticalSection 29547->29548 29549 7ff7a0fef170 29548->29549 29549->29542 29550->29542 29553 7ff7a0fe6c53 29552->29553 29554 7ff7a0fe6c39 29552->29554 29556 7ff7a0fe6c83 MultiByteToWideChar 29553->29556 29557 7ff7a0fe6c69 29553->29557 29567 7ff7a0fe1cb0 86 API calls 29554->29567 29559 7ff7a0fe6ca6 29556->29559 29560 7ff7a0fe6cc0 WideCharToMultiByte 29556->29560 29568 7ff7a0fe1cb0 86 API calls 29557->29568 29569 7ff7a0fe1cb0 86 API calls 29559->29569 29562 7ff7a0fe6cf6 29560->29562 29565 7ff7a0fe6ced 29560->29565 29564 7ff7a0fe6d1b WideCharToMultiByte 29562->29564 29562->29565 29564->29565 29566 7ff7a0fe6c4c __std_exception_destroy 29564->29566 29570 7ff7a0fe1cb0 86 API calls 29565->29570 29566->29531 29567->29566 29568->29566 29569->29566 29570->29566 29571->29050 29574 7ff7a0ff546c 29573->29574 29575 7ff7a0ff5492 29574->29575 29578 7ff7a0ff54c5 29574->29578 29604 7ff7a0ff6088 11 API calls _get_daylight 29575->29604 29577 7ff7a0ff5497 29605 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29577->29605 29580 7ff7a0ff54cb 29578->29580 29581 7ff7a0ff54d8 29578->29581 29606 7ff7a0ff6088 11 API calls _get_daylight 29580->29606 29592 7ff7a0ffa258 29581->29592 29583 7ff7a0fe2e39 29583->29061 29586 7ff7a0ff54ec 29607 7ff7a0ff6088 11 API calls _get_daylight 29586->29607 29587 7ff7a0ff54f9 29599 7ff7a0fff51c 29587->29599 29590 7ff7a0ff550c 29608 7ff7a0ff4398 LeaveCriticalSection 29590->29608 29609 7ff7a0fff808 EnterCriticalSection 29592->29609 29594 7ff7a0ffa26f 29595 7ff7a0ffa2cc 19 API calls 29594->29595 29596 7ff7a0ffa27a 29595->29596 29597 7ff7a0fff868 _isindst LeaveCriticalSection 29596->29597 29598 7ff7a0ff54e2 29597->29598 29598->29586 29598->29587 29610 7ff7a0fff218 29599->29610 29602 7ff7a0fff576 29602->29590 29604->29577 29606->29583 29607->29583 29611 7ff7a0fff253 __vcrt_InitializeCriticalSectionEx 29610->29611 29620 7ff7a0fff41a 29611->29620 29625 7ff7a10054f4 51 API calls 3 library calls 29611->29625 29613 7ff7a0fff4f1 29629 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29613->29629 29615 7ff7a0fff423 29615->29602 29622 7ff7a10061dc 29615->29622 29617 7ff7a0fff485 29617->29620 29626 7ff7a10054f4 51 API calls 3 library calls 29617->29626 29619 7ff7a0fff4a4 29619->29620 29627 7ff7a10054f4 51 API calls 3 library calls 29619->29627 29620->29615 29628 7ff7a0ff6088 11 API calls _get_daylight 29620->29628 29630 7ff7a10057dc 29622->29630 29625->29617 29626->29619 29627->29620 29628->29613 29631 7ff7a10057f3 29630->29631 29632 7ff7a1005811 29630->29632 29684 7ff7a0ff6088 11 API calls _get_daylight 29631->29684 29632->29631 29635 7ff7a100582d 29632->29635 29634 7ff7a10057f8 29685 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29634->29685 29641 7ff7a1005dec 29635->29641 29639 7ff7a1005804 29639->29602 29687 7ff7a1005b20 29641->29687 29644 7ff7a1005e61 29719 7ff7a0ff6068 11 API calls _get_daylight 29644->29719 29645 7ff7a1005e79 29707 7ff7a0ff6e60 29645->29707 29648 7ff7a1005e66 29720 7ff7a0ff6088 11 API calls _get_daylight 29648->29720 29658 7ff7a1005858 29658->29639 29686 7ff7a0ff6e38 LeaveCriticalSection 29658->29686 29684->29634 29688 7ff7a1005b4c 29687->29688 29695 7ff7a1005b66 29687->29695 29688->29695 29732 7ff7a0ff6088 11 API calls _get_daylight 29688->29732 29690 7ff7a1005b5b 29733 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29690->29733 29692 7ff7a1005c35 29703 7ff7a1005c92 29692->29703 29738 7ff7a0ff57dc 37 API calls 2 library calls 29692->29738 29693 7ff7a1005be4 29693->29692 29736 7ff7a0ff6088 11 API calls _get_daylight 29693->29736 29695->29693 29734 7ff7a0ff6088 11 API calls _get_daylight 29695->29734 29697 7ff7a1005c8e 29700 7ff7a1005d10 29697->29700 29697->29703 29699 7ff7a1005c2a 29737 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29699->29737 29739 7ff7a0ff9f30 17 API calls _wfindfirst32i64 29700->29739 29701 7ff7a1005bd9 29735 7ff7a0ff9f10 37 API calls _invalid_parameter_noinfo 29701->29735 29703->29644 29703->29645 29740 7ff7a0fff808 EnterCriticalSection 29707->29740 29719->29648 29720->29658 29732->29690 29734->29701 29736->29699 29738->29697 29742 7ff7a0ff7acc 29741->29742 29745 7ff7a0ff75a8 29742->29745 29744 7ff7a0ff7ae5 29744->29069 29746 7ff7a0ff75c3 29745->29746 29747 7ff7a0ff75f2 29745->29747 29756 7ff7a0ff9e44 37 API calls 2 library calls 29746->29756 29755 7ff7a0ff438c EnterCriticalSection 29747->29755 29750 7ff7a0ff75e3 29750->29744 29751 7ff7a0ff75f7 29752 7ff7a0ff7614 38 API calls 29751->29752 29753 7ff7a0ff7603 29752->29753 29754 7ff7a0ff4398 _fread_nolock LeaveCriticalSection 29753->29754 29754->29750 29756->29750 29758 7ff7a0fee403 29757->29758 29759 7ff7a0fee431 29757->29759 29768 7ff7a0ff9e44 37 API calls 2 library calls 29758->29768 29761 7ff7a0fee423 29759->29761 29767 7ff7a0ff438c EnterCriticalSection 29759->29767 29761->29075 29763 7ff7a0fee448 29764 7ff7a0fee464 72 API calls 29763->29764 29765 7ff7a0fee454 29764->29765 29766 7ff7a0ff4398 _fread_nolock LeaveCriticalSection 29765->29766 29766->29761 29768->29761 29769 7ff7a0ff8919 29781 7ff7a0ff9238 29769->29781 29771 7ff7a0ff891e 29772 7ff7a0ff8945 GetModuleHandleW 29771->29772 29773 7ff7a0ff898f 29771->29773 29772->29773 29775 7ff7a0ff8952 29772->29775 29774 7ff7a0ff881c 11 API calls 29773->29774 29776 7ff7a0ff89cb 29774->29776 29775->29773 29780 7ff7a0ff8a40 GetModuleHandleExW GetProcAddress FreeLibrary 29775->29780 29777 7ff7a0ff89d2 29776->29777 29778 7ff7a0ff89e8 11 API calls 29776->29778 29779 7ff7a0ff89e4 29778->29779 29780->29773 29786 7ff7a0ffa780 45 API calls 3 library calls 29781->29786 29783 7ff7a0ff9241 29787 7ff7a0ff936c 45 API calls 2 library calls 29783->29787 29786->29783

                                                                      Executed Functions

                                                                      Function 00007FF7A1005DEC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 152 7ff7a1005dec-7ff7a1005e5f call 7ff7a1005b20 155 7ff7a1005e61-7ff7a1005e6a call 7ff7a0ff6068 152->155 156 7ff7a1005e79-7ff7a1005e83 call 7ff7a0ff6e60 152->156 161 7ff7a1005e6d-7ff7a1005e74 call 7ff7a0ff6088 155->161 162 7ff7a1005e85-7ff7a1005e9c call 7ff7a0ff6068 call 7ff7a0ff6088 156->162 163 7ff7a1005e9e-7ff7a1005f07 CreateFileW 156->163 179 7ff7a10061ba-7ff7a10061da 161->179 162->161 164 7ff7a1005f84-7ff7a1005f8f GetFileType 163->164 165 7ff7a1005f09-7ff7a1005f0f 163->165 172 7ff7a1005fe2-7ff7a1005fe9 164->172 173 7ff7a1005f91-7ff7a1005fcc GetLastError call 7ff7a0ff5ffc CloseHandle 164->173 169 7ff7a1005f51-7ff7a1005f7f GetLastError call 7ff7a0ff5ffc 165->169 170 7ff7a1005f11-7ff7a1005f15 165->170 169->161 170->169 177 7ff7a1005f17-7ff7a1005f4f CreateFileW 170->177 175 7ff7a1005ff1-7ff7a1005ff4 172->175 176 7ff7a1005feb-7ff7a1005fef 172->176 173->161 187 7ff7a1005fd2-7ff7a1005fdd call 7ff7a0ff6088 173->187 182 7ff7a1005ffa-7ff7a100604f call 7ff7a0ff6d78 175->182 183 7ff7a1005ff6 175->183 176->182 177->164 177->169 191 7ff7a1006051-7ff7a100605d call 7ff7a1005d28 182->191 192 7ff7a100606e-7ff7a100609f call 7ff7a10058a0 182->192 183->182 187->161 191->192 199 7ff7a100605f 191->199 197 7ff7a10060a5-7ff7a10060e7 192->197 198 7ff7a10060a1-7ff7a10060a3 192->198 201 7ff7a1006109-7ff7a1006114 197->201 202 7ff7a10060e9-7ff7a10060ed 197->202 200 7ff7a1006061-7ff7a1006069 call 7ff7a0ffa0f0 198->200 199->200 200->179 204 7ff7a100611a-7ff7a100611e 201->204 205 7ff7a10061b8 201->205 202->201 203 7ff7a10060ef-7ff7a1006104 202->203 203->201 204->205 207 7ff7a1006124-7ff7a1006169 CloseHandle CreateFileW 204->207 205->179 209 7ff7a100619e-7ff7a10061b3 207->209 210 7ff7a100616b-7ff7a1006199 GetLastError call 7ff7a0ff5ffc call 7ff7a0ff6fa0 207->210 209->205 210->209
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                      • String ID:
                                                                      • API String ID: 1617910340-0
                                                                      • Opcode ID: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                      • Instruction ID: cabf71382365bf184d8244860535987e9305c2f5e8bd34971652b538fc87f96e
                                                                      • Opcode Fuzzy Hash: 52a4378cdb78c32285671ba8c66096e739a338fe2dbd84037285ee5c330aca07
                                                                      • Instruction Fuzzy Hash: C5C1F333B29A4285FB10EF64C4906AD7771FB48B98B864239DE1E977A5CF78E061C710
                                                                      Function 00007FF7A0FE17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                      • API String ID: 3405171723-4158440160
                                                                      • Opcode ID: 5c49a8cddfaeaf085e12370ff3ee4fae9e2fef66abab006e93af1c3fcbc0697f
                                                                      • Instruction ID: f3b2b437746adf8f79a4e9085ceba0e554a670209a17395f392f15e4b237b199
                                                                      • Opcode Fuzzy Hash: 5c49a8cddfaeaf085e12370ff3ee4fae9e2fef66abab006e93af1c3fcbc0697f
                                                                      • Instruction Fuzzy Hash: C3516972A0E606C6EF14EF39D45027DB3A0FB48B84B928935D90D933A9DE6CE550CB60
                                                                      Function 00007FF7A0FE12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                      • API String ID: 0-3659356012
                                                                      • Opcode ID: 60275b0be8da073a50b86a7777b4e2d23c8ae2bab0a68d0179eb72b20f9ea2b8
                                                                      • Instruction ID: 740288d7a6f258cde2a65b09df276193882e5df21fa283da16f27b5c43a81cd6
                                                                      • Opcode Fuzzy Hash: 60275b0be8da073a50b86a7777b4e2d23c8ae2bab0a68d0179eb72b20f9ea2b8
                                                                      • Instruction Fuzzy Hash: 05417331A0E643C5FE10EB26A8402AAE3A1FB447D0FD64832DA4D57B65EE7CF541C710
                                                                      Function 00007FF7A0FE1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 278 7ff7a0fe1000-7ff7a0fe27b6 call 7ff7a0fee3e0 call 7ff7a0fee3d8 call 7ff7a0fe67c0 call 7ff7a0fea130 call 7ff7a0ff4310 call 7ff7a0ff4f7c call 7ff7a0fe1af0 294 7ff7a0fe27bc-7ff7a0fe27cb call 7ff7a0fe2cd0 278->294 295 7ff7a0fe28ca 278->295 294->295 300 7ff7a0fe27d1-7ff7a0fe27e4 call 7ff7a0fe2ba0 294->300 297 7ff7a0fe28cf-7ff7a0fe28ef call 7ff7a0fea100 295->297 300->295 304 7ff7a0fe27ea-7ff7a0fe27fd call 7ff7a0fe2c50 300->304 304->295 307 7ff7a0fe2803-7ff7a0fe282a call 7ff7a0fe5af0 304->307 310 7ff7a0fe286c-7ff7a0fe2894 call 7ff7a0fe60f0 call 7ff7a0fe19d0 307->310 311 7ff7a0fe282c-7ff7a0fe283b call 7ff7a0fe5af0 307->311 322 7ff7a0fe297d-7ff7a0fe298e 310->322 323 7ff7a0fe289a-7ff7a0fe28b0 call 7ff7a0fe19d0 310->323 311->310 316 7ff7a0fe283d-7ff7a0fe2843 311->316 318 7ff7a0fe2845-7ff7a0fe284d 316->318 319 7ff7a0fe284f-7ff7a0fe2869 call 7ff7a0ff4138 call 7ff7a0fe60f0 316->319 318->319 319->310 325 7ff7a0fe29a3-7ff7a0fe29bb call 7ff7a0fe6db0 322->325 326 7ff7a0fe2990-7ff7a0fe299a call 7ff7a0fe24a0 322->326 335 7ff7a0fe28f0-7ff7a0fe28f3 323->335 336 7ff7a0fe28b2-7ff7a0fe28c5 call 7ff7a0fe1c50 323->336 341 7ff7a0fe29ce-7ff7a0fe29d5 SetDllDirectoryW 325->341 342 7ff7a0fe29bd-7ff7a0fe29c9 call 7ff7a0fe1c50 325->342 339 7ff7a0fe299c 326->339 340 7ff7a0fe29db-7ff7a0fe29e8 call 7ff7a0fe4fa0 326->340 335->322 338 7ff7a0fe28f9-7ff7a0fe2910 call 7ff7a0fe2de0 335->338 336->295 351 7ff7a0fe2912-7ff7a0fe2915 338->351 352 7ff7a0fe2917-7ff7a0fe2943 call 7ff7a0fe6360 338->352 339->325 349 7ff7a0fe2a36-7ff7a0fe2a3b call 7ff7a0fe4f20 340->349 350 7ff7a0fe29ea-7ff7a0fe29fa call 7ff7a0fe4c40 340->350 341->340 342->295 358 7ff7a0fe2a40-7ff7a0fe2a43 349->358 350->349 364 7ff7a0fe29fc-7ff7a0fe2a0b call 7ff7a0fe47a0 350->364 355 7ff7a0fe2952-7ff7a0fe2968 call 7ff7a0fe1c50 351->355 365 7ff7a0fe2945-7ff7a0fe294d call 7ff7a0fee60c 352->365 366 7ff7a0fe296d-7ff7a0fe297b 352->366 355->295 362 7ff7a0fe2af6-7ff7a0fe2afe call 7ff7a0fe2330 358->362 363 7ff7a0fe2a49-7ff7a0fe2a56 358->363 374 7ff7a0fe2b03-7ff7a0fe2b05 362->374 367 7ff7a0fe2a60-7ff7a0fe2a6a 363->367 378 7ff7a0fe2a2c-7ff7a0fe2a31 call 7ff7a0fe49f0 364->378 379 7ff7a0fe2a0d-7ff7a0fe2a19 call 7ff7a0fe4730 364->379 365->355 366->326 371 7ff7a0fe2a73-7ff7a0fe2a75 367->371 372 7ff7a0fe2a6c-7ff7a0fe2a71 367->372 376 7ff7a0fe2ac1-7ff7a0fe2ad6 call 7ff7a0fe2490 call 7ff7a0fe22d0 call 7ff7a0fe2480 371->376 377 7ff7a0fe2a77-7ff7a0fe2a9a call 7ff7a0fe1b30 371->377 372->367 372->371 374->295 380 7ff7a0fe2b0b-7ff7a0fe2b42 call 7ff7a0fe6080 call 7ff7a0fe5af0 call 7ff7a0fe4540 374->380 402 7ff7a0fe2adb-7ff7a0fe2af1 call 7ff7a0fe49f0 call 7ff7a0fe4f20 376->402 377->295 391 7ff7a0fe2aa0-7ff7a0fe2aab 377->391 378->349 379->378 392 7ff7a0fe2a1b-7ff7a0fe2a2a call 7ff7a0fe4df0 379->392 380->295 403 7ff7a0fe2b48-7ff7a0fe2b7d call 7ff7a0fe2490 call 7ff7a0fe6130 call 7ff7a0fe49f0 call 7ff7a0fe4f20 380->403 395 7ff7a0fe2ab0-7ff7a0fe2abf 391->395 392->358 395->376 395->395 402->297 416 7ff7a0fe2b7f-7ff7a0fe2b82 call 7ff7a0fe5df0 403->416 417 7ff7a0fe2b87-7ff7a0fe2b91 call 7ff7a0fe1ab0 403->417 416->417 417->297
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A0FE2CD0: GetModuleFileNameW.KERNEL32(?,00007FF7A0FE27C9,?,?,?,?,?,?), ref: 00007FF7A0FE2D01
                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7A0FE29D5
                                                                        • Part of subcall function 00007FF7A0FE5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7A0FE2817,?,?,?,?,?,?), ref: 00007FF7A0FE5B2A
                                                                        • Part of subcall function 00007FF7A0FE5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE5B47
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                      • API String ID: 2344891160-3602715111
                                                                      • Opcode ID: 8a150a9a58d45ff89090a124b7ff524bcda0890e66e432f933d0e899395f739e
                                                                      • Instruction ID: 556024dbc34c0ee8d1bb4e0d7e29e77bd2abc92c444237f0d78aef6c86a688b3
                                                                      • Opcode Fuzzy Hash: 8a150a9a58d45ff89090a124b7ff524bcda0890e66e432f933d0e899395f739e
                                                                      • Instruction Fuzzy Hash: E6C1C721A1E683C5FA60BB3194512FDA350BF44784FC64832EA4D677B6EF6CF6058720
                                                                      Function 00007FF7A0FE1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 421 7ff7a0fe1050-7ff7a0fe10ab call 7ff7a0fe9990 424 7ff7a0fe10d3-7ff7a0fe10eb call 7ff7a0ff414c 421->424 425 7ff7a0fe10ad-7ff7a0fe10d2 call 7ff7a0fe1c50 421->425 430 7ff7a0fe10ed-7ff7a0fe1104 call 7ff7a0fe1c10 424->430 431 7ff7a0fe1109-7ff7a0fe1119 call 7ff7a0ff414c 424->431 436 7ff7a0fe126c-7ff7a0fe1281 call 7ff7a0fe9670 call 7ff7a0ff4138 * 2 430->436 437 7ff7a0fe111b-7ff7a0fe1132 call 7ff7a0fe1c10 431->437 438 7ff7a0fe1137-7ff7a0fe1147 431->438 454 7ff7a0fe1286-7ff7a0fe12a0 436->454 437->436 441 7ff7a0fe1150-7ff7a0fe1175 call 7ff7a0fee95c 438->441 447 7ff7a0fe117b-7ff7a0fe1185 call 7ff7a0fee6d0 441->447 448 7ff7a0fe125e 441->448 447->448 455 7ff7a0fe118b-7ff7a0fe1197 447->455 450 7ff7a0fe1264 448->450 450->436 456 7ff7a0fe11a0-7ff7a0fe11b5 call 7ff7a0fe7de0 455->456 458 7ff7a0fe11ba-7ff7a0fe11c8 456->458 459 7ff7a0fe1241-7ff7a0fe125c call 7ff7a0fe1c50 458->459 460 7ff7a0fe11ca-7ff7a0fe11cd 458->460 459->450 461 7ff7a0fe11cf-7ff7a0fe11d9 460->461 462 7ff7a0fe123c 460->462 464 7ff7a0fe1203-7ff7a0fe1206 461->464 465 7ff7a0fe11db-7ff7a0fe11f0 call 7ff7a0fef09c 461->465 462->459 467 7ff7a0fe1208-7ff7a0fe1216 call 7ff7a0feaec0 464->467 468 7ff7a0fe1219-7ff7a0fe121e 464->468 476 7ff7a0fe11f2-7ff7a0fe11fc call 7ff7a0fee6d0 465->476 477 7ff7a0fe11fe-7ff7a0fe1201 465->477 467->468 468->456 471 7ff7a0fe1220-7ff7a0fe1223 468->471 474 7ff7a0fe1225-7ff7a0fe1228 471->474 475 7ff7a0fe1237-7ff7a0fe123a 471->475 474->459 478 7ff7a0fe122a-7ff7a0fe1232 474->478 475->450 476->468 476->477 477->459 478->441
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                      • API String ID: 0-1655038675
                                                                      • Opcode ID: 0f593df15c26aa97bfddcbd1cec8bcaf50387b027b5acb5872475685e06497ee
                                                                      • Instruction ID: a97d040d534db438bebab68bced4857eaa38be83f8eebe72435ab77c63a8cc1b
                                                                      • Opcode Fuzzy Hash: 0f593df15c26aa97bfddcbd1cec8bcaf50387b027b5acb5872475685e06497ee
                                                                      • Instruction Fuzzy Hash: 2151C632A0E643C5EA60BB22A8403BAB390BB84794FC64935DE4D977A5EE3CF455C710
                                                                      Function 00007FF7A0FFDF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF7A0FFE2CA,?,?,-00000018,00007FF7A0FFA383,?,?,?,00007FF7A0FFA27A,?,?,?,00007FF7A0FF54E2), ref: 00007FF7A0FFE0AC
                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF7A0FFE2CA,?,?,-00000018,00007FF7A0FFA383,?,?,?,00007FF7A0FFA27A,?,?,?,00007FF7A0FF54E2), ref: 00007FF7A0FFE0B8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeLibraryProc
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 3013587201-537541572
                                                                      • Opcode ID: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                      • Instruction ID: 1c7500e100ee5bbf0150a1dd0151a66337301a0330c1dab55b15992dc5929fad
                                                                      • Opcode Fuzzy Hash: 5d4014bca18f9f9ee9ee76f308e7221266f6712ab36b1d3e30b229e2872ef72f
                                                                      • Instruction Fuzzy Hash: 1D413622B1F60389FB11EB269810676A392BF44BD0F8B4935DD0D673A8EE7CF4458324
                                                                      Function 00007FF7A0FFB08C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 507 7ff7a0ffb08c-7ff7a0ffb0b2 508 7ff7a0ffb0b4-7ff7a0ffb0c8 call 7ff7a0ff6068 call 7ff7a0ff6088 507->508 509 7ff7a0ffb0cd-7ff7a0ffb0d1 507->509 527 7ff7a0ffb4be 508->527 510 7ff7a0ffb4a7-7ff7a0ffb4b3 call 7ff7a0ff6068 call 7ff7a0ff6088 509->510 511 7ff7a0ffb0d7-7ff7a0ffb0de 509->511 530 7ff7a0ffb4b9 call 7ff7a0ff9f10 510->530 511->510 513 7ff7a0ffb0e4-7ff7a0ffb112 511->513 513->510 516 7ff7a0ffb118-7ff7a0ffb11f 513->516 519 7ff7a0ffb121-7ff7a0ffb133 call 7ff7a0ff6068 call 7ff7a0ff6088 516->519 520 7ff7a0ffb138-7ff7a0ffb13b 516->520 519->530 525 7ff7a0ffb4a3-7ff7a0ffb4a5 520->525 526 7ff7a0ffb141-7ff7a0ffb147 520->526 528 7ff7a0ffb4c1-7ff7a0ffb4d8 525->528 526->525 531 7ff7a0ffb14d-7ff7a0ffb150 526->531 527->528 530->527 531->519 534 7ff7a0ffb152-7ff7a0ffb177 531->534 536 7ff7a0ffb1aa-7ff7a0ffb1b1 534->536 537 7ff7a0ffb179-7ff7a0ffb17b 534->537 538 7ff7a0ffb186-7ff7a0ffb19d call 7ff7a0ff6068 call 7ff7a0ff6088 call 7ff7a0ff9f10 536->538 539 7ff7a0ffb1b3-7ff7a0ffb1db call 7ff7a0ffcc2c call 7ff7a0ff9f78 * 2 536->539 540 7ff7a0ffb1a2-7ff7a0ffb1a8 537->540 541 7ff7a0ffb17d-7ff7a0ffb184 537->541 569 7ff7a0ffb330 538->569 572 7ff7a0ffb1dd-7ff7a0ffb1f3 call 7ff7a0ff6088 call 7ff7a0ff6068 539->572 573 7ff7a0ffb1f8-7ff7a0ffb223 call 7ff7a0ffb8b4 539->573 542 7ff7a0ffb228-7ff7a0ffb23f 540->542 541->538 541->540 546 7ff7a0ffb241-7ff7a0ffb249 542->546 547 7ff7a0ffb2ba-7ff7a0ffb2c4 call 7ff7a1002abc 542->547 546->547 551 7ff7a0ffb24b-7ff7a0ffb24d 546->551 558 7ff7a0ffb34e 547->558 559 7ff7a0ffb2ca-7ff7a0ffb2df 547->559 551->547 555 7ff7a0ffb24f-7ff7a0ffb265 551->555 555->547 560 7ff7a0ffb267-7ff7a0ffb273 555->560 562 7ff7a0ffb353-7ff7a0ffb373 ReadFile 558->562 559->558 564 7ff7a0ffb2e1-7ff7a0ffb2f3 GetConsoleMode 559->564 560->547 565 7ff7a0ffb275-7ff7a0ffb277 560->565 567 7ff7a0ffb46d-7ff7a0ffb476 GetLastError 562->567 568 7ff7a0ffb379-7ff7a0ffb381 562->568 564->558 570 7ff7a0ffb2f5-7ff7a0ffb2fd 564->570 565->547 571 7ff7a0ffb279-7ff7a0ffb291 565->571 577 7ff7a0ffb493-7ff7a0ffb496 567->577 578 7ff7a0ffb478-7ff7a0ffb48e call 7ff7a0ff6088 call 7ff7a0ff6068 567->578 568->567 574 7ff7a0ffb387 568->574 579 7ff7a0ffb333-7ff7a0ffb33d call 7ff7a0ff9f78 569->579 570->562 576 7ff7a0ffb2ff-7ff7a0ffb321 ReadConsoleW 570->576 571->547 580 7ff7a0ffb293-7ff7a0ffb29f 571->580 572->569 573->542 583 7ff7a0ffb38e-7ff7a0ffb3a3 574->583 585 7ff7a0ffb323 GetLastError 576->585 586 7ff7a0ffb342-7ff7a0ffb34c 576->586 590 7ff7a0ffb49c-7ff7a0ffb49e 577->590 591 7ff7a0ffb329-7ff7a0ffb32b call 7ff7a0ff5ffc 577->591 578->569 579->528 580->547 589 7ff7a0ffb2a1-7ff7a0ffb2a3 580->589 583->579 593 7ff7a0ffb3a5-7ff7a0ffb3b0 583->593 585->591 586->583 589->547 597 7ff7a0ffb2a5-7ff7a0ffb2b5 589->597 590->579 591->569 599 7ff7a0ffb3b2-7ff7a0ffb3cb call 7ff7a0ffaca4 593->599 600 7ff7a0ffb3d7-7ff7a0ffb3df 593->600 597->547 607 7ff7a0ffb3d0-7ff7a0ffb3d2 599->607 603 7ff7a0ffb3e1-7ff7a0ffb3f3 600->603 604 7ff7a0ffb45b-7ff7a0ffb468 call 7ff7a0ffaae4 600->604 608 7ff7a0ffb3f5 603->608 609 7ff7a0ffb44e-7ff7a0ffb456 603->609 604->607 607->579 611 7ff7a0ffb3fa-7ff7a0ffb401 608->611 609->579 612 7ff7a0ffb403-7ff7a0ffb407 611->612 613 7ff7a0ffb43d-7ff7a0ffb448 611->613 614 7ff7a0ffb423 612->614 615 7ff7a0ffb409-7ff7a0ffb410 612->615 613->609 616 7ff7a0ffb429-7ff7a0ffb439 614->616 615->614 617 7ff7a0ffb412-7ff7a0ffb416 615->617 616->611 618 7ff7a0ffb43b 616->618 617->614 619 7ff7a0ffb418-7ff7a0ffb421 617->619 618->609 619->616
