Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
X4KSeQkYJT.exe

Overview

General Information

Sample name:X4KSeQkYJT.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:CBCE5EE823038720ED796118CC5A10FB04979B31F107C6161D8CC0E6B1D23923
Analysis ID:1546645
MD5:e7860ba329460f1e4bf4044ca8beff56
SHA1:a5ce48ec7e14555a87d752ec45e84947dfa61f60
SHA256:cbce5ee823038720ed796118cc5a10fb04979b31f107c6161d8cc0e6b1d23923
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found pyInstaller with non standard icon
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • X4KSeQkYJT.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\X4KSeQkYJT.exe" MD5: E7860BA329460F1E4BF4044CA8BEFF56)
    • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • X4KSeQkYJT.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\X4KSeQkYJT.exe" MD5: E7860BA329460F1E4BF4044CA8BEFF56)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-01T11:19:14.943221+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449743TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-01T11:19:10.887297+010020283713Unknown Traffic192.168.2.44974020.189.173.22443TCP
2024-11-01T11:19:13.790193+010020283713Unknown Traffic192.168.2.44974220.189.173.22443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: X4KSeQkYJT.exeJoe Sandbox ML: detected
Source: X4KSeQkYJT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: _ssl.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.2.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1909065544.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.2.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: X4KSeQkYJT.exe, 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_multiprocessing.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.2.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_asyncio.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.2.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: libssl-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_overlapped.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: X4KSeQkYJT.exe, 00000004.00000002.1929421985.00007FFDFB78E000.00000002.00000001.01000000.00000004.sdmp, python310.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmp, select.pyd.2.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: libssl-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.2.dr
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3C064 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3C064 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,4_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF7A6A31D8C
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 20.189.173.22:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 20.189.173.22:443
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49743
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE13335A58 memset,recvfrom,4_2_00007FFE13335A58
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libffi-7.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
Source: X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAss
Source: X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssj
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libffi-7.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libffi-7.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl0p
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digip
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libffi-7.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: X4KSeQkYJT.exe, 00000004.00000003.1919582785.000001FB0FD5C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1925429247.000001FB0FD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://ocsp.digicert.com0
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr, _queue.pyd.2.dr, _lzma.pyd.2.dr, _hashlib.pyd.2.dr, pyexpat.pyd.2.drString found in binary or memory: http://ocsp.digicert.com0A
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libffi-7.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: http://ocsp.digicert.com0N
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.drString found in binary or memory: http://ocsp.digicert.com0O
Source: X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drString found in binary or memory: http://ocsp.thawte.com0
Source: X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1914325656.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1924050899.000001FB0DAE8000.00000004.00001000.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/imp
Source: X4KSeQkYJT.exe, 00000004.00000003.1919081378.000001FB0DA34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918963161.000001FB0DA2A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1919081378.000001FB0DA34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/cor
Source: X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: X4KSeQkYJT.exe, 00000004.00000002.1929421985.00007FFDFB78E000.00000002.00000001.01000000.00000004.sdmp, python310.dll.2.drString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B087000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libssl-1_1.dll.2.drString found in binary or memory: https://www.openssl.org/H
Source: X4KSeQkYJT.exe, 00000002.00000003.1915926915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1925073716.000001FB0FC14000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.2.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: X4KSeQkYJT.exe, 00000004.00000002.1924050899.000001FB0DA60000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.2.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A400002_2_00007FF7A6A40000
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A255102_2_00007FF7A6A25510
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3B1342_2_00007FF7A6A3B134
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A402942_2_00007FF7A6A40294
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A32BC02_2_00007FF7A6A32BC0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A28BC02_2_00007FF7A6A28BC0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A43C082_2_00007FF7A6A43C08
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A277382_2_00007FF7A6A27738
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3FF1C2_2_00007FF7A6A3FF1C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A294C02_2_00007FF7A6A294C0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A388A82_2_00007FF7A6A388A8
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3E0B02_2_00007FF7A6A3E0B0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3E4DC2_2_00007FF7A6A3E4DC
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3B1342_2_00007FF7A6A3B134
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2742C2_2_00007FF7A6A2742C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2E05C2_2_00007FF7A6A2E05C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3C0642_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A40A082_2_00007FF7A6A40A08
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2E5482_2_00007FF7A6A2E548
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A26D6D2_2_00007FF7A6A26D6D
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A392B42_2_00007FF7A6A392B4
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A26F042_2_00007FF7A6A26F04
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A306E02_2_00007FF7A6A306E0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2E2E02_2_00007FF7A6A2E2E0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A36E942_2_00007FF7A6A36E94
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A346602_2_00007FF7A6A34660
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2E05C4_2_00007FF7A6A2E05C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A26D6D4_2_00007FF7A6A26D6D
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A32BC04_2_00007FF7A6A32BC0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A28BC04_2_00007FF7A6A28BC0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A43C084_2_00007FF7A6A43C08
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A400004_2_00007FF7A6A40000
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A277384_2_00007FF7A6A27738
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3FF1C4_2_00007FF7A6A3FF1C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A294C04_2_00007FF7A6A294C0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A388A84_2_00007FF7A6A388A8
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3E0B04_2_00007FF7A6A3E0B0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A255104_2_00007FF7A6A25510
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3E4DC4_2_00007FF7A6A3E4DC
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3B1344_2_00007FF7A6A3B134
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2742C4_2_00007FF7A6A2742C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3C0644_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A40A084_2_00007FF7A6A40A08
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2E5484_2_00007FF7A6A2E548
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3B1344_2_00007FF7A6A3B134
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C4_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C4_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A392B44_2_00007FF7A6A392B4
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A26F044_2_00007FF7A6A26F04
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A306E04_2_00007FF7A6A306E0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2E2E04_2_00007FF7A6A2E2E0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A402944_2_00007FF7A6A40294
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A36E944_2_00007FF7A6A36E94
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A346604_2_00007FF7A6A34660
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE133310004_2_00007FFE13331000
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4630004_2_00007FFE1A463000
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F1A804_2_00007FFE1A4F1A80
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F37B04_2_00007FFE1A4F37B0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F31404_2_00007FFE1A4F3140
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F26304_2_00007FFE1A4F2630
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F2D304_2_00007FFE1A4F2D30
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F3CF04_2_00007FFE1A4F3CF0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F1A804_2_00007FFE1A4F1A80
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A5075084_2_00007FFE1A507508
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: String function: 00007FF7A6A21CA0 appears 38 times
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: String function: 00007FF7A6A21C40 appears 86 times
Source: unicodedata.pyd.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1913723365.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1910849592.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1910549788.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911941665.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1909065544.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exeBinary or memory string: OriginalFilename vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000004.00000002.1930980448.00007FFDFB8A7000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs X4KSeQkYJT.exe
Source: X4KSeQkYJT.exe, 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs X4KSeQkYJT.exe
Source: classification engineClassification label: mal48.winEXE@4/21@0/0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A26240 GetLastError,FormatMessageW,WideCharToMultiByte,2_2_00007FF7A6A26240
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522Jump to behavior
Source: X4KSeQkYJT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile read: C:\Users\user\Desktop\X4KSeQkYJT.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\X4KSeQkYJT.exe "C:\Users\user\Desktop\X4KSeQkYJT.exe"
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeProcess created: C:\Users\user\Desktop\X4KSeQkYJT.exe "C:\Users\user\Desktop\X4KSeQkYJT.exe"
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeProcess created: C:\Users\user\Desktop\X4KSeQkYJT.exe "C:\Users\user\Desktop\X4KSeQkYJT.exe"Jump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: X4KSeQkYJT.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: X4KSeQkYJT.exeStatic file information: File size 6950934 > 1048576
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: X4KSeQkYJT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: X4KSeQkYJT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1m 14 Dec 2021built on: Sun Dec 19 14:27:21 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_ssl.pdb source: _ssl.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\unicodedata.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1915539131.000001931B081000.00000004.00000020.00020000.00000000.sdmp, unicodedata.pyd.2.dr
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1909065544.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.2.dr
Source: Binary string: C:\A\39\b\libcrypto-1_1.pdb source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_socket.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911801272.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_ctypes.pdb source: X4KSeQkYJT.exe, 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_multiprocessing.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911346411.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.2.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: libcrypto-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_lzma.pdbMM source: X4KSeQkYJT.exe, 00000002.00000003.1911217250.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _lzma.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_asyncio.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1909979261.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.2.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb?? source: libssl-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_queue.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911659026.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _queue.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_overlapped.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911542908.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_decimal.pdb source: _decimal.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_hashlib.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1911050075.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\python310.pdb source: X4KSeQkYJT.exe, 00000004.00000002.1929421985.00007FFDFB78E000.00000002.00000001.01000000.00000004.sdmp, python310.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\select.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1915346915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmp, select.pyd.2.dr