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                      • Instruction ID: 5463a08a91887a50ee6141645eb6728bde037d314db34532b84ed4c981d69689
                                                                      • Opcode Fuzzy Hash: 5e2fa04a27a554ad5a06cbbe01d601b05b68f3aeb2922c25288f770f6f319bba
                                                                      • Instruction Fuzzy Hash: EBC1F523A0E68789E721AF3594402BEB751EB81B80FD74535DA4E237B1CE7DF8458720
                                                                      Function 00007FF7A0FFC590 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 685 7ff7a0ffc590-7ff7a0ffc5b5 686 7ff7a0ffc883 685->686 687 7ff7a0ffc5bb-7ff7a0ffc5be 685->687 688 7ff7a0ffc885-7ff7a0ffc895 686->688 689 7ff7a0ffc5c0-7ff7a0ffc5f2 call 7ff7a0ff9e44 687->689 690 7ff7a0ffc5f7-7ff7a0ffc623 687->690 689->688 692 7ff7a0ffc625-7ff7a0ffc62c 690->692 693 7ff7a0ffc62e-7ff7a0ffc634 690->693 692->689 692->693 695 7ff7a0ffc636-7ff7a0ffc63f call 7ff7a0ffb950 693->695 696 7ff7a0ffc644-7ff7a0ffc659 call 7ff7a1002abc 693->696 695->696 700 7ff7a0ffc773-7ff7a0ffc77c 696->700 701 7ff7a0ffc65f-7ff7a0ffc668 696->701 702 7ff7a0ffc7d0-7ff7a0ffc7f5 WriteFile 700->702 703 7ff7a0ffc77e-7ff7a0ffc784 700->703 701->700 704 7ff7a0ffc66e-7ff7a0ffc672 701->704 705 7ff7a0ffc800 702->705 706 7ff7a0ffc7f7-7ff7a0ffc7fd GetLastError 702->706 707 7ff7a0ffc786-7ff7a0ffc789 703->707 708 7ff7a0ffc7bc-7ff7a0ffc7c9 call 7ff7a0ffc048 703->708 709 7ff7a0ffc674-7ff7a0ffc67c call 7ff7a0ff3830 704->709 710 7ff7a0ffc683-7ff7a0ffc68e 704->710 714 7ff7a0ffc803 705->714 706->705 715 7ff7a0ffc78b-7ff7a0ffc78e 707->715 716 7ff7a0ffc7a8-7ff7a0ffc7ba call 7ff7a0ffc268 707->716 720 7ff7a0ffc7ce 708->720 709->710 711 7ff7a0ffc690-7ff7a0ffc699 710->711 712 7ff7a0ffc69f-7ff7a0ffc6b4 GetConsoleMode 710->712 711->700 711->712 718 7ff7a0ffc76c 712->718 719 7ff7a0ffc6ba-7ff7a0ffc6c0 712->719 721 7ff7a0ffc808 714->721 722 7ff7a0ffc814-7ff7a0ffc81e 715->722 723 7ff7a0ffc794-7ff7a0ffc7a6 call 7ff7a0ffc14c 715->723 729 7ff7a0ffc760-7ff7a0ffc767 716->729 718->700 727 7ff7a0ffc6c6-7ff7a0ffc6c9 719->727 728 7ff7a0ffc749-7ff7a0ffc75b call 7ff7a0ffbbd0 719->728 720->729 730 7ff7a0ffc80d 721->730 731 7ff7a0ffc820-7ff7a0ffc825 722->731 732 7ff7a0ffc87c-7ff7a0ffc881 722->732 723->729 734 7ff7a0ffc6d4-7ff7a0ffc6e2 727->734 735 7ff7a0ffc6cb-7ff7a0ffc6ce 727->735 728->729 729->721 730->722 737 7ff7a0ffc853-7ff7a0ffc85d 731->737 738 7ff7a0ffc827-7ff7a0ffc82a 731->738 732->688 742 7ff7a0ffc6e4 734->742 743 7ff7a0ffc740-7ff7a0ffc744 734->743 735->730 735->734 740 7ff7a0ffc864-7ff7a0ffc873 737->740 741 7ff7a0ffc85f-7ff7a0ffc862 737->741 744 7ff7a0ffc843-7ff7a0ffc84e call 7ff7a0ff6044 738->744 745 7ff7a0ffc82c-7ff7a0ffc83b 738->745 740->732 741->686 741->740 747 7ff7a0ffc6e8-7ff7a0ffc6ff call 7ff7a1002b88 742->747 743->714 744->737 745->744 751 7ff7a0ffc701-7ff7a0ffc70d 747->751 752 7ff7a0ffc737-7ff7a0ffc73d GetLastError 747->752 753 7ff7a0ffc70f-7ff7a0ffc721 call 7ff7a1002b88 751->753 754 7ff7a0ffc72c-7ff7a0ffc733 751->754 752->743 753->752 758 7ff7a0ffc723-7ff7a0ffc72a 753->758 754->743 755 7ff7a0ffc735 754->755 755->747 758->754
                                                                      APIs
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A0FFC57B), ref: 00007FF7A0FFC6AC
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A0FFC57B), ref: 00007FF7A0FFC737
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode
                                                                      • String ID:
                                                                      • API String ID: 953036326-0
                                                                      • Opcode ID: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                      • Instruction ID: 832ec93f454a20827ddc5828f4ba714b060c8656d84a89a966b9ee70d3a1a9c4
                                                                      • Opcode Fuzzy Hash: 1ee269c4fb3492fdab786e16ea0be33da994e1b3a3006f3c14cd8905a42bf150
                                                                      • Instruction Fuzzy Hash: 7691C633E0D66389F750AF7585402BDABA0AB44B88F964539DE0E63BA4DF38F445C760
                                                                      Function 00007FF7A0FF46E8 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 1279662727-0
                                                                      • Opcode ID: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                      • Instruction ID: 7b4cf955cf47064b45d86a929a05718054c887a9a782bb0d7f586b49600da0fc
                                                                      • Opcode Fuzzy Hash: 6f171c56c4af514848e95b4e04b562bbb562cc25ad397f2cc98f1fee1aaa5281
                                                                      • Instruction Fuzzy Hash: 4841B023D1D7828BE710AB309510369B360FB957A4F519734EB9C13BE5DF6CB5A08720
                                                                      Function 00007FF7A0FEA51C Relevance: 4.6, APIs: 3, Instructions: 102COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 3058843127-0
                                                                      • Opcode ID: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                      • Instruction ID: c58678816773adc8572dea1502ebecdbe9700d085d6e65ea43cb223496a5cdc2
                                                                      • Opcode Fuzzy Hash: 0a8c62a57e2cf59f1561fe537eeb51f2220189f8d74725526a3d26dbeb988a7e
                                                                      • Instruction Fuzzy Hash: 23312C21A0E203C6FA14BB3195513BAA391AF82784FCA4836E60D673F7DE6CF4458671
                                                                      Function 00007FF7A0FF89E8 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                      • Instruction ID: e58afa806e5413096c3b60ff6178302a5b6c7e66f9f89971266415482ff021cf
                                                                      • Opcode Fuzzy Hash: fc68bfbf785dc4e8d02d30f22ac316467e06faf73d836825e3014864920bd8dd
                                                                      • Instruction Fuzzy Hash: 4ED05E11F0E7039AFB043B30588517AA3119F48700F861838C80F123B3CD7CB46E4A20
                                                                      Function 00007FF7A0FEE6FC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                      • Instruction ID: 068edfd8a15634ee4025c715f4c78251d1ef34f81c57ba5f54519f62b7455db1
                                                                      • Opcode Fuzzy Hash: 91f838de0bf1c0634cfb639a0c406c35748c40ae1573d712d08faa75350ec251
                                                                      • Instruction Fuzzy Hash: 5C51E621B0F643C6E768BA35A41067AA191AF44BA4F9A4E34DD7C137EDCE3CF5018620
                                                                      Function 00007FF7A0FFC048 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID:
                                                                      • API String ID: 442123175-0
                                                                      • Opcode ID: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                      • Instruction ID: 95dae4028410357d2fc99f633c4b23797af28d6e50806a2ccb6528d42a47f53f
                                                                      • Opcode Fuzzy Hash: 48497a76b3055afe52661005fd715ce1d46b06a16acad2e21dfde3d81f02aed8
                                                                      • Instruction Fuzzy Hash: 20310833A1DA828AE710AF24E5402D9B764FB08780F864432DB4D83725DF3CE416CB10
                                                                      Function 00007FF7A0FFBA48 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID:
                                                                      • API String ID: 3000768030-0
                                                                      • Opcode ID: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                      • Instruction ID: c8ab889cbf557ce8dee64d8b6bab9c487f281dd83bad44e83d157a8321022d64
                                                                      • Opcode Fuzzy Hash: 51d66a3ea3a1e5720d3031fa8d01ef1f6d3b4a26eee4bfd04239a76c9c1293a5
                                                                      • Instruction Fuzzy Hash: 4E318122A1DB4785E7609B248580179AA50FB45BB0FAA1739DB6E173F4CF38F4A1D310
                                                                      Function 00007FF7A0FFB764 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7A0FFB750,00000000,?,?,?,00007FF7A0FE1023,00007FF7A0FFB859), ref: 00007FF7A0FFB7B0
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF7A0FFB750,00000000,?,?,?,00007FF7A0FE1023,00007FF7A0FFB859), ref: 00007FF7A0FFB7BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                      • Instruction ID: ce2c76060ca20c109cf52a75ca96723dbe856da5695de0d865951e3ac6113a0d
                                                                      • Opcode Fuzzy Hash: 7196098b30ecd42809471233c9619b7315c9fb41ce716e28bdee8d0b35162eb6
                                                                      • Instruction Fuzzy Hash: 6411B26361DA8385DA10AB35A444069F361AB84BF4F954731EE7D17BE9CE7CE0548740
                                                                      Function 00007FF7A0FF9F78 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                      • Instruction ID: 3390cfc0aa41ed6c4d80c58cff6af36a246291e23286fcd9c43fb636b25bf55a
                                                                      • Opcode Fuzzy Hash: 38b70030576bf13f94cd83556ee530387765cecd0e7570bb2763cadcf4087263
                                                                      • Instruction Fuzzy Hash: 8BE08651F0F60387FF14BBB15844075E2515F84700BC64434D90EA63B1DE6CB8998730
                                                                      Function 00007FF7A0FFA188 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7A0FFA005,?,?,00000000,00007FF7A0FFA0BA), ref: 00007FF7A0FFA1F6
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FFA005,?,?,00000000,00007FF7A0FFA0BA), ref: 00007FF7A0FFA200
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                      • Instruction ID: f7b6f67864904d42c8c7961f79971157b68a2f8aac4c15b4abb84a1d20cfcb6c
                                                                      • Opcode Fuzzy Hash: 6fe57093fbbb00cdf8389479e1e18e52ea82cce6ea34632ee61e1d7ac301845a
                                                                      • Instruction Fuzzy Hash: 37212663F1E24348FE50B33098C027AE2819F84BA0F874636DA2E133E6DE6CB4444710
                                                                      Function 00007FF7A0FFB4DC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                      • Instruction ID: 5073d467be95b4380257440a31eedc2bbf81d6638c0b249d5825f81afbf83e9d
                                                                      • Opcode Fuzzy Hash: 3cb10c43647639a768565940e1ce5c449de1869fbc1a92892aa118bde093882e
                                                                      • Instruction Fuzzy Hash: 1A41B53390E2438BEA24AB39E550179F3A0EB55780F991935D68E937E4DF6CF402C761
                                                                      Function 00007FF7A0FE6360 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 840049012-0
                                                                      • Opcode ID: a855f48cc0c6225f518e529d3fd53bc2cab9077c657b5af2ba78026b03b21181
                                                                      • Instruction ID: 843732166087193c3b4bd479b930939bf04d785a9dc1d593b277d9c581659430
                                                                      • Opcode Fuzzy Hash: a855f48cc0c6225f518e529d3fd53bc2cab9077c657b5af2ba78026b03b21181
                                                                      • Instruction Fuzzy Hash: CF215121B0E69785EA15FB3269043BAE651BF45BD4FCA4830EE0D277A6CE7DF045C214
                                                                      Function 00007FF7A0FFAF6C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                      • Instruction ID: 0f2d716754e0fe45d6c2ce7c67bf32f5d412338b1a4540310b4de1b779e73c7f
                                                                      • Opcode Fuzzy Hash: 215bf1b77ccde561eed8eea60c34a1d65fc1379a1c4c4c23abd8e86c97fd8e23
                                                                      • Instruction Fuzzy Hash: 37318F63A1E60389E7117B75884127DA650AB40B94FD3093AEA2D273F2DE7DF8418770
                                                                      Function 00007FF7A0FF8919 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                      • Instruction ID: bc1fc2dcc68eb3ed5005af2896d0d64da5a7f992fb900c706428ee22377883fe
                                                                      • Opcode Fuzzy Hash: 7474e071a48ef7130f5acd4d7b35ddfbaeb0d66e7037ac086cf5d56d8c80b409
                                                                      • Instruction Fuzzy Hash: 3D219132A0A7038DEB24AF74C4402FC77A0EB04718F891A35D65D16BE5DF78E445C755
                                                                      Function 00007FF7A0FF5538 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                      • Instruction ID: a8e39c0ad3a5b0698e442d1a8dedbb73d4212c6d20efc95fd47c80e04b83a9b8
                                                                      • Opcode Fuzzy Hash: 25f020cec256df429067bb606d051891f0f83e0bb8faa834007163ccabd97c9c
                                                                      • Instruction Fuzzy Hash: B711C223E0E64349EA60FF61951027DE260AF81F80F9A4835EB8C677A6CF3DF4404760
                                                                      Function 00007FF7A10057DC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                      • Instruction ID: 1ac43b42f8a601f90f49a0f267b1950a43f1cb6800720d07b62f342ef253a118
                                                                      • Opcode Fuzzy Hash: e860bb9bc84c29a06dccfc010b7eb52daf61d2c250f48aeb7393b4a8ace16f10
                                                                      • Instruction Fuzzy Hash: 4221C532A19A4287E760AF28D44037AB7B0FB84B54F954234EB5D876E5DF7CD4118F10
                                                                      Function 00007FF7A0FEE97C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                      • Instruction ID: 3efcb3ce69b49dab7a9395bf4b0d01a3fffb160dc92fb1e0024ea8bafc60127d
                                                                      • Opcode Fuzzy Hash: 298f7b2a666c55937c0a4044f00fb88544ba948c427ceaa5fd6043e577695ec0
                                                                      • Instruction Fuzzy Hash: DD01A522A0D75381EA44BB72A90016DE695AF95FE0F894A31DE5C63BEACE3CF4018710
                                                                      Function 00007FF7A0FE6310 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A0FE6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6DEA
                                                                      • LoadLibraryExW.KERNELBASE(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE6333
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                      • String ID:
                                                                      • API String ID: 2592636585-0
                                                                      • Opcode ID: d04350a69a5d0de22f0c3fec6e5848decc6b75c02966e6146df087db15ac8417
                                                                      • Instruction ID: c82722e9a93925a8d3566e1c373ba36036c92475108f8c921c6bc08593716dbd
                                                                      • Opcode Fuzzy Hash: d04350a69a5d0de22f0c3fec6e5848decc6b75c02966e6146df087db15ac8417
                                                                      • Instruction Fuzzy Hash: C4E08622B1954682EA18AB77A90547AE251EF48BC0BC99035EE0D47765DD2CE4914B00
                                                                      Function 00007FF7A0FFDEB8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF7A0FFAA16,?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E), ref: 00007FF7A0FFDF0D
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                      • Instruction ID: 60d25a15de4bb44a908ee8fadc611ec979f646ae0b6a7ab853fa07482e191d90
                                                                      • Opcode Fuzzy Hash: 69550027ed8e3bf035e7bef6798a6f7658c1153be72ca181ca789a5114add420
                                                                      • Instruction Fuzzy Hash: C7F06242B0F20348FF547B7158506B5E2965F55B40FCE4835C90EA63F1DE6CF4968230
                                                                      Function 00007FF7A0FFCC2C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7A0FEF1E4,?,?,?,00007FF7A0FF06F6,?,?,?,?,?,00007FF7A0FF275D), ref: 00007FF7A0FFCC6A
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                      • Instruction ID: 7b8295c527dde28eafc97f38e9c7d7b79d26541761fcf5aebc551f257abbd478
                                                                      • Opcode Fuzzy Hash: b827a7ab023d1767f95784f6f7fefaf86c66ee15463514ccfd07e797832e7771
                                                                      • Instruction Fuzzy Hash: D0F05E12B0F29748FE1577725A40676B2805F457A0F8A0A34DD2E553F1DE6CB4519670

                                                                      Non-executed Functions

                                                                      Function 00007FF7A0FE58E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF7A0FE58AD), ref: 00007FF7A0FE597A
                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF7A0FE58AD), ref: 00007FF7A0FE5980
                                                                        • Part of subcall function 00007FF7A0FE5AF0: GetEnvironmentVariableW.KERNEL32(00007FF7A0FE2817,?,?,?,?,?,?), ref: 00007FF7A0FE5B2A
                                                                        • Part of subcall function 00007FF7A0FE5AF0: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE5B47
                                                                        • Part of subcall function 00007FF7A0FF6818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A0FF6831
                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7A0FE5A31
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                      • API String ID: 1556224225-1116378104
                                                                      • Opcode ID: a2d3d61fd24428ac6a6f98a6e0a61bc7d205a4dc56e3469f4385a30d12448c9b
                                                                      • Instruction ID: cebb1cccd155b11647ee9f3fe8f8850719d04f2aacddb4991d83dfd92378d86f
                                                                      • Opcode Fuzzy Hash: a2d3d61fd24428ac6a6f98a6e0a61bc7d205a4dc56e3469f4385a30d12448c9b
                                                                      • Instruction Fuzzy Hash: EF513721F0F64784FA55BB32A9552BAD2825F49BC0FC64835EC0E677A6ED6CF5018720
                                                                      Function 00007FFDA3723980 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 313767242-0
                                                                      • Opcode ID: dc449cd1df23c4315b3124638d65066d361b91b4ca96099ba807f8ccbda4248d
                                                                      • Instruction ID: af558fd469df681e6e9e97038c1adcf1269a783669acd7c0ccdc54968c7c4886
                                                                      • Opcode Fuzzy Hash: dc449cd1df23c4315b3124638d65066d361b91b4ca96099ba807f8ccbda4248d
                                                                      • Instruction Fuzzy Hash: 5831607270AA818AEB608FA0E8607ED3372FB84744F444439DA8E57B96DF39C548C708
                                                                      Function 00007FFDA433A978 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 313767242-0
                                                                      • Opcode ID: 0df5665328d8ecf6c0eee01f5d89b31342fd8fb1c048f48e1992ce638da20fa5
                                                                      • Instruction ID: 5ac8612b7ce21278178ca9f99fc4ce2906489d12007ead21ac1b82486bb63932