Source: Binary string: C:\A\39\b\libssl-1_1.pdb source: libssl-1_1.dll.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\pyexpat.pdb source: pyexpat.pyd.2.dr
Source: Binary string: C:\A\35\b\bin\amd64\_bz2.pdb source: X4KSeQkYJT.exe, 00000002.00000003.1910116733.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, _bz2.pyd.2.dr
Source: X4KSeQkYJT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: X4KSeQkYJT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: X4KSeQkYJT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: X4KSeQkYJT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: X4KSeQkYJT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: X4KSeQkYJT.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.2.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.2.drStatic PE information: section name: .00cfg
Source: python310.dll.2.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.2.drStatic PE information: section name: _RDATA

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeProcess created: "C:\Users\user\Desktop\X4KSeQkYJT.exe"
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A24430 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00007FF7A6A24430
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-16284
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeAPI coverage: 1.6 %
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3C064 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3C064 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,4_2_00007FF7A6A3C064
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A31D8C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,4_2_00007FF7A6A31D8C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A46F634 GetSystemInfo,VirtualAlloc,4_2_00007FFE1A46F634
Source: X4KSeQkYJT.exe, 00000004.00000002.1925365087.000001FB0FD2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2A348 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7A6A2A348
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3DB40 GetProcessHeap,2_2_00007FF7A6A3DB40
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2A348 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7A6A2A348
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A3572C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF7A6A3572C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2A4F0 SetUnhandledExceptionFilter,2_2_00007FF7A6A2A4F0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A29D44 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF7A6A29D44
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2A348 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7A6A2A348
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A3572C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FF7A6A3572C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A2A4F0 SetUnhandledExceptionFilter,4_2_00007FF7A6A2A4F0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FF7A6A29D44 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FF7A6A29D44
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE13332C20 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE13332C20
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE13332660 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE13332660
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A451520 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A451520
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A451AF0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A451AF0
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A466104 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A466104
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A465B60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A465B60
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F5054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00007FFE1A4F5054
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A4F4A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A4F4A34
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE1A51004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00007FFE1A51004C
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeProcess created: C:\Users\user\Desktop\X4KSeQkYJT.exe "C:\Users\user\Desktop\X4KSeQkYJT.exe"Jump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A43A50 cpuid 2_2_00007FF7A6A43A50
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeQueries volume information: C:\Users\user\Desktop\X4KSeQkYJT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A2A230 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00007FF7A6A2A230
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 2_2_00007FF7A6A40000 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,2_2_00007FF7A6A40000
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE13335544 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,listen,PyEval_RestoreThread,_Py_NoneStruct,4_2_00007FFE13335544
Source: C:\Users\user\Desktop\X4KSeQkYJT.exeCode function: 4_2_00007FFE133345C0 PySys_Audit,PyEval_SaveThread,bind,PyEval_RestoreThread,_Py_NoneStruct,4_2_00007FFE133345C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information		NTDS24
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546645 Sample: X4KSeQkYJT Startdate: 01/11/2024 Architecture: WINDOWS Score: 48 22 Machine Learning detection for sample 2->22 6 X4KSeQkYJT.exe 22 2->6         started        process3 file4 14 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->14 dropped 16 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->16 dropped 18 C:\Users\user\AppData\Local\...\python310.dll, PE32+ 6->18 dropped 20 16 other files (none is malicious) 6->20 dropped 24 Found pyInstaller with non standard icon 6->24 10 X4KSeQkYJT.exe 1 6->10         started        12 conhost.exe 6->12         started        signatures5 process6

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
X4KSeQkYJT.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\python310.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
https://www.openssl.org/H0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1924050899.000001FB0DAE8000.00000004.00001000.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/impX4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://crl3.digipX4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://crl.thawte.com/ThawteTimestampingCA.crl0X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drfalse
        • URL Reputation: safe
        		unknown
        https://www.python.org/download/releases/2.3/mro/.X4KSeQkYJT.exe, 00000004.00000002.1924050899.000001FB0DA60000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.2.drfalse
          		unknown
          http://ocsp.thawte.com0X4KSeQkYJT.exe, 00000002.00000003.1913338352.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libffi-7.dll.2.drfalse
          • URL Reputation: safe
          		unknown