                                                                      • Opcode Fuzzy Hash: 0df5665328d8ecf6c0eee01f5d89b31342fd8fb1c048f48e1992ce638da20fa5
                                                                      • Instruction Fuzzy Hash: 01316D7274AE8185EB60AF60E8A03ED3360FB85744F44443ADA4E47BA5DF7CE548C714
                                                                      Function 00007FF7A0FEAA2C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                      • Instruction ID: 65c4408e85e13c48355ea3a47fa881d158b505ddd24887d27d1ebb40e3841358
                                                                      • Opcode Fuzzy Hash: 414c3b7d1a52ef3ba5408d69683659119c26abb58edcf35ad0cee906abb0d3fb
                                                                      • Instruction Fuzzy Hash: F2316572609B82C6EB609F60E8403EEB365FB84744F85443ADA4D57794DF7CD658C720
                                                                      Function 00007FF7A1004EA0 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A1004EE5
                                                                        • Part of subcall function 00007FF7A1004838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100484C
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                        • Part of subcall function 00007FF7A0FF9F30: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7A0FF9F0F,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FF9F39
                                                                        • Part of subcall function 00007FF7A0FF9F30: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7A0FF9F0F,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FF9F5E
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A1004ED4
                                                                        • Part of subcall function 00007FF7A1004898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A10048AC
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100514A
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100515B
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100516C
                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A10053AC), ref: 00007FF7A1005193
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                      • String ID:
                                                                      • API String ID: 4070488512-0
                                                                      • Opcode ID: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                      • Instruction ID: 0f9a1f0af36f8161cb05eb05e908e1f79921774425f34aa93328cad302c2d29f
                                                                      • Opcode Fuzzy Hash: aa85b069b6fb92bd10a5b6d5be9144cf64bbc0ff06c8fbb0fdd7caf4b6a87e0b
                                                                      • Instruction Fuzzy Hash: AFD1B322A1A24286F714FF21D8401BEB761FF44794FC24436EA4D876A5DFBCE861CB60
                                                                      Function 00007FF7A0FF9C44 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                      • Instruction ID: 410f41abf22ace8a9b9ee82eae3ff362fcb1bdbe64dd3d3d72de2daa626ece71
                                                                      • Opcode Fuzzy Hash: 5dfb057c3f1a11160ff10646ccc1b52b02cf652cbed9a545e94d4dbf2c44da7d
                                                                      • Instruction Fuzzy Hash: 0F315132619B82C6E760DF25E8402EEB3A4FB88794F950536EA8D53B64DF3CD155CB10
                                                                      Function 00007FF7A1000A34 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2227656907-0
                                                                      • Opcode ID: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                      • Instruction ID: b25d6f7195e529e0be4cd2f455d680eb5e8fcd52451b616e01b757171ced677c
                                                                      • Opcode Fuzzy Hash: ced153bd746da3696451066ca553fc750e98195ae426049d21287c39b66479d4
                                                                      • Instruction Fuzzy Hash: D6B1C72AB1EA8641FB60BB2194005BEF350EB44BD4F854132E94F57BE9DE7CE451CB20
                                                                      Function 00007FF7A100511C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100514A
                                                                        • Part of subcall function 00007FF7A1004898: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A10048AC
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100515B
                                                                        • Part of subcall function 00007FF7A1004838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100484C
                                                                      • _get_daylight.LIBCMT ref: 00007FF7A100516C
                                                                        • Part of subcall function 00007FF7A1004868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A100487C
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7A10053AC), ref: 00007FF7A1005193
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                      • String ID:
                                                                      • API String ID: 3458911817-0
                                                                      • Opcode ID: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                      • Instruction ID: 47abae04dbd86ed4a8925197b82e92c99b289b65f8c3b1ed7feef163d7268bc1
                                                                      • Opcode Fuzzy Hash: 745ef94ea7204a2bfbd30c29007a49fe20bc82f24fe0203fc347e73c8b1ad169
                                                                      • Instruction Fuzzy Hash: B6516232A1A64286F710FF21D9815AAF760BF48784FC24535EA4D837B5DFBCE5218B60
                                                                      Function 00007FFDA43337D0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • %d in block, %d after MTF & 1-2 coding, %d+2 syms in use, xrefs: 00007FFDA433BA7E
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: memset
                                                                      • String ID: %d in block, %d after MTF & 1-2 coding, %d+2 syms in use
                                                                      • API String ID: 2221118986-3447602032
                                                                      • Opcode ID: d3558257d55abd9080c9ad24293b517f6c8fa68d468f9387980803ef37a07321
                                                                      • Instruction ID: b7dfb1d44296898e99e7ce2e69281d6af56212946e46bbec03180bdc71807fbe
                                                                      • Opcode Fuzzy Hash: d3558257d55abd9080c9ad24293b517f6c8fa68d468f9387980803ef37a07321
                                                                      • Instruction Fuzzy Hash: C0E15732B19A818AD721DF29D4A12B97354FB5678EF009335EA4D63BB6DB3EF1018704
                                                                      Function 00007FF7A0FE2F20 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F36
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F75
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2F9A
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2FBF
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE2FE7
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE300F
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE3037
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE305F
                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7A0FE22DE,?,?,?,?), ref: 00007FF7A0FE3087
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                      • API String ID: 190572456-3109299426
                                                                      • Opcode ID: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                      • Instruction ID: 894c70b344a960cb9a0167f8d7b024dc209ea6b856359841b0bad061bb578792
                                                                      • Opcode Fuzzy Hash: 3d8788b48c699204fb620db4b6681a167f3e5177f9efbc96361098fa63709e71
                                                                      • Instruction Fuzzy Hash: 9C42DE68A0FB47D1FB54FB14A948176B3A1AF04781BCA5435D84E06378FFECB5689B20
                                                                      Function 00007FF7A0FE4730 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                      • API String ID: 2238633743-1453502826
                                                                      • Opcode ID: e0502fcf1b420640f725b5f986344d9b1d5f93aef03ede1fdd1d364c869fabcf
                                                                      • Instruction ID: 1e1312ffbf3155ff6f875402f7222400617e2bf4cb4dbc8870ed8000b53fe5c1
                                                                      • Opcode Fuzzy Hash: e0502fcf1b420640f725b5f986344d9b1d5f93aef03ede1fdd1d364c869fabcf
                                                                      • Instruction Fuzzy Hash: 96E1D564E0FB03C0FB54FB54A950176B3A2AF04B90BDB9471D90D167B4EFACB5689B20
                                                                      Function 00007FFDA3722084 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 226COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                      • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                      • API String ID: 2322464913-730042774
                                                                      • Opcode ID: c9ade46ea20d25584dcc8921bd4bc6df0ee2ea7a7e6634942537edf886429ed1
                                                                      • Instruction ID: 9818faf80361da1948b5bb46726e3297d12ec5f3e89e233b9284ff11b6361ebd
                                                                      • Opcode Fuzzy Hash: c9ade46ea20d25584dcc8921bd4bc6df0ee2ea7a7e6634942537edf886429ed1
                                                                      • Instruction Fuzzy Hash: 44A18CA0B0A69342F6549B96F9312B53362AF04784F806034CE4DA6753EF2FFD45C72A
                                                                      Function 00007FFDA5468C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                      • API String ID: 2943138195-1388207849
                                                                      • Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                      • Instruction ID: 0a0421b70ce9573b0921ff7eea20a5e99c527c3ec86f2ec014017635535fb1f7
                                                                      • Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                      • Instruction Fuzzy Hash: C7F16AB2F0A61A94FB148B64C9743BC27B1BB06B44F404536DA0D56FAADFFDA644C348
                                                                      Function 00007FFDA546C3C8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: `anonymous namespace'
                                                                      • API String ID: 2943138195-3062148218
                                                                      • Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                      • Instruction ID: 2595aa4e94b9ff3dd2561ce6c5180a1c7b55b59a82a0462d10fb8ea9c3db7ade
                                                                      • Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                      • Instruction Fuzzy Hash: 55E15C72A0AB8A99EB10CF64D8A03ED77A1FB46B48F408036EA4D17B57DFB8D554C704
                                                                      Function 00007FFDA3717164 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 153threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_LongStringThread_free_lock$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                      • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                      • API String ID: 3070611864-1518367256
                                                                      • Opcode ID: 06a8b1797633f3e9f1baa306de3463f1a042246164606411b498aa83b03b32bb
                                                                      • Instruction ID: b604513479e23caf9faf620cb74f89f5e1bd662eb145ec25ab5355c70717cf1d
                                                                      • Opcode Fuzzy Hash: 06a8b1797633f3e9f1baa306de3463f1a042246164606411b498aa83b03b32bb
                                                                      • Instruction Fuzzy Hash: AD618122B0AAC2C5EA689BA1956437873A2FF45B50F144235DE2D273E3CF3EE455C309
                                                                      Function 00007FFDA371FFE4 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Mem_$FreeLongString$Arg_CallocClearDeallocExceptionFormatItemKeywords_Long_Mapping_MatchesMemoryOccurredParseSizeTupleUnsigned
                                                                      • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                      • API String ID: 1065449411-1461672608
                                                                      • Opcode ID: 335b8958b1e6fecbbc1b2946bb15ca81bc3a65301f35971cbee07f519d58f394
                                                                      • Instruction ID: d16a9b0607b9f8b139dce01a44c4df561460d7f4a031057156afab14fcf434cc
                                                                      • Opcode Fuzzy Hash: 335b8958b1e6fecbbc1b2946bb15ca81bc3a65301f35971cbee07f519d58f394
                                                                      • Instruction Fuzzy Hash: 86515071B0AB8282EB208F91F5602B9B3A6FF88B80F544135DA8D13756DF3DE058C745
                                                                      Function 00007FFDA3717F84 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                      • String ID: argument 'data'$contiguous buffer$decompress
                                                                      • API String ID: 883004049-2667845042
                                                                      • Opcode ID: 4c834b9d06f30c62921faa0a5208c83bfb1527783c96a9a8b77359d4552b8308
                                                                      • Instruction ID: 57741739a8bf45f829478604e9ce71da3bc296885e029ae5bd64ca48c0533278
                                                                      • Opcode Fuzzy Hash: 4c834b9d06f30c62921faa0a5208c83bfb1527783c96a9a8b77359d4552b8308
                                                                      • Instruction Fuzzy Hash: AF41C132B0AB8A92EB108B11D860379B3A2FF49B94F444135DE1D277A6DF3EE545C709
                                                                      Function 00007FF7A0FE6BF0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF7A0FE6C2C
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                      • API String ID: 203985260-1562484376
                                                                      • Opcode ID: 3862dad7a734e1b5327f1da3e4475b8c5beb01cc5423311b44373fd47d1e8b31
                                                                      • Instruction ID: 4dbc4542f05a7c0d9f5d8de521071bb6d408ef0a3d75bc4fbf6a0370f0e743a5
                                                                      • Opcode Fuzzy Hash: 3862dad7a734e1b5327f1da3e4475b8c5beb01cc5423311b44373fd47d1e8b31
                                                                      • Instruction Fuzzy Hash: BD41AC31A0EA4781F720BB26AC4007AB7A1AB94BD0FD64935E94D57BB5EF7CF1118720
                                                                      Function 00007FFDA4333044 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_$Arg_BufferContiguousIndexKeywordsLong_Number_Object_ReleaseSsize_tUnpackmemset
                                                                      • String ID: argument 'data'$contiguous buffer$decompress
                                                                      • API String ID: 2593461735-2667845042
                                                                      • Opcode ID: 489b83138cb8064df65243e52b52d077de491c5e396123879a079d1e6a1509c8
                                                                      • Instruction ID: 40e48e15421e2cbc62e940648d1b127a44f02f8b6bfc712027a44da8eb1f3cff
                                                                      • Opcode Fuzzy Hash: 489b83138cb8064df65243e52b52d077de491c5e396123879a079d1e6a1509c8
                                                                      • Instruction Fuzzy Hash: 84417121B5AF4282EA50AB12E8B427963A4FF46B94F449131DE6D077B6DF3CF845C708
                                                                      Function 00007FFDA546A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                      • Instruction ID: 72e18d5d94b8098a67cf969089f73c17f62bc3307c8ff0a714371ec73b34dbca
                                                                      • Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                      • Instruction Fuzzy Hash: 1CF17C72B09B8A9AE710DF65D4A03EC37B1EB06B4CB444032DA4D57B96DFB8D509D348
                                                                      Function 00007FFDA546D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                                      • API String ID: 2943138195-2309034085
                                                                      • Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                      • Instruction ID: 302238d960dbd41f69b653a8869a57225cfcddd68789945a31a6879c79f834ee
                                                                      • Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                      • Instruction Fuzzy Hash: 87E16C62F0AA5A94FB149B64C9743BC27A1AF46F44F440136CA0E17F9BDFBCA944C349
                                                                      Function 00007FF7A0FE1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                      • API String ID: 0-666925554
                                                                      • Opcode ID: d8cfd245c2b842eac18b9ec860ab2935fd44da81367d92f488978e2e77dcfbdf
                                                                      • Instruction ID: eb7a6a3adedc0293e9a2355b9cbcf134823dbbb4a0d86bbb805e83dafde25f6d
                                                                      • Opcode Fuzzy Hash: d8cfd245c2b842eac18b9ec860ab2935fd44da81367d92f488978e2e77dcfbdf
                                                                      • Instruction Fuzzy Hash: D7518D71B0E643C1FE20AB22A8106BAA360BB85B94FCA4831DD1D577B5EE7CF1558720
                                                                      Function 00007FF7A0FE6A60 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                      • API String ID: 4998090-2855260032
                                                                      • Opcode ID: c79bcb34d9950482b5642b7e8b58aabf54e811d274faf88abeec3ee0803c085a
                                                                      • Instruction ID: 34c951fb6fe23c871b6cb8ccc3a4473ff7589764b1697779b4b38b7ac6d21359
                                                                      • Opcode Fuzzy Hash: c79bcb34d9950482b5642b7e8b58aabf54e811d274faf88abeec3ee0803c085a
                                                                      • Instruction Fuzzy Hash: AE41713161D687C2E710EF20E8446AAB361FB84794F854631EA5E577A4DF7CE448CB20
                                                                      Function 00007FFDA5462CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 3436797354-393685449
                                                                      • Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                      • Instruction ID: d991ec83e7da6142b5b6cab6b6df65fdd74f514006530bec1b971128a79619ff
                                                                      • Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                      • Instruction Fuzzy Hash: 43D19032B0978996EB209F65E4603AD77A0FB46F98F000135EE8D57B5ACF78E494C744
                                                                      Function 00007FFDA37203E4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 131threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockThread_free_lockTupleType_
                                                                      • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                      • API String ID: 3029081906-3984722346
                                                                      • Opcode ID: 273e513f8ca3ad474df13d0bfc6a14d0ce733ae21530f73db41356d7592cbcf5
                                                                      • Instruction ID: a470fe2aefd5a68b0aeb8c3689c1021a3a3ab1bc9e1e658ed13bb1c574650a49
                                                                      • Opcode Fuzzy Hash: 273e513f8ca3ad474df13d0bfc6a14d0ce733ae21530f73db41356d7592cbcf5
                                                                      • Instruction Fuzzy Hash: BC517F72B0AB8289EB608F96E4604B877B6FB44784B500036DE4D23B56EF3EE444C715
                                                                      Function 00007FFDA371FE98 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyMapping_Check.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEBD
                                                                      • PyMapping_GetItemString.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FED7
                                                                      • PyLong_AsUnsignedLongLong.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEEC
                                                                      • PyErr_Occurred.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEFF
                                                                      • PyErr_ExceptionMatches.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FF78
                                                                      • PyErr_Format.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FFC1
                                                                      • PyErr_SetString.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FFDA
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA372558A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                      • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                      • API String ID: 1881886752-3390802605
                                                                      • Opcode ID: 77fa6589d453a4eb9c8da71517d291aae4064159501b0829a824121003cb23a9
                                                                      • Instruction ID: d63c90ea8525a5abcea25482e3567aa63dad3276b2538e992725a4dbfd617cbe
                                                                      • Opcode Fuzzy Hash: 77fa6589d453a4eb9c8da71517d291aae4064159501b0829a824121003cb23a9
                                                                      • Instruction Fuzzy Hash: BE411176B0AA43C1EB648F55A96423873E6FF46B80F448132DA4D663A3DE7EE445C309
                                                                      Function 00007FFDA3722A98 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                      • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                      • API String ID: 3656606796-2431706548
                                                                      • Opcode ID: 1f865104b5ec56abf7b835cf86625fbb744c1fda0ac40d1280ec3478d8359bd7
                                                                      • Instruction ID: ade4e32d3c3e3de137a0c43607328ddffcad99063c1c6dbc715d63f81034c3a3
                                                                      • Opcode Fuzzy Hash: 1f865104b5ec56abf7b835cf86625fbb744c1fda0ac40d1280ec3478d8359bd7
                                                                      • Instruction Fuzzy Hash: F131F561B09A8281EB108F61E8642B973B2FF84FC4F484131EA0D23766DF3EE945C745
                                                                      Function 00007FFDA3718448 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$MemoryString
                                                                      • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                      • API String ID: 60457842-2177155514
                                                                      • Opcode ID: 13fc9c28bf94d51711e54dbc170eec9cd0b93583607eeb6d5ead681ff5ce391a
                                                                      • Instruction ID: 652ea9c7db67a306742257b76b7ae712bfc09785c51c4b35d5d5306c0972f512
                                                                      • Opcode Fuzzy Hash: 13fc9c28bf94d51711e54dbc170eec9cd0b93583607eeb6d5ead681ff5ce391a
                                                                      • Instruction Fuzzy Hash: 1D216D62F2EA53A0E9788F98957563872A3AF4A340F506035CD0E257F7CE1FF944E609
                                                                      Function 00007FFDA3723050 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 349153199-0
                                                                      • Opcode ID: d65b745de3d487d9cb33355ea61edba222a1b326d57eea3f9f63b2389da7bb84
                                                                      • Instruction ID: 4e021f51129ad68f0f6d97ee3009310e7ef510654021b0bcdc93c25f53dd6bca
                                                                      • Opcode Fuzzy Hash: d65b745de3d487d9cb33355ea61edba222a1b326d57eea3f9f63b2389da7bb84
                                                                      • Instruction Fuzzy Hash: A881E161F0E64346FA649BE594712797293AF49B80F084039FA4C77397DF3EE805870A
                                                                      Function 00007FFDA433A1CC Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 349153199-0
                                                                      • Opcode ID: c5fb66690cc19b900b2a78e7650f3023e2b6ea1cddc9dd79312870641b5028eb
                                                                      • Instruction ID: dd2b709c78b0dc7ad261a550838dc7ccb55d709404bfb293ddd8eab9c31c835f
                                                                      • Opcode Fuzzy Hash: c5fb66690cc19b900b2a78e7650f3023e2b6ea1cddc9dd79312870641b5028eb
                                                                      • Instruction Fuzzy Hash: CE819921F8AE4386FA50BB6594F52B97290AF47780F184135DA0D837B7DEBDF8418708
                                                                      Function 00007FFDA3717D6C Relevance: 16.6, APIs: 11, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_memmove$Eval_Thread$Bytes_DeallocFreeFromMallocModuleReallocRestoreSaveSizeStateStringType_
                                                                      • String ID:
                                                                      • API String ID: 2269716368-0
                                                                      • Opcode ID: dc858228a67825307c5b4b35180acf8fdc6bcbae16a7170ae2df431ad5f3c3ef
                                                                      • Instruction ID: 29457e418ba93b90211ffca238f402b9a39b4de83f6b407f943dd37b3d383f07
                                                                      • Opcode Fuzzy Hash: dc858228a67825307c5b4b35180acf8fdc6bcbae16a7170ae2df431ad5f3c3ef
                                                                      • Instruction Fuzzy Hash: A5617F63B0AB8281EB548F61D56437833A6FB45F98F144136CE0D277AADF3EE4458319
                                                                      Function 00007FFDA546E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                      • API String ID: 0-3207858774
                                                                      • Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                      • Instruction ID: b16a88d415344983229b7c34507d3a15bdd6ea8d7508b720365f8421a4d97ba4
                                                                      • Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                      • Instruction Fuzzy Hash: D6917C22B0AA4E95FB108B65D4603B937E1EB56F44F884032EA4D07B97EFBCE515D348
                                                                      Function 00007FFDA546A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$Name::operator+=
                                                                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                      • API String ID: 179159573-1464470183
                                                                      • Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                      • Instruction ID: 96972200d44227e6a9b4f42a0fba82177ecf893d290700c038e863b287e7c3b5
                                                                      • Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                      • Instruction Fuzzy Hash: 36515831F1AB1AC9FB14CB65E8603AC33B1BB06B84F504135EA0D16F5ADFA9E581D304
                                                                      Function 00007FF7A0FE6670 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(WideCharToMultiByte,00007FF7A0FE1CE4,?,?,00000000,00007FF7A0FE6904), ref: 00007FF7A0FE6697
                                                                      • FormatMessageW.KERNEL32 ref: 00007FF7A0FE66C6
                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF7A0FE671C
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                      • API String ID: 2383786077-2573406579
                                                                      • Opcode ID: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                      • Instruction ID: 7f02f95556f4eb5cbe42aea558fc1df5f2e19fd4a4f97b92b7f33852a94631cb
                                                                      • Opcode Fuzzy Hash: ee4750cad08e904e569e44cd6da303e01fcfffc44399732fd87d74f29f2688a4
                                                                      • Instruction Fuzzy Hash: 1121AF31A1EA47C1FB60BB25E8446AAB365FB48384FC60135E54D927B4EF7CE1198B20
                                                                      Function 00007FFDA54688E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                      • Instruction ID: 59596a540975df1fa5495c6283a736237e8f51fa8915a074b979e689340d8295
                                                                      • Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                      • Instruction Fuzzy Hash: 5B611C62B15B5A98FB10DBA0D8A03EC37B2BB45B88B404436DE4D6BF4ADFB8D545C344
                                                                      Function 00007FFDA4332D78 Relevance: 15.1, APIs: 10, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_memmove$Bytes_DeallocFromMallocReallocSizeString
                                                                      • String ID:
                                                                      • API String ID: 1285943476-0
                                                                      • Opcode ID: 6f5f8409d7685b87bf51d1da4f85cac23dc218c84fa201a3f9492e95715b92f3
                                                                      • Instruction ID: 7b00c3f8e7039ca6482535eec108947cc66130a364c5cac2ef61718851c5ec75
                                                                      • Opcode Fuzzy Hash: 6f5f8409d7685b87bf51d1da4f85cac23dc218c84fa201a3f9492e95715b92f3
                                                                      • Instruction Fuzzy Hash: 7D51F622B8AF4281EB54AF2694B437863A0AB46F94F588435CE5D477BADF3CF4558308
                                                                      Function 00007FF7A0FEF5C8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$f$p$p$f
                                                                      • API String ID: 3215553584-1325933183
                                                                      • Opcode ID: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                      • Instruction ID: 1376f2ed82f21cc8a3053e6375fd8c82302e73d3daa04c5f69775688a4e2ed8a
                                                                      • Opcode Fuzzy Hash: 5b8d5396a44c552a0cc4e48ad8092be8cf806d396b8c8f6251230df5f0eb9214
                                                                      • Instruction Fuzzy Hash: 72129122E0E143C6FB207A34E45477AF651EB80754FD64832D68A667E4DF3CF4A88B21
                                                                      Function 00007FFDA54631A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 211107550-393685449
                                                                      • Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                      • Instruction ID: d1ee8fd5f79f8779e35f6691ea709c52a2244ddaaffceae4029aeb277fe0f2f5
                                                                      • Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                      • Instruction Fuzzy Hash: 69E19272B097C58AE7209F24E4A03AD7BA0FB46F48F144136DA8D47B56DF78E485CB44
                                                                      Function 00007FFDA4331C74 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSaveThread_acquire_lock__acrt_iob_func
                                                                      • String ID: %d work, %d block, ratio %5.2f$ too repetitive; using fallback sorting algorithm$VUUU
                                                                      • API String ID: 1485238034-2988393112
                                                                      • Opcode ID: b6afabacf775a9cc451f3460281906f66054786c8d903f877a2cf8c040c4fbb5
                                                                      • Instruction ID: de6f251f4929ea7397fa12f6d9193a97753c430bc3881e7c532f330d299ec00f
                                                                      • Opcode Fuzzy Hash: b6afabacf775a9cc451f3460281906f66054786c8d903f877a2cf8c040c4fbb5
                                                                      • Instruction Fuzzy Hash: 7741D132B49A0287E614AF25D4A51B973A1FF8AB94F101236DA0E537B6DF3DF4828604
                                                                      Function 00007FFDA546BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                      • API String ID: 2943138195-2239912363
                                                                      • Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                      • Instruction ID: 6cc5b24539cabd735fd5db45b41afd5dfb56190feb6008fe0a22b35078a5564d
                                                                      • Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                      • Instruction Fuzzy Hash: F9514B62F1AB5A98FB15CB60D8613BC77B0BB0AB44F444136DA4D52B9ADFBC9044CB18
                                                                      Function 00007FF7A0FE6130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                      • API String ID: 2895956056-3524285272
                                                                      • Opcode ID: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                      • Instruction ID: 8425f22972fb6c4705125320dc8d2d1ed0a894da8e2768be2501cc697fa55419
                                                                      • Opcode Fuzzy Hash: d5693698e4819ce5d510509d5cda6c943b390b1bcdb6e918232fd1435297541c
                                                                      • Instruction Fuzzy Hash: CE411232A0D78685EB20AB74E4452AAF360FF94360F914735E6AD47BE5DF7CE0548B10
                                                                      Function 00007FFDA43332CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: String$Bytes_Err_FromSizeThread_allocate_lockThread_free_lock
                                                                      • String ID: Unable to allocate lock
                                                                      • API String ID: 1127547223-3516605728
                                                                      • Opcode ID: 656a757a0f44f6d20da88ea11dbc9c575cb2382933565d6592e5d338dbd8dccc
                                                                      • Instruction ID: 49cc30f71bc5da44f994c41f44323be23ba7c3f6f7318adb1e7787b33323e9f5
                                                                      • Opcode Fuzzy Hash: 656a757a0f44f6d20da88ea11dbc9c575cb2382933565d6592e5d338dbd8dccc
                                                                      • Instruction Fuzzy Hash: E7310522B8AE4281FB54AB25D5B537C22A4BF46B59F148134CA4E467B6CF2CF854C308
                                                                      Function 00007FFDA3718264 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                      • String ID: argument$compress$contiguous buffer
                                                                      • API String ID: 1731275941-2310704374
                                                                      • Opcode ID: 303c03b729e6573333164b2c625588096349921c33744cf354f1b9e9d382ae5e
                                                                      • Instruction ID: 2f10e2a1894d1762904b304ad3e7a831e1ba8ab729c1939947dda4f2293fcdcc
                                                                      • Opcode Fuzzy Hash: 303c03b729e6573333164b2c625588096349921c33744cf354f1b9e9d382ae5e
                                                                      • Instruction Fuzzy Hash: 9C110862B19A82D1EB10CB61E8602B9B362FF88FC0F944131D94C63766DF3DD645C704
                                                                      Function 00007FFDA43325BC Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                      • String ID: argument$compress$contiguous buffer
                                                                      • API String ID: 1731275941-2310704374
                                                                      • Opcode ID: ce6c72934237c014d5c148d159e5f103d980a828e69fd7f3fc88f21be58226ff
                                                                      • Instruction ID: f8cb2534bee9b70e5c20102da7ab7b9d45de9f7e4ed4fef107d1e28f442a4379
                                                                      • Opcode Fuzzy Hash: ce6c72934237c014d5c148d159e5f103d980a828e69fd7f3fc88f21be58226ff
                                                                      • Instruction Fuzzy Hash: B2117C22B49E4281FA20EB25E4B42A96360FF8AB84F948131DA5C43776DF7CE945C704
                                                                      Function 00007FF7A0FECF90 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 849930591-393685449
                                                                      • Opcode ID: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                      • Instruction ID: 35646820e0ffd6beca7f766515bdad3345d96875fc14ce1adb297487633da4fa
                                                                      • Opcode Fuzzy Hash: c9717f7599358984fa081211ebe6d8e8a7f2fe77f13a54a703b9fcdffbee59eb
                                                                      • Instruction Fuzzy Hash: 28E18132A0E742CAEB20AB7594402ADB7A0FB44B98F410935EF4D67BA5CF38F581C751
                                                                      Function 00007FFDA5465F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                      • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                      • API String ID: 1852475696-928371585
                                                                      • Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                      • Instruction ID: 711cb7a7f1e9802a5cd72991a34318983f8af901a4279e16228a962bc2e5dc03
                                                                      • Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                      • Instruction Fuzzy Hash: 7F51A162B0AA4B92EE24CB14E4A07B96360FF56F94F404431DA8D07B66EFBCE505C304
                                                                      Function 00007FFDA546E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$Name::operator+=
                                                                      • String ID: {for
                                                                      • API String ID: 179159573-864106941
                                                                      • Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                      • Instruction ID: bc05612f37afb7ad4066fdb41cd29b2a0fff75faf9204f005b192d6ec4470bde
                                                                      • Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                      • Instruction Fuzzy Hash: F7513E72B09A8A99F7159F24D4513ED73A2EB46B48F448032EA4C47F96DFBCD554C304
                                                                      Function 00007FF7A0FE67C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE685F
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE68AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 626452242-27947307
                                                                      • Opcode ID: 02e5b0b248b44fa656670cb4dcae359b0766aafddf42063cad3b4e8aee1a8378
                                                                      • Instruction ID: 5c4f35b75a9974c4a8a0ead7dab40317ae771b5907a4ae1a0061a937b4fc281f
                                                                      • Opcode Fuzzy Hash: 02e5b0b248b44fa656670cb4dcae359b0766aafddf42063cad3b4e8aee1a8378
                                                                      • Instruction Fuzzy Hash: 72418F32A0EB86C5E720EF21B84016AF7A4FB84790F9A4535DA8D53BA5DF3CE456C710