          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerX4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918963161.000001FB0DA2A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1919081378.000001FB0DA34000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://www.openssl.org/HX4KSeQkYJT.exe, 00000002.00000003.1913475260.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, libcrypto-1_1.dll.2.dr, libssl-1_1.dll.2.drfalse
            • URL Reputation: safe
            		unknown
            https://www.python.org/dev/peps/pep-0205/X4KSeQkYJT.exe, 00000002.00000003.1915926915.000001931B07A000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1925073716.000001FB0FC14000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.2.drfalse
              		unknown
              https://python.org/dev/peps/pep-0263/X4KSeQkYJT.exe, 00000004.00000002.1929421985.00007FFDFB78E000.00000002.00000001.01000000.00000004.sdmp, python310.dll.2.drfalse
                		unknown
                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyX4KSeQkYJT.exe, 00000004.00000003.1919081378.000001FB0DA34000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/corX4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://crl3.digiX4KSeQkYJT.exe, 00000002.00000003.1912326203.000001931B085000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syX4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1923905663.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917875532.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1920093747.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917762291.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917509855.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1921151473.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA2F000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917492076.000001FB0DA38000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1918762896.000001FB0DA0C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0D9CE000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917368106.000001FB0DA32000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000003.1917614657.000001FB0DA08000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://json.orgX4KSeQkYJT.exe, 00000004.00000003.1919582785.000001FB0FD5C000.00000004.00000020.00020000.00000000.sdmp, X4KSeQkYJT.exe, 00000004.00000002.1925429247.000001FB0FD66000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown

                            World Map of Contacted IPs

                            No contacted IP infos

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1546645
                            Start date and time:2024-11-01 11:18:03 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 16s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:5
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:X4KSeQkYJT.exe
                            (renamed file extension from none to exe, renamed because original name is a hash value)
                            Original Sample Name:CBCE5EE823038720ED796118CC5A10FB04979B31F107C6161D8CC0E6B1D23923
                            Detection:MAL
                            Classification:mal48.winEXE@4/21@0/0
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:Failed
                            Cookbook Comments:
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • VT rate limit hit for: X4KSeQkYJT.exe

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pydauto.exeGet hashmaliciousUnknownBrowse
                              auto.exeGet hashmaliciousDiscord Token StealerBrowse
                                log.exeGet hashmaliciousUnknownBrowse
                                  rcm.exeGet hashmaliciousUnknownBrowse
                                    qv81R5O5Cd.exeGet hashmaliciousBazaLoader, NjratBrowse
                                      laZagne.exeGet hashmaliciousLaZagne, MimikatzBrowse
                                        Update.exeGet hashmaliciousUnknownBrowse
                                          Token Grab Link.exeGet hashmaliciousUnknownBrowse
                                            football.exeGet hashmaliciousUnknownBrowse
                                              BlueScreen.exeGet hashmaliciousUnknownBrowse
                                                C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dllhttps://on-combine-data.s3.us-west-2.amazonaws.com/dealer-data/Share+Point/NTAS_MS3000X_Installer_v2.8.25_October2024_NO_UPS.exeGet hashmaliciousUnknownBrowse
                                                  main.exeGet hashmaliciousUnknownBrowse
                                                    SecuriteInfo.com.FileRepMalware.22561.28030.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        SolaraV4.exeGet hashmaliciousBlank GrabberBrowse
                                                          SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                            SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exeGet hashmaliciousUnknownBrowse
                                                              SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exeGet hashmaliciousUnknownBrowse
                                                                  LisectAVT_2403002A_216.exeGet hashmaliciousUnknownBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\VCRUNTIME140.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):97168
                                                                    Entropy (8bit):6.424686954579329
                                                                    Encrypted:false
                                                                    SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                    MD5:A87575E7CF8967E481241F13940EE4F7
                                                                    SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                    SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                    SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: , Detection: malicious, Browse
                                                                    • Filename: main.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.FileRepMalware.22561.28030.exe, Detection: malicious, Browse
                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                    • Filename: SolaraV4.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.not-a-virus.HEUR.RemoteAdmin.Win64.Remsim.gen.13211.29605.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                    • Filename: SecuriteInfo.com.BScope.Trojan.Wacatac.4653.13746.exe, Detection: malicious, Browse
                                                                    • Filename: LisectAVT_2403002A_216.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_asyncio.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):61328
                                                                    Entropy (8bit):6.02172413019717
                                                                    Encrypted:false
                                                                    SSDEEP:768:ASRkG5NWdXNC3D2zzgoAeHEQjGWqJ8O/kjOOoljTGr1IG5nepYiSyvayhI:AbG5N0XGPPvQrzifl+r1IG5nep7SyyV