                                                                      Function 00007FFDA3721D38 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721D83
                                                                      • memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721DCB
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721DE2
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721E24
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                                                      • String ID: Unable to allocate output buffer.
                                                                      • API String ID: 3327154725-2565006440
                                                                      • Opcode ID: 1ca65adf5f06bf4806857590d55b9c13c2a485ced682453d4a38273babd4d354
                                                                      • Instruction ID: 60d56e923f4d2296daa114f4e0c9af7f8863e11eb3fecfd44685d5aaa0ed9565
                                                                      • Opcode Fuzzy Hash: 1ca65adf5f06bf4806857590d55b9c13c2a485ced682453d4a38273babd4d354
                                                                      • Instruction Fuzzy Hash: 58416DB2B0AA46C1EB198F92D96026D77A2FB48FD4F188432DE0D27756CF39D151C30A
                                                                      Function 00007FFDA54668AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA5466931
                                                                      • GetLastError.KERNEL32(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA546693F
                                                                      • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA5466958
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA546696A
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA54669B0
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FFDA5466A6B,?,?,00000000,00007FFDA546689C,?,?,?,?,00007FFDA54665E5), ref: 00007FFDA54669BC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                      • String ID: api-ms-
                                                                      • API String ID: 916704608-2084034818
                                                                      • Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                      • Instruction ID: de1562d6ce10a6321a9bd58ebb8b5aeea56b6a62017d3692c41cf12bb96f6bf6
                                                                      • Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                      • Instruction Fuzzy Hash: E331C621B1BA8A91FE11DB02A8203B56394BF06FA0F194535DD1D0BB96EFBCE148C748
                                                                      Function 00007FFDA3725CBC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyErr_SetString.PYTHON310(?,?,?,00007FFDA3724795,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3725CF4
                                                                      • PyBytes_FromStringAndSize.PYTHON310(?,?,?,00007FFDA3724795,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3725D57
                                                                      • PyList_Append.PYTHON310(?,?,?,00007FFDA3724795,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3725D6B
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFDA3724795,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3725D8A
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFDA3724795,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3725D9D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                      • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                      • API String ID: 1563898963-3455802345
                                                                      • Opcode ID: a5c83a929c8a3d3e3e6269da13eee794442fc036ed40398e420d6479497a2429
                                                                      • Instruction ID: dfdfbcb1e67b80a1b4bb73d7ede982931bab28ea88e914e2d59428e005eff4a4
                                                                      • Opcode Fuzzy Hash: a5c83a929c8a3d3e3e6269da13eee794442fc036ed40398e420d6479497a2429
                                                                      • Instruction Fuzzy Hash: 9731866170AB4682EF14CF95E4A4139B362FF48BA4B144631DE6D677A3DF3EE4418305
                                                                      Function 00007FFDA433C458 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                      • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                      • API String ID: 1563898963-3455802345
                                                                      • Opcode ID: 02faaa186e3c285db46cc283cf4754e2baa43bb0487fc95db9530d15d3fd3711
                                                                      • Instruction ID: 114cbbc6c9bdbae9c4155ecf0a127773fb3d92fe0769a1c64bdefb342e12a79e
                                                                      • Opcode Fuzzy Hash: 02faaa186e3c285db46cc283cf4754e2baa43bb0487fc95db9530d15d3fd3711
                                                                      • Instruction Fuzzy Hash: B6316F22B4AF46C2EE54EB16E4B01786360FB46BA4F144631DA6D837B6DF2CF4518304
                                                                      Function 00007FF7A0FE6EC0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A0FE2D35,?,?,?,?,?,?), ref: 00007FF7A0FE6F01
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A0FE2D35,?,?,?,?,?,?), ref: 00007FF7A0FE6F75
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 1717984340-27947307
                                                                      • Opcode ID: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                      • Instruction ID: 868a5c692a679927c1a713e24e5e62ccca2b5dcaf26b81d3eb04cf931a0dba97
                                                                      • Opcode Fuzzy Hash: d869b65ad41923ea885775a182ffbbb4fa8a6a55f9429b012359a23964d7bd56
                                                                      • Instruction Fuzzy Hash: 1C218F31A0EB47C5EB10EF66AD40069F761AB84BD0B9A4936D60D937B4EF7CF4148710
                                                                      Function 00007FFDA3719374 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                      • String ID: Already at end of stream
                                                                      • API String ID: 2195683152-1334556646
                                                                      • Opcode ID: ed2a6f803f659454fd16fd1d50c8850b04e012d99a183f4d5e22ae895119c5db
                                                                      • Instruction ID: 75b0e15eb049a8eaea48bfceb1b69bb2b9a983ffa2d375d1c3eb0f3d26da40f3
                                                                      • Opcode Fuzzy Hash: ed2a6f803f659454fd16fd1d50c8850b04e012d99a183f4d5e22ae895119c5db
                                                                      • Instruction Fuzzy Hash: 00116062B09B8181EB14DB92E9642697362FB89FC0F045032DE0E63763CF3EE455C309
                                                                      Function 00007FFDA43331CC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lockmemmove
                                                                      • String ID: End of stream already reached
                                                                      • API String ID: 4192957916-3466344095
                                                                      • Opcode ID: 3c50c53e7e3f202b4bc3bda35173afe72dfaf544829dd58b274516aa7783b60d
                                                                      • Instruction ID: ace55bd920cb9cdc6d749111fa376e2944c534e794e369ec728203f630da8fda
                                                                      • Opcode Fuzzy Hash: 3c50c53e7e3f202b4bc3bda35173afe72dfaf544829dd58b274516aa7783b60d
                                                                      • Instruction Fuzzy Hash: CE113021B49E4185E644EB22E9B41696764FB8AFC0F049031DE1E83776CF3CF465C308
                                                                      Function 00007FFDA3718DA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyThread_acquire_lock.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA3718DC6
                                                                      • PyThread_release_lock.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA3718DF8
                                                                      • PyErr_SetString.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA3718E28
                                                                        • Part of subcall function 00007FFDA37182F8: PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718333
                                                                        • Part of subcall function 00007FFDA37182F8: PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718347
                                                                        • Part of subcall function 00007FFDA37182F8: PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA371835D
                                                                        • Part of subcall function 00007FFDA37182F8: PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183AB
                                                                        • Part of subcall function 00007FFDA37182F8: PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183C5
                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA3724960
                                                                      • PyThread_acquire_lock.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA3724975
                                                                      • PyEval_RestoreThread.PYTHON310(?,?,?,00007FFDA37182CA), ref: 00007FFDA372497E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                      • String ID: Compressor has been flushed
                                                                      • API String ID: 3871537485-3904734015
                                                                      • Opcode ID: 908f4d78f1c210165b65e6298114a3072e7d9a4b13bcca953b5102c2715e1cfd
                                                                      • Instruction ID: 9a2b007843ef0ba598e2dbbcf3a7b07cb00ea84339163fac737394527bb11e14
                                                                      • Opcode Fuzzy Hash: 908f4d78f1c210165b65e6298114a3072e7d9a4b13bcca953b5102c2715e1cfd
                                                                      • Instruction Fuzzy Hash: 24113D62B09A8281EB54CB62E9642697366FB88FC0F045031DE4D63B66CF3DE455C306
                                                                      Function 00007FFDA4332650 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lock
                                                                      • String ID: Compressor has been flushed
                                                                      • API String ID: 1906554297-3904734015
                                                                      • Opcode ID: 46fac63bd8713d1d6eb80c2962834a581c8536a49f179b480be59176f658586a
                                                                      • Instruction ID: 2d71db224043f941cdd437ced7c922f7fd664ff14548239afc1408cb4a89bab3
                                                                      • Opcode Fuzzy Hash: 46fac63bd8713d1d6eb80c2962834a581c8536a49f179b480be59176f658586a
                                                                      • Instruction Fuzzy Hash: F211F521B49E5282EA50EB12E9B41696364FB8AFC0F049432DE2E47B76CF7CF461C344
                                                                      Function 00007FFDA37227D8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyThread_acquire_lock.PYTHON310 ref: 00007FFDA37227FD
                                                                      • PyThread_release_lock.PYTHON310 ref: 00007FFDA372283A
                                                                      • PyErr_SetString.PYTHON310 ref: 00007FFDA3722864
                                                                        • Part of subcall function 00007FFDA37182F8: PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718333
                                                                        • Part of subcall function 00007FFDA37182F8: PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718347
                                                                        • Part of subcall function 00007FFDA37182F8: PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA371835D
                                                                        • Part of subcall function 00007FFDA37182F8: PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183AB
                                                                        • Part of subcall function 00007FFDA37182F8: PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183C5
                                                                      • PyEval_SaveThread.PYTHON310 ref: 00007FFDA3725B44
                                                                      • PyThread_acquire_lock.PYTHON310 ref: 00007FFDA3725B59
                                                                      • PyEval_RestoreThread.PYTHON310 ref: 00007FFDA3725B62
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                      • String ID: Repeated call to flush()
                                                                      • API String ID: 3871537485-194442007
                                                                      • Opcode ID: 3f5d1a7487796d4589feb1ea039caf1d561c95a765cc4565cb986a041285c514
                                                                      • Instruction ID: d22fec218d8a31abef9aba4ba32cb4ae8aa8a058060e67b4710007b325d9373f
                                                                      • Opcode Fuzzy Hash: 3f5d1a7487796d4589feb1ea039caf1d561c95a765cc4565cb986a041285c514
                                                                      • Instruction Fuzzy Hash: AA114F61B09A8282E7548BA6E9643797262FF88B80F048030DA0E27766CF3EE455C306
                                                                      Function 00007FFDA4332010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_SizeThread_release_lock
                                                                      • String ID: Repeated call to flush()
                                                                      • API String ID: 3236580226-194442007
                                                                      • Opcode ID: 3c8657066936499e4be75db283af80baae4d843b4404a709fbe5a4b3cc9b1105
                                                                      • Instruction ID: 818d9a22f87094f01ddd76d9c678d15d63dd1524c813dc16fbcadd8325811ecf
                                                                      • Opcode Fuzzy Hash: 3c8657066936499e4be75db283af80baae4d843b4404a709fbe5a4b3cc9b1105
                                                                      • Instruction Fuzzy Hash: AD111C31B49E5282FA50EB22E9B42792364FB8AB81F048031DA5E47B76CF3DF465C344
                                                                      Function 00007FFDA54627CC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort$AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1501936508-0
                                                                      • Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                      • Instruction ID: 4830355658c9420a6f1d0d088897b833a777bdba034d734aae398bbba1503170
                                                                      • Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                      • Instruction Fuzzy Hash: 8B51B421F0FA4BA1FA659B119864338F794EF46FC0F498535EA4D06B87DFACE4458308
                                                                      Function 00007FFDA54625E8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort$AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1501936508-0
                                                                      • Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                      • Instruction ID: d00f69e96dcd4ff88c2347275d2d7353ecfa4e30e7bff77a0aff6bd06e151ccf
                                                                      • Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                      • Instruction Fuzzy Hash: CF51B121B0FA4BA1EA659F119164B38A390FF56F81F054435EA4E07F97EFACE841C309
                                                                      Function 00007FF7A0FF93C4 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: f$p$p
                                                                      • API String ID: 3215553584-1995029353
                                                                      • Opcode ID: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                      • Instruction ID: 7f2ba4d71a3e605b990f9ebccbae81249e5ad05052547974ca69faa27e316fb4
                                                                      • Opcode Fuzzy Hash: d478605e8072a694eb9a9d804e4987f1596106984b5661be3eee2fb972e34d58
                                                                      • Instruction Fuzzy Hash: C6128F23E0E2438BFB64BE259054279B691EB80754FDA4835D68B667E4DB3CF580CB24
                                                                      Function 00007FFDA5465520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader_local_unwind
                                                                      • String ID: MOC$RCC$csm$csm
                                                                      • API String ID: 2627209546-1441736206
                                                                      • Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                      • Instruction ID: 77d0fef991983955c4d082895f1eab87c1f19a0873cca3300b124f3e6471c824
                                                                      • Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                      • Instruction Fuzzy Hash: 03519072B0A61A86EB609F2590203BD66A0FF96F94F941531DA4C43B8BDFBCE441CB45
                                                                      Function 00007FFDA37182F8 Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718333
                                                                      • PyBytes_FromStringAndSize.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3718347
                                                                      • PyList_New.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA371835D
                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183AB
                                                                      • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37183C5
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA37247D7
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFDA3718DEE,?,?,?,00007FFDA37182CA), ref: 00007FFDA3724821
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                      • String ID:
                                                                      • API String ID: 2831925710-0
                                                                      • Opcode ID: 77ec36d3afde461cf6a5189d8a5a3cb1abec550234130b40077411850f97c0dc
                                                                      • Instruction ID: eda47b08bb67e6c674a47f67f774af277196d13e3838bd45dbc8df3de72cf90a
                                                                      • Opcode Fuzzy Hash: 77ec36d3afde461cf6a5189d8a5a3cb1abec550234130b40077411850f97c0dc
                                                                      • Instruction Fuzzy Hash: BA419122F0AB9296EA249F55E56013973A5FF48B60F580235DE5D237E2EF3EE450C309
                                                                      Function 00007FF7A0FE6FB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 626452242-876015163
                                                                      • Opcode ID: 9c6e19a5a84aeb67727d60a37d4bc604be489eb4fd0075111d56c9fa607bfdf6
                                                                      • Instruction ID: 93cf522844e28c3f99538b463e2291c0075f913f8895167438c805dc14e63813
                                                                      • Opcode Fuzzy Hash: 9c6e19a5a84aeb67727d60a37d4bc604be489eb4fd0075111d56c9fa607bfdf6
                                                                      • Instruction Fuzzy Hash: 30415E32A0EB83C6E620EF25A84016AB6A5FB84790F964535EA4D57BB4DF3CE452C710
                                                                      Function 00007FFDA4339B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Bytes_FromSizeStringmemmove
                                                                      • String ID: Unable to allocate output buffer.
                                                                      • API String ID: 3327154725-2565006440
                                                                      • Opcode ID: cf69bc1c2dffb572901609e84d9544dd0b091b7afe16062cab03c015a5b89929
                                                                      • Instruction ID: bb50e6df7cfc4afc28b9043a86ddb6f9130e451af32e93882cd3b937609e930f
                                                                      • Opcode Fuzzy Hash: cf69bc1c2dffb572901609e84d9544dd0b091b7afe16062cab03c015a5b89929
                                                                      • Instruction Fuzzy Hash: 9D4115A2B4AE46C1EA55AF16D9B426D63A0FF4AF94F184432DE0E07776CF3CE4558308
                                                                      Function 00007FFDA546D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::atol
                                                                      • String ID: `template-parameter$void
                                                                      • API String ID: 2130343216-4057429177
                                                                      • Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                      • Instruction ID: f716fc6f0102d561fccd55210ae44d0391a27e65b163af6ce89cf0e0160f15ac
                                                                      • Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                      • Instruction Fuzzy Hash: 7B411B22F0AB5A88FB109BA5D8653BC2371BB0AB84F545136DE0D17B5ADFBCA505C344
                                                                      Function 00007FF7A0FEC248 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC2CD
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC2DB
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC305
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC34B
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7A0FEC4FA,?,?,?,00007FF7A0FEC1EC,?,?,00000001,00007FF7A0FEBE09), ref: 00007FF7A0FEC357
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                      • Instruction ID: 182f602713a5d4a495b2c887e662605aa1106808852997e7545fe454b59de3af
                                                                      • Opcode Fuzzy Hash: 9ce77a0163c425c367fd7c26c9c82fe5a817cd2dfec158d19dd861a4531b58f3
                                                                      • Instruction Fuzzy Hash: F331D221A0F603C5FE51EB22A400679B394FF08BA0F8A8935EE1D56364EF3CF0468764
                                                                      Function 00007FF7A0FE55E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A0FE6DB0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6DEA
                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7A0FE592F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7A0FE563F
                                                                      Strings
                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7A0FE5653
                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7A0FE5616
                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7A0FE569A
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                      • API String ID: 2001182103-3498232454
                                                                      • Opcode ID: 9bebef7b456891e8881b47775a8e19f061b21e2c6f05d606d7cbdaea43ced74d
                                                                      • Instruction ID: 45303cd5b6fe38ab36463e0350fe55557fe3b0614eb00d994b8378dbb345b133
                                                                      • Opcode Fuzzy Hash: 9bebef7b456891e8881b47775a8e19f061b21e2c6f05d606d7cbdaea43ced74d
                                                                      • Instruction Fuzzy Hash: EE319551F1E787C0FA20F73599552BAE251AF987C0FC64835DA4E627B6EE6CF1048620
                                                                      Function 00007FFDA5468624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                      • API String ID: 2943138195-2211150622
                                                                      • Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                      • Instruction ID: 4d68616a1f7b320d1911ca5c7517fec61e325731c0904321ba0f4373a0704732
                                                                      • Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                      • Instruction Fuzzy Hash: 51414972F0AB4A98FB118B24D8603AC37E5BB0AB08F444131DA4D27B56DFBCA544C748
                                                                      Function 00007FFDA546A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: char $int $long $short $unsigned
                                                                      • API String ID: 2943138195-3894466517
                                                                      • Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                      • Instruction ID: 7d8c138f5fe01109428cc35fb1c39e1d9b603e7d3767adac1e76a1246a3a8d28
                                                                      • Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                      • Instruction Fuzzy Hash: 4D416F31F1AB5AC9F7118F65D8643BC37A1BB06B44F448036DA0C56F5ADFA89584D708
                                                                      Function 00007FF7A0FE6DB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6DEA
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A0FE6E70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 1717984340-876015163
                                                                      • Opcode ID: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                      • Instruction ID: 9e23e5d207b52d7c345b156b0d306be23436765d22af0750b3233c9b118a1b45
                                                                      • Opcode Fuzzy Hash: 7f54e5da8ee4cb54e1cd0e604769d215f15cea2374718bc11fd99751b49c0007
                                                                      • Instruction Fuzzy Hash: 65218525B0DA4281EB20EB29F90016AF761FB847C4F994531DB4C93BB9EE6CE5618B10
                                                                      Function 00007FF7A0FFA780 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA78F
                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7A4
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7C5
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA7F2
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA803
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA814
                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F,?,?,?,00007FF7A0FF9473), ref: 00007FF7A0FFA82F
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: c556bcea9941d530c195de90c7ce9b2392d0a01d085d118c12b8cb389224617b
                                                                      • Instruction ID: 1fb7bb6ca5008547a7bedc54972005c1b6681a96b200ffce9a3c6eca03b0ed47
                                                                      • Opcode Fuzzy Hash: c556bcea9941d530c195de90c7ce9b2392d0a01d085d118c12b8cb389224617b
                                                                      • Instruction Fuzzy Hash: 4B21CF22E0F2034AFA587334555513AE1524F447E0F864F32E83E27BFAEEACB4018221
                                                                      Function 00007FF7A10070EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                      • Instruction ID: 9b49fa47425af62f293bdc3b6b76db92b8217f5e1286a45095ecf0cf76b4e36c
                                                                      • Opcode Fuzzy Hash: 900c1da012dee1dfb60ea43974335527b3f6c3b56b4e810762f126343bdfd55c
                                                                      • Instruction Fuzzy Hash: A711D621719A41C6F3509B46E85436AB7A0FB48BE4F860234EA5E437A0DFBCD4248B10
                                                                      Function 00007FFDA3721270 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                      • String ID: Invalid filter specifier for delta filter$|OO&
                                                                      • API String ID: 3027669873-2010576982
                                                                      • Opcode ID: 3b6532d8c8eca6c5558573913ce52dd522c3df3348e85705e64ed9383f616bda
                                                                      • Instruction ID: 8a9df18cb2c95c75ec7b3598e2ba0961e19ebd688604b794f41798f8540fb19b
                                                                      • Opcode Fuzzy Hash: 3b6532d8c8eca6c5558573913ce52dd522c3df3348e85705e64ed9383f616bda
                                                                      • Instruction Fuzzy Hash: 7F1109B2B0AB8696EB008F91D46456833A5FF48B44F504035EA0D63362DF7EE54AC755
                                                                      Function 00007FFDA37211E4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                      • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                      • API String ID: 3027669873-3728029529
                                                                      • Opcode ID: 8ee6499aee703b95cac1899c2c019a8016f4ba75a238a443bd35c12d8ac2c3ad
                                                                      • Instruction ID: cad623d92edd4ca0b563e415e06e69d5db65742228fcdf6771a5c3c1e7cb5b45
                                                                      • Opcode Fuzzy Hash: 8ee6499aee703b95cac1899c2c019a8016f4ba75a238a443bd35c12d8ac2c3ad
                                                                      • Instruction Fuzzy Hash: D3012D71B0AB8285EB00CB91D4A556833E5FF48B50F500035D50D53362EF3EE549C35A
                                                                      Function 00007FFDA433C5A8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDA433C5B5
                                                                        • Part of subcall function 00007FFDA433C564: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00007FFDA433AF32), ref: 00007FFDA433C59A
                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDA433C5E1
                                                                      • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA433C5FB
                                                                      Strings
                                                                      • 1.0.8, 13-Jul-2019, xrefs: 00007FFDA433C5BB
                                                                      • *** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac, xrefs: 00007FFDA433C5EA
                                                                      • bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth, xrefs: 00007FFDA433C5C8
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: __acrt_iob_func$__stdio_common_vfprintfexit
                                                                      • String ID: bzip2/libbzip2: internal error number %d.This is a bug in bzip2/libbzip2, %s.Please report it to: bzip2-devel@sourceware.org. If this happenedwhen you were using some program which uses libbzip2 as acomponent, you should also report this bug to the auth$*** A special note about internal error number 1007 ***Experience suggests that a common cause of i.e. 1007is unreliable memory or other hardware. The 1007 assertionjust happens to cross-check the results of huge numbers ofmemory reads/writes, and so ac$1.0.8, 13-Jul-2019
                                                                      • API String ID: 77255540-989448446
                                                                      • Opcode ID: 6a2537f25ee9636368bde20c122c36733cd78ca2c6a2d4bb0c725c45ad603cf3
                                                                      • Instruction ID: 5d775ed75fb660020fbbb5aec354b75687228a62abf0d341ca65fecc37744f36
                                                                      • Opcode Fuzzy Hash: 6a2537f25ee9636368bde20c122c36733cd78ca2c6a2d4bb0c725c45ad603cf3
                                                                      • Instruction Fuzzy Hash: CDE03920B8AE0792FA18B765E8F62781315AF06B00F001139D50E063B3DD6CB9058649
                                                                      Function 00007FFDA4332BC8 Relevance: 9.1, APIs: 6, Instructions: 119threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocEval_Thread$Bytes_FromList_RestoreSaveSizeString
                                                                      • String ID:
                                                                      • API String ID: 722544280-0
                                                                      • Opcode ID: a386d8508675393f46c085708349f52ead3a018678164d5ea025a12175505883
                                                                      • Instruction ID: 4d909d061f06ac0b71db29c7a3b65f98106da210dc674180b0888d27582478ed
                                                                      • Opcode Fuzzy Hash: a386d8508675393f46c085708349f52ead3a018678164d5ea025a12175505883
                                                                      • Instruction Fuzzy Hash: C7416522B4AF1296EA64AB1195B427D32A0FB56B60F144235DE6D437F2EF3CF851C344
                                                                      Function 00007FFDA54662D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                      • String ID:
                                                                      • API String ID: 3741236498-0
                                                                      • Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                      • Instruction ID: 4ae11e084cb8f134e307bdd11bdbe3a0669a9132458d205b029954f45a8d61d3
                                                                      • Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                      • Instruction Fuzzy Hash: 1531E421B1A79A80FB118B26A8243692394FF0AFD4F545535DE2D03B82EF7DD482C344
                                                                      Function 00007FF7A0FFA8F8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA907
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA93D
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA96A
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA97B
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA98C
                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7A0FF6091,?,?,?,?,00007FF7A0FFDF1F,?,?,00000000,00007FF7A0FFAA16,?,?,?), ref: 00007FF7A0FFA9A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: 145da5da8bf5c56ab714606efba7c2bb83000df48059acb1bf9ac444d479a10e
                                                                      • Instruction ID: 094714f0d5656302f15b55ba7ca6b3e46e64998b9a29ae4773c1d0867c864eff
                                                                      • Opcode Fuzzy Hash: 145da5da8bf5c56ab714606efba7c2bb83000df48059acb1bf9ac444d479a10e
                                                                      • Instruction Fuzzy Hash: 9E118E62E0F2034AF6647735595113AE2564F457B0F874B36E82E277FAEEACB4404621
                                                                      Function 00007FFDA54638A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 2889003569-2084237596
                                                                      • Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                      • Instruction ID: 4c309e500cff45af195e0af2a0521dd6f2020f417c03476ab13f8d0504b07516
                                                                      • Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                      • Instruction Fuzzy Hash: A4919D73B097898AE710CB64E4A03AD7BB0F746B88F14412AEA8D17B56DF78D195CB04
                                                                      Function 00007FFDA546BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                      • API String ID: 2943138195-757766384
                                                                      • Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                      • Instruction ID: 8fad0093604de50e7149f7ba8d6b92d1d4a32e70e299312b1f4639455fe31b67
                                                                      • Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                      • Instruction Fuzzy Hash: DD715D72B0AB4A84FB148B14D9703BC66A5FB06F84F448539DA4D06F5ADFBCE660C308
                                                                      Function 00007FFDA5463690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 2889003569-2084237596
                                                                      • Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                      • Instruction ID: 9dfc28f5fe0bdafe5fd1dce7ba06102051c2b1f39a47178dbc74cb8c01a6dccd
                                                                      • Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                      • Instruction Fuzzy Hash: E9615632A0ABC98AE724CF65E4903AD77A0FB45B88F044125EE4D13B5ADFB8E055C704
                                                                      Function 00007FF7A0FEBC08 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                      • String ID: csm$f
                                                                      • API String ID: 2395640692-629598281
                                                                      • Opcode ID: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                      • Instruction ID: 1f3cd410928f786d26bebffb71ace2f72bc76f173cbc22f800c298f38bed488b
                                                                      • Opcode Fuzzy Hash: e4cc0f9b1589dd73a5d4f416534ce71b9b3e94dd2aede877d85d93aa73312820
                                                                      • Instruction Fuzzy Hash: 9C51C731A0E607C6E724EF25E844A6AB795FF44B88F928930EA4E57758DF78F841C710
                                                                      Function 00007FFDA43334A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: combined CRCs: stored = 0x%08x, computed = 0x%08x$ {0x%08x, 0x%08x}
                                                                      • API String ID: 0-2474432645
                                                                      • Opcode ID: f9bcd42f88dafb48bf0e7ec589db99e1495061aad5c106f95f65d43a960e05ec
                                                                      • Instruction ID: e662946aa9a6b5412fff3a757fb89095a3afcdcb82da71fb7a9784f4ab890942
                                                                      • Opcode Fuzzy Hash: f9bcd42f88dafb48bf0e7ec589db99e1495061aad5c106f95f65d43a960e05ec
                                                                      • Instruction Fuzzy Hash: 13412271F8F94286FB64AB2490F06B82250EB46B59F14A575D90D8A3B7CE2CF841CB18
                                                                      Function 00007FFDA371FDB4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PySequence_Size.PYTHON310(00000000,00007FFD9461A7F8,00000000,00007FFDA371FD64), ref: 00007FFDA371FDDC
                                                                      • PySequence_GetItem.PYTHON310 ref: 00007FFDA371FE0F
                                                                        • Part of subcall function 00007FFDA371FE98: PyMapping_Check.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEBD
                                                                        • Part of subcall function 00007FFDA371FE98: PyMapping_GetItemString.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FED7
                                                                        • Part of subcall function 00007FFDA371FE98: PyLong_AsUnsignedLongLong.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEEC
                                                                        • Part of subcall function 00007FFDA371FE98: PyErr_Occurred.PYTHON310(?,?,?,?,?,?,?,00007FFDA371FE2B), ref: 00007FFDA371FEFF
                                                                      • PyErr_Format.PYTHON310 ref: 00007FFDA3725559
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                      • String ID: Too many filters - liblzma supports a maximum of %d
                                                                      • API String ID: 1062705235-2617632755
                                                                      • Opcode ID: 180aafa64eef190ae398429d03fcde4e8d851a5f17c8bf0ba6375e5ed32e26b8
                                                                      • Instruction ID: ab7003be3294992658691d107420b3e3989539403a6c82a652607158ebf8f93a
                                                                      • Opcode Fuzzy Hash: 180aafa64eef190ae398429d03fcde4e8d851a5f17c8bf0ba6375e5ed32e26b8
                                                                      • Instruction Fuzzy Hash: C921D862B0A68244EA348B66A9206357293BF45BF4F140736ED7D167F7DE3EE0458308
                                                                      Function 00007FFDA371F8C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$FormatOccurred
                                                                      • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                      • API String ID: 4038069558-4068623215
                                                                      • Opcode ID: 800a2692c08bbe74a53c7637ee648bc951287ec46409512593c3603fdce5b0c0
                                                                      • Instruction ID: ea13d8f7c6967a60cf0a2899bafb4639f9f718126e2d555613d31e325e46771a
                                                                      • Opcode Fuzzy Hash: 800a2692c08bbe74a53c7637ee648bc951287ec46409512593c3603fdce5b0c0
                                                                      • Instruction Fuzzy Hash: D221B462B0E64351FA20AB61E4713797362BF897A4F400332D9AD677E7DE3EE4448706
                                                                      Function 00007FFDA433208C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_$CheckErr_KeywordsLong_OccurredPositional
                                                                      • String ID: BZ2Compressor
                                                                      • API String ID: 1699739194-1096114097
                                                                      • Opcode ID: 67fd4b8e8732b1811009f4b2cc01d2aec78b2a6e88a0da5a693f693a6c9302c3