                                                                    MD5:1AF12919778B622468F00DB5D8FDAED6
                                                                    SHA1:0113426B751855E7E68C18186EE0EF3363F6BCD3
                                                                    SHA-256:A7AEEE08236AAD92515D40C2BE7AA533FE434FB6B0653CAF31F774B6985B1D6C
                                                                    SHA-512:AB9F5303DE0E1E65A03C305F4DED674CBE6AC94DCCA784DFD4689D09D97BC5BD8F1DFF0FA0E782511350D63296987C77146457129F1356818B2A9D9B3CDDB147
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: auto.exe, Detection: malicious, Browse
                                                                    • Filename: auto.exe, Detection: malicious, Browse
                                                                    • Filename: log.exe, Detection: malicious, Browse
                                                                    • Filename: rcm.exe, Detection: malicious, Browse
                                                                    • Filename: qv81R5O5Cd.exe, Detection: malicious, Browse
                                                                    • Filename: laZagne.exe, Detection: malicious, Browse
                                                                    • Filename: Update.exe, Detection: malicious, Browse
                                                                    • Filename: Token Grab Link.exe, Detection: malicious, Browse
                                                                    • Filename: football.exe, Detection: malicious, Browse
                                                                    • Filename: BlueScreen.exe, Detection: malicious, Browse
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.!...O...O...O.......O.@.N...O.@.J...O.@.K...O.@.L...O..N...O...N...O...N..O..B...O..O...O.....O..M...O.Rich..O.................PE..d....y.a.........." .....R..........................................................5D....`............................................P... ...d................................... v..T............................v..8............p...............................text....Q.......R.................. ..`.rdata...I...p...J...V..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_bz2.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):80784
                                                                    Entropy (8bit):6.45456109441925
                                                                    Encrypted:false
                                                                    SSDEEP:1536:hwz7h8B7BjhJCZePYgl/5S8Gh2Nv0DFIGtVQ7Sygj:hwz18BrJCJglhlGINv0RIGtVQej
                                                                    MD5:BCF0D58A4C415072DAE95DB0C5CC7DB3
                                                                    SHA1:8CE298B7729C3771391A0DECD82AB4AE8028C057
                                                                    SHA-256:D7FAF016EF85FDBB6636F74FC17AFC245530B1676EC56FC2CC756FE41CD7BF5A
                                                                    SHA-512:C54D76E50F49249C4E80FC6CE03A5FDEC0A79D2FF0880C2FC57D43227A1388869E8F7C3F133EF8760441964DA0BF3FC23EF8D3C3E72CE1659D40E8912CB3E9BC
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>E.mE.mE.mL.=mO.m...lG.m#.SmF.m...lI.m...lM.m...lA.m...lF.m...lG.mE.m..m...lM.m...lD.m..QmD.m...lD.mRichE.m........PE..d....y.a.........." .........^...............................................P......S7....`.........................................@...H............0....... ..,............@......`...T...............................8............................................text...U........................... ..`.rdata...>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_ctypes.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):119696
                                                                    Entropy (8bit):5.97015025328591
                                                                    Encrypted:false
                                                                    SSDEEP:3072:RW66GKh4hqyIVQoavMSuthSfrS04ep9x31IGQPm5S:Y6QKtkSu3SfrSGFBS
                                                                    MD5:41A9708AF86AE3EBC358E182F67B0FB2
                                                                    SHA1:ACCAB901E2746F7DA03FAB8301F81A737B6CC180
                                                                    SHA-256:0BD4ED11F2FB097F235B62EB26A00C0CB16815BBF90AB29F191AF823A9FED8CF
                                                                    SHA-512:835F9AA33FDFBB096C31F8AC9A50DB9FAC35918FC78BCE03DAE55EA917F738A41F01AEE4234A5A91FFA5BDBBD8E529399205592EB0CAE3224552C35C098B7843
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........P...1c..1c..1c..I...1c..Db..1c..Df..1c..Dg..1c..D`..1c.vDb..1c..Cg..1c..Cb..1c.VXb..1c..1b.$1c.vDn..1c.vDc..1c.vD...1c.vDa..1c.Rich.1c.........................PE..d....y.a.........." ................ [...................................................`..........................................Q.......Q..........................................T........................... ...8...............@............................text............................... ..`.rdata...k.......l..................@..@.data...T>...p...8...\..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_decimal.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):250768
                                                                    Entropy (8bit):6.527857952800466
                                                                    Encrypted:false
                                                                    SSDEEP:6144:MJFPEV3nLF0eMMCtGzohEgCmUQjYK9qWMa3pLW1AtSrYB4BRWr8k:cPgXLF035tVZCRBQC06nWr8k
                                                                    MD5:D976C5F77A6370CF6F28A5714BF49AE3
                                                                    SHA1:79273EB123A68BA5CB91FF37EE0A82CEE880C2CC
                                                                    SHA-256:FE2BCCB2E204A736ED86A8D16EFFEAFE83B30B44F809349E172142665DE8458A
                                                                    SHA-512:57DF90F9FAF31F81F245A39A14C0784A3FACE4F76F00430DE8CFF2E86B55FA3269CD595119FD093E03709DEBF0888618917CAE5EA5E68F43A8E928861CAA01C5
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t!=.0@S.0@S.0@S.98..>@S.b5R.2@S.b5V.<@S.b5W.8@S.b5P.4@S..5R.3@S..2R.2@S.0@R..@S..5P.1@S..5^.?@S..5S.1@S..5..1@S..5Q.1@S.Rich0@S.................PE..d....y.a.........." .....|...:......l...............................................-.....`..........................................T..P....T...................'..............<... ...T...............................8............................................text....{.......|.................. ..`.rdata..............................@..@.data....)...p...$...X..............@....pdata...'.......(...|..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_hashlib.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):60304
                                                                    Entropy (8bit):6.093275200649072
                                                                    Encrypted:false