                                                                      • Instruction ID: 4bf820eb6d052aed0e46dd285b312115011b916437b41d2d1451f63248c34089
                                                                      • Opcode Fuzzy Hash: 67fd4b8e8732b1811009f4b2cc01d2aec78b2a6e88a0da5a693f693a6c9302c3
                                                                      • Instruction Fuzzy Hash: 7E118931B4AE4186F660AB21E8F01796260EF5AB80F548131DA6D977B7CF6CF485C748
                                                                      Function 00007FFDA43322B8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_StringThread_allocate_lockThread_free_lockmemset
                                                                      • String ID: Unable to allocate lock$compresslevel must be between 1 and 9
                                                                      • API String ID: 681419693-2500606449
                                                                      • Opcode ID: a693a40a49b642f4ff368e6609d757780e97a1413e74ececf6d81a2503aacd95
                                                                      • Instruction ID: cc978203ca578d48f1460ae9d723599a359084f576a5f152c731622aa2a1693c
                                                                      • Opcode Fuzzy Hash: a693a40a49b642f4ff368e6609d757780e97a1413e74ececf6d81a2503aacd95
                                                                      • Instruction Fuzzy Hash: 7A111921B5AE0682EB50EB25E8F127823A4EF46B55F104131C92D463B6EE3CF854C348
                                                                      Function 00007FF7A0FF8A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                      • Instruction ID: 2c7d178b77e54cd06e99e70d2dd5575f63cd51a1c6cfebc2a750a76fbfedb4c4
                                                                      • Opcode Fuzzy Hash: 78a1a69aac29132cf000f84d0d5f993c26bceca4d1e4e1c3cfa2e89eec15c9a9
                                                                      • Instruction Fuzzy Hash: 64F0A42160E70781FB14AB24E44433AA360EF45760F994635DA6D452F0DF7CD059C720
                                                                      Function 00007FFDA5469FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::$Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 826178784-0
                                                                      • Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                      • Instruction ID: 3c1ff8fd3a3e85c373ae7ef59dfb04ce6fe8d90514e5e204c426c3cf4b455f2c
                                                                      • Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                      • Instruction Fuzzy Hash: 2C416D22B0AB5AD4EB10CF21D8A03BC33A5FB16F84B544032DA4D13B96DFB8E855D304
                                                                      Function 00007FF7A1008824 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                      • Instruction ID: a61ab7e3ddfef7993947f84cd1a861545593166b489affc3b43af5734c096617
                                                                      • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                      • Instruction Fuzzy Hash: 63115122D19A2201F7583124F445377B3417F54364FDA063BE66E46EF7CFAC96604B21
                                                                      Function 00007FF7A0FFA9C0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFA9DF
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFA9FE
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA26
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA37
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7A0FF9BD3,?,?,00000000,00007FF7A0FF9E6E,?,?,?,?,?,00007FF7A0FF1A40), ref: 00007FF7A0FFAA48
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: fe685267061b1d7826c58759cf3d75ed099b9be309ea2abb6383fb5ceaf5ba53
                                                                      • Instruction ID: 0d34eb0bfa98a57a037437e75d6176c8d433dab1f813a0902e9e3eb3b3174e35
                                                                      • Opcode Fuzzy Hash: fe685267061b1d7826c58759cf3d75ed099b9be309ea2abb6383fb5ceaf5ba53
                                                                      • Instruction Fuzzy Hash: 6511D252F0F60349FA587335995113AE1425F407A0F8A5B32D83E277FAEE6CF5018621
                                                                      Function 00007FF7A0FFA854 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA865
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA884
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8AC
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8BD
                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF7A10024B3,?,?,?,00007FF7A0FFCCEC,?,?,00000000,00007FF7A0FF386F), ref: 00007FF7A0FFA8CE
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: 46640cf929105097b223292b0b206d62ba136b58cd2f6612e783bcd6201db716
                                                                      • Instruction ID: 5efd20efc5296850051bb42871049d5ee472620afb2a9e060b331497b723cc90
                                                                      • Opcode Fuzzy Hash: 46640cf929105097b223292b0b206d62ba136b58cd2f6612e783bcd6201db716
                                                                      • Instruction Fuzzy Hash: 18112152E0F20349FA587375485117AD1564F453B0EDA4F36D83E2A3F6EDACB4418631
                                                                      Function 00007FFDA3722A08 Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Module_State
                                                                      • String ID:
                                                                      • API String ID: 3434497292-0
                                                                      • Opcode ID: f3bfcea3e453a5ea2a4bedb996dfd2241de23e7ca5c8241c69bc10db946cfef8
                                                                      • Instruction ID: e71a0c332aa3678f0bc8d42a73acef3e9d028d702f7700c1215b61e589fd1d79
                                                                      • Opcode Fuzzy Hash: f3bfcea3e453a5ea2a4bedb996dfd2241de23e7ca5c8241c69bc10db946cfef8
                                                                      • Instruction Fuzzy Hash: 7C11EF62F0B90281FBA94FE0A8B533832B2AF54B54F194534CD0925B928F3EDD50835A
                                                                      Function 00007FFDA4339E4C Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Module_$FromModuleSpecTypeType_$State
                                                                      • String ID:
                                                                      • API String ID: 1138651315-0
                                                                      • Opcode ID: 0617aa927543b83cbdbc6fee1a2ef70630efa3accd1fa306cc6db689a60f29f1
                                                                      • Instruction ID: 8e064bc4c72866c7a39c1ad68b8747fecb6c2306bd27db4e9f651a87ec19ac32
                                                                      • Opcode Fuzzy Hash: 0617aa927543b83cbdbc6fee1a2ef70630efa3accd1fa306cc6db689a60f29f1
                                                                      • Instruction Fuzzy Hash: 75011221B9BF03C2EA547B26B8B42366390AF0ABD0F445434C95E467B6EE3CF4548704
                                                                      Function 00007FF7A0FFF218 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                      • API String ID: 3215553584-1196891531
                                                                      • Opcode ID: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                      • Instruction ID: 293fc3dd89f73f03c9ec8142df3124491b173244bcd4a63a3f3c3c3e82a65f0c
                                                                      • Opcode Fuzzy Hash: fa9c2c0b9e0b51f4f192ae3b8b8b95ed4a793ff286fdede4dba764f85164dfb1
                                                                      • Instruction Fuzzy Hash: 76817033E0E2038DF764AE35C15027DA6A0AF11B44FD74835DA0AA73B5DB2DB9299721
                                                                      Function 00007FFDA4332328 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 166COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDA433B183
                                                                        • Part of subcall function 00007FFDA4331C74: PyEval_SaveThread.PYTHON310 ref: 00007FFDA433B030
                                                                        • Part of subcall function 00007FFDA4331C74: PyThread_acquire_lock.PYTHON310 ref: 00007FFDA433B042
                                                                        • Part of subcall function 00007FFDA4331C74: PyEval_RestoreThread.PYTHON310 ref: 00007FFDA433B04B
                                                                      • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDA433B1B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread__acrt_iob_func$RestoreSaveThread_acquire_lock
                                                                      • String ID: block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x
                                                                      • API String ID: 2684710491-3357347091
                                                                      • Opcode ID: 382503e6d07fa29af9c2001fa126e6585d8c0395ce74b08492959c5d070d1b08
                                                                      • Instruction ID: fafd88031a294fb49fd7f801eeed6dab77d5d5e6720abacfce8cf8b3215958cc
                                                                      • Opcode Fuzzy Hash: 382503e6d07fa29af9c2001fa126e6585d8c0395ce74b08492959c5d070d1b08
                                                                      • Instruction Fuzzy Hash: 9E619636B9AA1246E650BF1A94B52B92354EB87F84F189035DD0A0B7B7CF7DF4028B44
                                                                      Function 00007FFDA5464044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFDA5466710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFDA546239E), ref: 00007FFDA546671E
                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA54641C3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort
                                                                      • String ID: $csm$csm
                                                                      • API String ID: 4206212132-1512788406
                                                                      • Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                      • Instruction ID: 6adaeda8dae94794378be19690a9132af29e4418ae622acc7f0fdce51fe10912
                                                                      • Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                      • Instruction Fuzzy Hash: 0371B172A0A69986DB648F2194A47B97BA0FB06FC8F148135DF8C07F8ADB6CD491C744
                                                                      Function 00007FF7A0FED468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 3544855599-2084237596
                                                                      • Opcode ID: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                      • Instruction ID: 21259876b261b5e62deee886bb36e270fc330fb23cf49f49b6149484f0152c21
                                                                      • Opcode Fuzzy Hash: f09742bcba9082defbae069630545238114b431a0e4fd7be58dd8469a5d7fef1
                                                                      • Instruction Fuzzy Hash: 7A615933A0AB46CAE720AF65D4403ADB7A0FB44B88F454625EF5D27BA8CB38E155C710
                                                                      Function 00007FF7A0FED7C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                      • String ID: csm$csm
                                                                      • API String ID: 3896166516-3733052814
                                                                      • Opcode ID: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                      • Instruction ID: 0c1da04b581f2884887fd6ce59cb5216208997f7dddff8a2da3e7d0503674e2d
                                                                      • Opcode Fuzzy Hash: a3990994d2fbb822c09bdc2a35b5fa2b647080e9aebb1a5b00e12dffe7bfe986
                                                                      • Instruction Fuzzy Hash: C7518C3290E283C6EB64AB21984036CB7A0BB45F94F954536DA9C67FA6CF3CF4518710
                                                                      Function 00007FFDA5463E1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFDA5466710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFDA546239E), ref: 00007FFDA546671E
                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA5463F13
                                                                      • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFDA5463F23
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                      • String ID: csm$csm
                                                                      • API String ID: 4108983575-3733052814
                                                                      • Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                      • Instruction ID: 305bccc6911828c4665e0cd56485b070420f8f68347ae164a7ddd7ab7035b7e7
                                                                      • Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                      • Instruction Fuzzy Hash: 3D518E32A096CA86EB648F11A46436976A0FB52F94F144136DB8D47FD6CFBCE850C708
                                                                      Function 00007FFDA3722BC4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyDict_New.PYTHON310(?,?,?,00007FFDA3722BA2,?,?,?,?,00000000,00007FFDA3722B2D), ref: 00007FFDA3722BD1
                                                                        • Part of subcall function 00007FFDA3722CE8: PyLong_FromUnsignedLongLong.PYTHON310(?,?,?,00007FFDA3722BF5,?,?,?,00007FFDA3722BA2,?,?,?,?,00000000,00007FFDA3722B2D), ref: 00007FFDA3722D00
                                                                        • Part of subcall function 00007FFDA3722CE8: _PyDict_SetItemId.PYTHON310(?,?,?,00007FFDA3722BF5,?,?,?,00007FFDA3722BA2,?,?,?,?,00000000,00007FFDA3722B2D), ref: 00007FFDA3722D17
                                                                      • PyErr_Format.PYTHON310(?,?,?,00007FFDA3722BA2,?,?,?,?,00000000,00007FFDA3722B2D), ref: 00007FFDA3725BC8
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFDA3722BA2,?,?,?,?,00000000,00007FFDA3722B2D), ref: 00007FFDA3725BDB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Dict_Long$DeallocErr_FormatFromItemLong_Unsigned
                                                                      • String ID: Invalid filter ID: %llu
                                                                      • API String ID: 4092983888-255534617
                                                                      • Opcode ID: 8f5b9eac6430042713238dc8d6d55762490297ac884d9980a6975d972c2af954
                                                                      • Instruction ID: 492cbc6be4dc33c98041d198b12c18f175b06a1d6b38f8d449f58592f5f402a4
                                                                      • Opcode Fuzzy Hash: 8f5b9eac6430042713238dc8d6d55762490297ac884d9980a6975d972c2af954
                                                                      • Instruction Fuzzy Hash: 8C418331B0AB4390EB684B55E96007833A2FB05794F145132E61D173A2DF7EE8A4C70A
                                                                      Function 00007FFDA546A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::
                                                                      • String ID: %lf
                                                                      • API String ID: 1333004437-2891890143
                                                                      • Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                      • Instruction ID: d54e88be661be834cefa9f004cebc992f801032c308d9ec8a363ddf8097271c3
                                                                      • Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                      • Instruction Fuzzy Hash: B4318122B0DB8A85EA60CB25A86037A7761FB86F84F448131E99E47B47CF7CD502D744
                                                                      Function 00007FF7A0FE2CD0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7A0FE27C9,?,?,?,?,?,?), ref: 00007FF7A0FE2D01
                                                                        • Part of subcall function 00007FF7A0FE1CB0: GetLastError.KERNEL32(?,?,00000000,00007FF7A0FE6904,?,?,?,?,?,?,?,?,?,?,?,00007FF7A0FE1023), ref: 00007FF7A0FE1CD7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastModuleName
                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                      • API String ID: 2776309574-1977442011
                                                                      • Opcode ID: fa74f7d49a5bba7cfca93e60cd70646f34d32484488c9266ff3ae070a385e0ea
                                                                      • Instruction ID: f25f036429538a7bf5fb28d3135c03aa4ddd6e000e72864fb92455bdbdaa40af
                                                                      • Opcode Fuzzy Hash: fa74f7d49a5bba7cfca93e60cd70646f34d32484488c9266ff3ae070a385e0ea
                                                                      • Instruction Fuzzy Hash: 64015E21B1E647C1FB61B734E8153BAA251AF583C0FC30836E94D963B6EE5CF2148B20
                                                                      Function 00007FFDA5462400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFDA5466710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFDA546239E), ref: 00007FFDA546671E
                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA546243E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abortterminate
                                                                      • String ID: MOC$RCC$csm
                                                                      • API String ID: 661698970-2671469338
                                                                      • Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                      • Instruction ID: 5e75284bebd910e0307b3787716a94ffa1fbe9f1e2611a38833b406b4f71fea2
                                                                      • Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                      • Instruction Fuzzy Hash: 9BF0AF36A1964B81EB505F20E191368B260FB49F45F085031E74807B53CFBCD8A0CB86
                                                                      Function 00007FFDA37211A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyLong_AsUnsignedLongLong.PYTHON310(?,?,00000006,00007FFDA3720034), ref: 00007FFDA37211AD
                                                                      • PyErr_Occurred.PYTHON310(?,?,00000006,00007FFDA3720034), ref: 00007FFDA37211B6
                                                                      • PyErr_SetString.PYTHON310(?,?,00000006,00007FFDA3720034), ref: 00007FFDA37258B1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                      • String ID: Value too large for uint32_t type
                                                                      • API String ID: 944333170-1712686559
                                                                      • Opcode ID: 28cdf5b0aaa2f50018d7e2c7f48cd2403fc73865e104ec8bb289c5ea8e4b5ac1
                                                                      • Instruction ID: 20e65c980ebb0702e8ea40e9646c610801d32bca331854db00cd84dea7fbb5e0
                                                                      • Opcode Fuzzy Hash: 28cdf5b0aaa2f50018d7e2c7f48cd2403fc73865e104ec8bb289c5ea8e4b5ac1
                                                                      • Instruction Fuzzy Hash: 6FF08260F1E64785EB104F95F5A013533A2BF48B84F144035D90D56317DE3EE4448709
                                                                      Function 00007FFDA3725E20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                      • String ID: Value too large for lzma_mode type
                                                                      • API String ID: 944333170-1290617251
                                                                      • Opcode ID: feb8025e7a8c01c5d375fe5440bff4cb814459c5d461fd31a455ea58b87a6bfc
                                                                      • Instruction ID: 26f2c8202bf352ee2582d89e0bd362e77c2f62ba88cc87740e85b13e8580fef6
                                                                      • Opcode Fuzzy Hash: feb8025e7a8c01c5d375fe5440bff4cb814459c5d461fd31a455ea58b87a6bfc
                                                                      • Instruction Fuzzy Hash: A9F05E71F0A64382EF544F91E6A013873A2AF48F90F184039DA0D1A353DE3EE4908709
                                                                      Function 00007FFDA3725DC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                      • String ID: Value too large for lzma_match_finder type
                                                                      • API String ID: 944333170-1161044407
                                                                      • Opcode ID: fe812e4def519a6038c4b6caee64a48f17095f0321ec37f190ecc09b32502636
                                                                      • Instruction ID: 96a9343a9fdf2b0088b5d9f88fd585482ab4f2d66cff9e48ca6396367f415297
                                                                      • Opcode Fuzzy Hash: fe812e4def519a6038c4b6caee64a48f17095f0321ec37f190ecc09b32502636
                                                                      • Instruction Fuzzy Hash: 02F05E61F1A68281EB144F95F5A413473A2AF48B94F088035D90D26357CE3EE4508709
                                                                      Function 00007FFDA546E9E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __C_specific_handler.LIBVCRUNTIME ref: 00007FFDA546E9F0
                                                                        • Part of subcall function 00007FFDA546EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFDA546ECF0