                                                                    SSDEEP:768:JV/wp93dN0yIITgu/w521DxBjWO/Z1bbr1IG5ItYiSyvJhKy:GNdeyIaVww1TjWMr1IG5It7Syf
                                                                    MD5:F63DA7F9A4E64148255E9D3885E7A008
                                                                    SHA1:756DC192E7B2932DF147C48F05EC5E38E9AA06E6
                                                                    SHA-256:FA0BB4BF93A6739CE5ADE6A7A69272BBC1227D09C7AFC1C027D6CEA41141BCC6
                                                                    SHA-512:23D06DEF20C3668613392A02832777B27AD5353E1DC246316043B606890445D195A1066FCA65300A5D429319AA2AE2505F9FA3A5AB0F97ABA2717B64AAA07E8D
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bGq.&&..&&..&&../^.."&..tS..$&..tS..-&..tS...&..tS..%&..S..$&...T..$&...Q..%&..&&..&..S..'&..S..'&..S..'&..S..'&..Rich&&..........................PE..d....y.a.........." .....P...~.......<...................................................`.............................................P......................................T....k..T............................k..8............`...............................text....N.......P.................. ..`.rdata...O...`...P...T..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_lzma.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):154000
                                                                    Entropy (8bit):6.8078458773005055
                                                                    Encrypted:false
                                                                    SSDEEP:3072:GD6xBrqs+vs0H0q8bnpbVZbXsAIPznfo9mNoK5vSpxpRIGe1y2:GD63rcRLCV+7wYOK50P2
                                                                    MD5:BA3797D77B4B1F3B089A73C39277B343
                                                                    SHA1:364A052731CFE40994C6FEF4C51519F7546CD0B1
                                                                    SHA-256:F904B02720B6498634FC045E3CC2A21C04505C6BE81626FE99BDB7C12CC26DC6
                                                                    SHA-512:5688AE25405AE8C5491898C678402C7A62EC966A8EC77891D9FD397805A5CFCF02D7AE8E2AA27377D65E6CE05B34A7FFDEDF3942A091741AF0D5BCE41628BF7D
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l............................................Z......3.............Z......Z......Z......Z......Rich............PE..d....y.a.........." .....^...........2....................................................`.............................................L...,...x....`.......@.......:.......p..D...H{..T............................{..8............p...............................text....].......^.................. ..`.rdata.......p.......b..............@..@.data........0......................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..D....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_multiprocessing.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):30608
                                                                    Entropy (8bit):6.135161247478225
                                                                    Encrypted:false
                                                                    SSDEEP:768:RgZtYyJmJxGYaAo5dU71IGRtS7YiSyvnh/:KLYzJsYXo5dU71IGRtS77SyJ
                                                                    MD5:0782334CC86B71E3F904EEAA1EF1489E
                                                                    SHA1:A3DA99365DBC73A062395DB086C6E7B6252AEB19
                                                                    SHA-256:D2B4CC8F4C5A1F366BD6A1F8E2AA6CFF2853AE07C29D9FB9D0C0DF5DFF8EBC81
                                                                    SHA-512:90E6C03B0A02385AF891431DDA91B4EF9EFF1B0EF469A0D3CE246C54B711FABB0B06947FDF0409C708FD18A1B0DF1EF56AB9953839DD63114CB422A74A15F9FB
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ..d ... ..!... ..!... ..!... ..!... ...!... ... ... i..!... ...!... ...!... ... ... ...!... Rich... ........PE..d....y.a.........." .........<......0.....................................................`.........................................0D..`....D..x....p.......`.......X..............`3..T............................3..8............0...............................text............................... ..`.rdata..|....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_overlapped.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):45968
                                                                    Entropy (8bit):6.177004805480751
                                                                    Encrypted:false
                                                                    SSDEEP:768:xAM30iXUtee0Vb47XTT5l8XFOPRcqdc5U3dIGstlYiSyv7vh0S:xAM3hRKcqd13dIGstl7SyD+S
                                                                    MD5:DF1D3CE615F29061CDE0F619951F4E93
                                                                    SHA1:528F48DDA6674E23C5881593BAC724A55A73E415
                                                                    SHA-256:4BB4AD9BCD89138669909EFAAF6F344AD95F31015329351C94A8D4FDBA71314C
                                                                    SHA-512:55BDB7AE01E6D5A4FCBA28A87C4A6ED49AA008CCB282F213EF83A1F3DF8BF71B18708362A8AFC7BC86401BA0F8EFF7C6511A8A50665D5E5A59FB1AEB07E2EAC2
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4.J.p.$.p.$.p.$.y...t.$.".%.r.$.".!.{.$.". .x.$.".'.s.$..%.r.$.p.%...$...%.u.$... .q.$..).q.$..$.q.$....q.$..&.q.$.Richp.$.........PE..d....y.a.........." .....>...X...... ................................................c....`.........................................0w..X....w......................................`U..T............................U..8............P...............................text...~<.......>.................. ..`.rdata..F4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_queue.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):27536
                                                                    Entropy (8bit):6.261734078833693
                                                                    Encrypted:false
                                                                    SSDEEP:384:smfqkQfdUCUFYS9F6XP6rEhSSVYptTDbPdIG7UcIYiSy1pCQ7Rhp7:spdUC+y6rEhSSVYTPdIG7UNYiSyvdhp7
                                                                    MD5:E6BB918CC02CD270BAD449875577427C
                                                                    SHA1:5B22420AE4170858A6A2AA04A54ADC26B9A8051C
                                                                    SHA-256:2D8B41DAD8A8506870E6F2E2A5856C6C6C68A219F18BD88AD79C63CFA1366B1F
                                                                    SHA-512:B19353E0DF213525C466D5CB80F362AB1A22EAF9940F742B59DF1C2842E49594DB87A5119289DCA616FDFA3E808C7CEB26906E0FF8723AFC80AF768496FACA9C
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.a....................@.......@.......@.......@..........................Z...............................Rich....................PE..d....y.a.........." .........6......................................................D!....`.........................................@C..L....C..d....p.......`.......L...............3..T...........................p3..8............0.. ............................text...*........................... ..`.rdata.......0......................@..@.data........P.......8..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_socket.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):75152
                                                                    Entropy (8bit):6.147254943521508
                                                                    Encrypted:false
                                                                    SSDEEP:1536:z1XB7kEDATyhAZ9/s+S+pxyXc/+lf7PdIGQwP7Syr:ZXB4EDXhAZ9/sT+px8c/Sz1IGQwP9
                                                                    MD5:79C2FF05157EF4BA0A940D1C427C404E
                                                                    SHA1:17DA75D598DEAA480CDD43E282398E860763297B
                                                                    SHA-256:F3E0E2F3E70AB142E7CE1A4D551C5623A3317FB398D359E3BD8E26D21847F707
                                                                    SHA-512:F91FC9C65818E74DDC08BBE1CCEA49F5F60D6979BC27E1CDB2EF40C2C8A957BD3BE7AEA5036394ABAB52D51895290D245FD5C9F84CC3CC554597AE6F85C149E1
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w...............nk......c.......c.......c.......c......xc..........t....d......xc......xc......xc......xc......Rich....................PE..d....y.a.........." .....l.......... &.......................................P......v7....`.............................................P............0....... ..<............@..........T..............................8............................................text...Fj.......l.................. ..`.rdata..Ts.......t...p..............@..@.data...............................@....pdata..<.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\_ssl.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):156560
                                                                    Entropy (8bit):5.942876418107184
                                                                    Encrypted:false
                                                                    SSDEEP:3072:RYNRsSzeOfeC1uHv8MmouyETvb8VqH70NmHh4kwooSLteSdo9dRIGt7+ig:RYjPzeOfeYMvZuyvV0Dtho9dVg
                                                                    MD5:1ED0EF72A40268E300A611BA4AB20DFD
                                                                    SHA1:4D04D5911A6ED422308EA11D7B15821AF8F62585
                                                                    SHA-256:5860FE208122219A4071CC369D5001EDC3B08C13BD96156ABD1375E35401ACD0
                                                                    SHA-512:F72EA051ED50A09561414FC41D837C03CE44BE9D8E4C39F59133DD8A092C9F13FC942C58DC8517EDC149CAA3BF7D94FA6BDBE88CABC8CB3C6A02428676572F3E
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.D...*...*...*.......*.D.+...*.D./...*.D.....*.D.)...*..+...*...+...*...+..*...+...*..'...*..*...*......*..(...*.Rich..*.................PE..d....y.a.........." ................l*....................................................`.............................................d............`.......P.......D.......p..8.......T...............................8...............x............................text...T........................... ..`.rdata..............................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..8....p.......6..............@..B................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\base_library.zip

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                    Category:dropped
                                                                    Size (bytes):831571
                                                                    Entropy (8bit):5.700753783228928
                                                                    Encrypted:false
                                                                    SSDEEP:12288:mVghg9FMWyrVqF3IUtA4a2Y4dgVwOlfJEW4XSgMNP:mVghVVrCLa2oVwOlfJEW4fMNP
                                                                    MD5:AB6D3149A35E6BADDF630CDCEFE0DAB5
                                                                    SHA1:44CDB197E8E549A503F6CFCB867A83BF2214D01C
                                                                    SHA-256:1D91FA604893531393F83E03E68EB97D2C14C2D957ED33877D2B27B7C30CE059
                                                                    SHA-512:28A882E86D92D42FF983B68445CC90431C2B65B7EC3ABBFFB5585A9750D67B8B52A1361E20D4D80CA4A30B927FE543A2E9C9A65C1846E42A112B511DDC59545A
                                                                    Malicious:false
                                                                    Preview:PK..........!.].us............_collections_abc.pyco........6.-........................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\libcrypto-1_1.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):3438840
                                                                    Entropy (8bit):6.094542623790425
                                                                    Encrypted:false
                                                                    SSDEEP:49152:DTKuk2HvIU6iwpOjPWBdwQN+5X2uyWsrV4+OGyu1BYGx6KCIrA9NPe0Cs5Z1CPwE:Pg+Hb5Wt+2BoBIcU0CsD1CPwDv3uFfJZ
                                                                    MD5:63C756D74C729D6D24DA2B8EF596A391
                                                                    SHA1:7610BB1CBF7A7FDB2246BE55D8601AF5F1E28A00
                                                                    SHA-256:17D0F4C13C213D261427EE186545B13EF0C67A99FE7AD12CD4D7C9EC83034AC8
                                                                    SHA-512:D9CF045BB1B6379DD44F49405CB34ACF8570AED88B684D0AB83AF571D43A0D8DF46D43460D3229098BD767DD6E0EF1D8D48BC90B9040A43B5469CEF7177416A2
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................0.........................3........^....^.....^....^.\...^....Rich............................PE..d....A.a.........." ......$...................................................5.......4...`..........................................h/..h...:4.@....p4.|....`2.h....\4.......4..O..,.,.8...........................p.,.8............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata..8....`2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..c....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...x....4..z....3.............@..B................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\libffi-7.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):32792
                                                                    Entropy (8bit):6.3566777719925565
                                                                    Encrypted:false
                                                                    SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                    MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                    SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                    SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                    SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\libssl-1_1.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):698104