                                                                        • Part of subcall function 00007FFDA546EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFDA546E9F5), ref: 00007FFDA546ED3F
                                                                        • Part of subcall function 00007FFDA5466710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFDA546239E), ref: 00007FFDA546671E
                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA546EA1A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
                                                                      • String ID: csm$f
                                                                      • API String ID: 2451123448-629598281
                                                                      • Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                      • Instruction ID: 117ef5ca794dee9e8ae937d97dcdb85a32c1effc19bba5149cae345f6f726c49
                                                                      • Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                      • Instruction Fuzzy Hash: 67E06535F1924A81E7206B61B19133E66E4FF16F54F188035EA4807B47CEBDE4B48749
                                                                      Function 00007FF7A0FFBBD0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                      • String ID:
                                                                      • API String ID: 2718003287-0
                                                                      • Opcode ID: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                      • Instruction ID: e76407afcf71fd885b0c2ed64b50d419bf81f8610d2e91e14df376f61eb7da32
                                                                      • Opcode Fuzzy Hash: 47f9f7c1e3185106a498671fedee26090088e719dd8e44b73d57f810765c87d4
                                                                      • Instruction Fuzzy Hash: D4D10273B1AA828DE710DF75D4402ACB7B1FB44B98B854635CE4DA7BA9DE38E016C710
                                                                      Function 00007FFDA5469CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                      • Instruction ID: 072cd8e9d085066157e61c80e461acd0a32fa436199e6fa60d115a97fd20ce96
                                                                      • Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                      • Instruction Fuzzy Hash: EC912FA2F0A65A89FB118B60D8603BC37B5FB06B44F554036DA4D1BB9ADFFCA845C344
                                                                      Function 00007FF7A0FFE95C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_isindst
                                                                      • String ID:
                                                                      • API String ID: 4170891091-0
                                                                      • Opcode ID: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                      • Instruction ID: b4e5ad5adfec3c391d48c4afc958090ac7912b07d988daa0485b3257c4703373
                                                                      • Opcode Fuzzy Hash: 993f4cb53d01987759aa9ab87d439edc94425a62c6450610c4994d1423bcdf7f
                                                                      • Instruction Fuzzy Hash: 7B510473F0A2124AFB14EF3898A56BCB761AB40358F960535DE1E66BF9DA38B4058710
                                                                      Function 00007FFDA546A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$NameName::
                                                                      • String ID:
                                                                      • API String ID: 168861036-0
                                                                      • Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                      • Instruction ID: 16a0f7dd6b652834f95ac98271c82121ce6ef3506a9125d312e62a1cc39669ea
                                                                      • Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                      • Instruction Fuzzy Hash: FA513772F1AB5A88E710CF61E8603B837A1FB46B48F548031DA4E47B96DFB9A441D744
                                                                      Function 00007FF7A0FF483C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 2780335769-0
                                                                      • Opcode ID: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                      • Instruction ID: a51699f3814eb14b54e46d3bebec3ebef36825cedb0fefb40d031626f1b039fc
                                                                      • Opcode Fuzzy Hash: 1291a0862dc251a0f1dda952d285f4a36c3dc69b0fb142e3468d3d288eb0a289
                                                                      • Instruction Fuzzy Hash: 75518F23B096428AFB20EF70D4503BE73A1AB44B58F528935DE4D677A9DF78F4818760
                                                                      Function 00007FFDA43399D4 Relevance: 6.1, APIs: 4, Instructions: 116threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocFreeMem_Thread_free_lock
                                                                      • String ID:
                                                                      • API String ID: 2783890233-0
                                                                      • Opcode ID: d0ae780a5fd76d7bd8a5be981cbe0bcc47fc0b694ed8d05c2b818ee1d031d7c3
                                                                      • Instruction ID: 421c6d59514c409ec91c0f50dda583e98ce1d94cb30337321f9441e0646751ee
                                                                      • Opcode Fuzzy Hash: d0ae780a5fd76d7bd8a5be981cbe0bcc47fc0b694ed8d05c2b818ee1d031d7c3
                                                                      • Instruction Fuzzy Hash: 04517163B4EA8186EB169F3488B436C2B61AF52F58F098176C64E473B7EF1CA815C305
                                                                      Function 00007FFDA3718118 Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyType_GetModuleState.PYTHON310(?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA371814D
                                                                        • Part of subcall function 00007FFDA3721EAC: PyBytes_FromStringAndSize.PYTHON310(?,?,?,00007FFDA3718167,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721EE3
                                                                        • Part of subcall function 00007FFDA3721EAC: PyList_New.PYTHON310(?,?,?,00007FFDA3718167,?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3721EF6
                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA3718174
                                                                      • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA371818D
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFDA3717DB8), ref: 00007FFDA371824F
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                      • String ID:
                                                                      • API String ID: 2935988267-0
                                                                      • Opcode ID: 79948a0cc6fea95aaadf2e020b82b0c993f20b4e0d16a12a2def13f0c98a5ddc
                                                                      • Instruction ID: 93bcb9af074fede7c5c8ffe83afb667df5261f078d54972bdd06436a0748f0a6
                                                                      • Opcode Fuzzy Hash: 79948a0cc6fea95aaadf2e020b82b0c993f20b4e0d16a12a2def13f0c98a5ddc
                                                                      • Instruction Fuzzy Hash: A341CA27B0AA4295EB658F15D4602BDB3A2FF88B88F544135DE0D677A6DF3ED444C304
                                                                      Function 00007FFDA546C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                      • Instruction ID: 96fed45d79ddd7c79471357a053683ed06b192a60d9e10414c3bba3c5b10d541
                                                                      • Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                      • Instruction Fuzzy Hash: 37417772B09B898AFB01CF64D8513AC37B0FB46B48F548026DA4D57B5ADFBC9445C714
                                                                      Function 00007FFDA37176A0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocFreeMem_Thread_free_lock
                                                                      • String ID:
                                                                      • API String ID: 2783890233-0
                                                                      • Opcode ID: bc61830c4ce5c9a50c445d9030e5a08ac398372477316497297bc1ef58bf3956
                                                                      • Instruction ID: 26201154b5fb339b7204305a62996ee370379f813b0ea6421f29dd501dd5a94a
                                                                      • Opcode Fuzzy Hash: bc61830c4ce5c9a50c445d9030e5a08ac398372477316497297bc1ef58bf3956
                                                                      • Instruction Fuzzy Hash: 44014C63B1A68285EB598F65E9A43783362EF48B54F184030CA0E263A6CF3ED454C319
                                                                      Function 00007FF7A1004DBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID: ?
                                                                      • API String ID: 1286766494-1684325040
                                                                      • Opcode ID: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                      • Instruction ID: 9d5baceb8d70e047dd4847cc82184518fbd47d703997f42a55781bf7ea0229f2
                                                                      • Opcode Fuzzy Hash: 610c018c2ed3d43a6dc6b39dfd7623f8c002a97b49fdc2d3a9d4eaa2ab755e24
                                                                      • Instruction Fuzzy Hash: 9E415822A0E28246FB20AB25940137BF750EB80BA4F914235EE5C87BF9DF7CD461CB14
                                                                      Function 00007FFDA5464710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CreateFrameInfo
                                                                      • String ID: csm
                                                                      • API String ID: 2697087660-1018135373
                                                                      • Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                      • Instruction ID: eda01ffb225b693b81a3516440e2c87e210f019e012ed7df2f7aabe43e4caf03
                                                                      • Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                      • Instruction Fuzzy Hash: CA517C3671A78586EA20AB25E05036EB7A4FB8AF90F140535EB8D07F56DF7CE060CB45
                                                                      Function 00007FF7A0FF7FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A0FF8002
                                                                        • Part of subcall function 00007FF7A0FF9F78: RtlFreeHeap.NTDLL(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F8E
                                                                        • Part of subcall function 00007FF7A0FF9F78: GetLastError.KERNEL32(?,?,?,00007FF7A1001EC2,?,?,?,00007FF7A1001EFF,?,?,00000000,00007FF7A10023C5,?,?,00000000,00007FF7A10022F7), ref: 00007FF7A0FF9F98
                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7A0FEA485), ref: 00007FF7A0FF8020
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                      • String ID: C:\Users\user\Desktop\PumpBot.exe
                                                                      • API String ID: 3580290477-104690940
                                                                      • Opcode ID: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                      • Instruction ID: e48084457fd9a854f7760e1b44f1e81ede3b0e7fc9adf8a455af0624bab349ca
                                                                      • Opcode Fuzzy Hash: 87397ab4d942c93eb7ecf5272dbc7224ab3e9c0a5ace0b49458789d652eb9e0d
                                                                      • Instruction Fuzzy Hash: 01416137A0EA038AE714AF3199400B9A7A4EF447C4BD64435EA4E53BA5DF3DE4528720
                                                                      Function 00007FF7A0FFC268 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                      • Instruction ID: e38c3922872d4bb2aee54f9f32913e60f5d2c50cf1af540f86c1d490580096f2
                                                                      • Opcode Fuzzy Hash: 3868b3aae24abb70b6c7ced641cfa87b6d54125405e373b4c87f7bfc476be08b
                                                                      • Instruction Fuzzy Hash: 3041C323A1DA5285EB209F25E4443AAB760FB887D4F824431EE4D97768DF7CE441CB50
                                                                      Function 00007FFDA5469BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: void$void
                                                                      • API String ID: 2943138195-3746155364
                                                                      • Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                      • Instruction ID: 66785a4da3e771c7b9411f5edce79346e5bb0498efd62df10401f1c6f2cfc35b
                                                                      • Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                      • Instruction Fuzzy Hash: B9314A62F1AB5A88FB00CB64D8612FC37B4BB49B48B440136EE4E17B5ADFBC9144C758
                                                                      Function 00007FF7A0FFE588 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID: :
                                                                      • API String ID: 1611563598-336475711
                                                                      • Opcode ID: 18b7638caf06c09ebc69002de91f62cb772c0954a617d485b77ce50a76d6b06e
                                                                      • Instruction ID: 54966ce0ddd3feba175b5735393dd2e02bf747d1a2addb429e63982cc81d78da
                                                                      • Opcode Fuzzy Hash: 18b7638caf06c09ebc69002de91f62cb772c0954a617d485b77ce50a76d6b06e
                                                                      • Instruction Fuzzy Hash: BA21F723B1D24285FB20AB25D05426DB3B2FB94B44FC64435D64D533A4CF7CF5458B61
                                                                      Function 00007FFDA546604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader$ExceptionRaise
                                                                      • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                      • API String ID: 3685223789-3176238549
                                                                      • Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                      • Instruction ID: 52a5945c26e12d7cf76d322aa9de732590523b928c5ce72ad8fc47389e16066b
                                                                      • Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                      • Instruction Fuzzy Hash: CA010C65B2BA4F91EE40DB14E4613B86360FF91F94F806431D64E06BA7EFACD545C704
                                                                      Function 00007FF7A0FEE310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                      • Instruction ID: 63d1362316309a2ae423e63998444ca59cba39d2511bdbb26260581c95df1738
                                                                      • Opcode Fuzzy Hash: ee4cd62d6736e0f26efa3482034fbaa09f2706f16dc7c85cfdea4997af4e44da
                                                                      • Instruction Fuzzy Hash: 37114F32609B4182EB109F25F44026ABBA4FB88B94F594631EE8D07768DF7CD5618B00
                                                                      Function 00007FFDA54663F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                      • Instruction ID: e8ecefed806277cf1a01d4c4f204c5efedacb1bfef8cd1330ee7b8977e3f3814
                                                                      • Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                      • Instruction Fuzzy Hash: DA116D32609B8582EB218F25F4503697BA5FB89F84F184231DE8D07B59EF7CC851C704
                                                                      Function 00007FF7A0FFF08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145298642.00007FF7A0FE1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A0FE0000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145281819.00007FF7A0FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145322816.00007FF7A100A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A101D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A1020000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145344091.00007FF7A102C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145396856.00007FF7A102E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ff7a0fe0000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                      • String ID: :
                                                                      • API String ID: 2595371189-336475711
                                                                      • Opcode ID: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                      • Instruction ID: 2f87856dfd5d7da467de950ec5c49de9a0bee163f1d9e7137ae971a4d63de0d2
                                                                      • Opcode Fuzzy Hash: 231bdef7d4e4c9a314d514652501e8a1bb3d1d6653b2e53c967e9d93a887682d
                                                                      • Instruction Fuzzy Hash: 09018F62A1D6038AF720BF70946167EA3A0EF44744FC6083AD54DA27A2DF2CF5598B34
                                                                      Function 00007FFDA4333268 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146071615.00007FFDA4331000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFDA4330000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146054039.00007FFDA4330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146090661.00007FFDA433D000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146106371.00007FFDA4341000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146130857.00007FFDA4342000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda4330000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_$KeywordsPositional
                                                                      • String ID: BZ2Decompressor
                                                                      • API String ID: 1300771297-1337346095
                                                                      • Opcode ID: f49c69fd8772b620f6cc56d6e746a0a1cbdd223cd73ad79cfa7510003c0af56d
                                                                      • Instruction ID: 3f70e339efc590cca59c50e2f6f607acf470bff64159f29d884ab293e7d5933e
                                                                      • Opcode Fuzzy Hash: f49c69fd8772b620f6cc56d6e746a0a1cbdd223cd73ad79cfa7510003c0af56d
                                                                      • Instruction Fuzzy Hash: FDF09620B49E4381FA50EB66E9F413552A1BF46BD0F149270E91DC77B6DF2CF4558308
                                                                      Function 00007FFDA3719B00 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2145959128.00007FFDA3711000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDA3710000, based on PE: true
                                                                      • Associated: 00000003.00000002.2145940840.00007FFDA3710000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA3727000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2145981819.00007FFDA372B000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146017907.00007FFDA3733000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146036278.00007FFDA3734000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda3710000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: memmove
                                                                      • String ID:
                                                                      • API String ID: 2162964266-0
                                                                      • Opcode ID: 5af3248b750c40209648ddff9ae4d27cc2dc64d329dc7b4d63f4854710e1d4f4
                                                                      • Instruction ID: 87a49586f2bf7dedaffa9428fe48268e68b11977cc5ac7e415720528b73797f2
                                                                      • Opcode Fuzzy Hash: 5af3248b750c40209648ddff9ae4d27cc2dc64d329dc7b4d63f4854710e1d4f4
                                                                      • Instruction Fuzzy Hash: E6214533B0964483D6109F6AA41412DB762FB45BD0F280139EF4E27BA2DE7EE442CB48
                                                                      Function 00007FFDA546672C Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FFDA54665B9,?,?,?,?,00007FFDA546FB22,?,?,?,?,?), ref: 00007FFDA546674B
                                                                      • SetLastError.KERNEL32(?,?,?,00007FFDA54665B9,?,?,?,?,00007FFDA546FB22,?,?,?,?,?), ref: 00007FFDA54667D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000003.00000002.2146161555.00007FFDA5461000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDA5460000, based on PE: true
                                                                      • Associated: 00000003.00000002.2146146385.00007FFDA5460000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146180642.00007FFDA5471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146196740.00007FFDA5476000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000003.00000002.2146212191.00007FFDA5477000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_3_2_7ffda5460000_PumpBot.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1452528299-0
                                                                      • Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                      • Instruction ID: 8fb68dc3781cc8f52ae7aba177be76475d790b2ba295a185dd215e1b877036ec
                                                                      • Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                      • Instruction Fuzzy Hash: 44114224F0F65B82FA549B21A8243342691BF4AFE1F144A35D96E07BD7DFACF8418709