                                                                    Entropy (8bit):5.531132600342763
                                                                    Encrypted:false
                                                                    SSDEEP:12288:tgH+zxL52Y1Ag5EbSJyin89m8GXfbmednWAeO6GKaf525eWP8U2lvzI:DD1Ag5h/L5mO6GVf52se8U2lvzI
                                                                    MD5:86556DA811797C5E168135360ACAC6F2
                                                                    SHA1:42D868FC25C490DB60030EF77FBA768374E7FE03
                                                                    SHA-256:A594FC6FA4851B3095279F6DC668272EE975E7E03B850DA4945F49578ABE48CB
                                                                    SHA-512:4BA4D6BFFF563A3F9C139393DA05321DB160F5AE8340E17B82F46BCAF30CBCC828B2FC4A4F86080E4826F0048355118EF21A533DEF5E4C9D2496B98951344690
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!9._@W^_@W^_@W^V8.^S@W^.7V_]@W^.2V_]@W^.7R_T@W^.7S_W@W^.7T_[@W^.7V_\@W^_@V^.AW^.7S_s@W^.7W_^@W^.7.^^@W^.7U_^@W^Rich_@W^........PE..d....A.a.........." .....<...T......<...............................................)&....`.........................................00...N..HE..........s.......|M..............t...t...8...............................8............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..c............d..............@..@.rsrc...s............f..............@..@.reloc..]............n..............@..B................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\pyexpat.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):192400
                                                                    Entropy (8bit):6.331661708582381
                                                                    Encrypted:false
                                                                    SSDEEP:3072:7UV1H8t//ZpdhxqMO2lr9JuB9OSH4ZCXRfWiTayyTvfvaycv0XOgeEnnRPcsR+2U:yVG/Ddh5r9JuB0SDfV9yTvfvx+Zj
                                                                    MD5:F3630FA0CA9CB85BFC865D00EF71F0AA
                                                                    SHA1:F176FDB823417ABEB54DAED210CF0BA3B6E02769
                                                                    SHA-256:AC1DFB6CDEEADBC386DBD1AFDDA4D25BA5B9B43A47C97302830D95E2A7F2D056
                                                                    SHA-512:B8472A69000108D462940F4D2B5A611E00D630DF1F8D6041BE4F7B05A9FD9F8E8AA5DE5FE880323569AC1B6857A09B7B9D27B3268D2A83A81007D94A8B8DA0FF
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B.J.B.J.B.J.::J.B.J.7.K.B.J.7.K.B.J.7.K.B.J.7.K.B.J57.K.B.J\0.K.B.J.B.J.B.J57.K.B.J57.K.B.J57VJ.B.J57.K.B.JRich.B.J................PE..d....y.a.........." ................p................................................8....`.............................................P...P........................................4..T...........................P5..8............ ...............................text............................... ..`.rdata..|.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\python310.dll

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):4453776
                                                                    Entropy (8bit):6.4554098557218
                                                                    Encrypted:false
                                                                    SSDEEP:49152:wplyWz2QcN6iPdzYjz0AMs9Kt2KnX0OCpFLoFnAcECdNCsugztL0DD9fIysVHkDx:sximj29G5H+ywH+MWqlgdMW
                                                                    MD5:C6C37B848273E2509A7B25ABE8BF2410
                                                                    SHA1:B27CFBD31336DA1E9B1F90E8F649A27154411D03
                                                                    SHA-256:B7A7F3707BEAB109B66DE3E340E3022DD83C3A18F444FEB9E982C29CF23C29B8
                                                                    SHA-512:222AD791304963A4B8C1C6055E02C0C4C47FCE2BB404BD4F89C022FF9706E29CA6FA36C72350FBF296C8A0E3E48E3756F969C003DD1EB056CD026EFE0B7EBA40
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4...4...4...A...4...[n..4...A...4...A...4...A...4...L...4..zF...4...4...5...A..i4...A...4...Al..4...A...4..Rich.4..................PE..d....y.a.........." .....j#..^!.....l.........................................E......ND...`...........................................<.....X.=.|....pD......PB.......C.......D..t....$.T...........................0.$.8.............#.(............................text...>h#......j#................. ..`.rdata...+....#..,...n#.............@..@.data.........=.......=.............@....pdata.......PB......DA.............@..@PyRuntim`....`D......RC.............@....rsrc........pD......VC.............@..@.reloc...t....D..v...`C.............@..B................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\select.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):26000
                                                                    Entropy (8bit):6.339693503329678
                                                                    Encrypted:false
                                                                    SSDEEP:384:NUTqPjk/7e12hwheCPHqqYBsVRXPdIG7GxIYiSy1pCQFC67hEQ:iTgUC2hwh7HqbYVPdIG7GmYiSyvD7hF
                                                                    MD5:431464C4813ED60FBF15A8BF77B0E0CE
                                                                    SHA1:9825F6A8898E38C7A7DDC6F0D4B017449FB54794
                                                                    SHA-256:1F56DF23A36132F1E5BE4484582C73081516BEE67C25EF79BEEE01180C04C7F0
                                                                    SHA-512:53175384699A7BB3B93467065992753B73D8F3A09E95E301A1A0386C6A1224FA9ED8FA42C99C1FFBCFA6377B6129E3DB96E23750E7F23B4130AF77D14AC504A0
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N......N...O...N...K...N...J...N...M...N.t.O...N...O...N...O...N.t.C...N.t.N...N.t.....N.t.L...N.Rich..N.................PE..d....y.a.........." .........0............................................................`.........................................`@..L....@..x....p.......`.......F..........H....2..T............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata.......`.......6..............@..@.rsrc........p.......:..............@..@.reloc..H............D..............@..B........................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\_MEI73522\unicodedata.pyd

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1118608
                                                                    Entropy (8bit):5.375765997910847
                                                                    Encrypted:false
                                                                    SSDEEP:12288:ArlBMmuZ63NNQCb5Pfhnzr0ql8L8kdM7IRG5eeme6VZyrIBHdQLhfFE+uOVg:mlBuqZV0m81MMREtV6Vo4uYOVg
                                                                    MD5:D1182BA27939104010B6313C466D49FF
                                                                    SHA1:7870134F41BA5333294C927DBD77D3F740AC87E7
                                                                    SHA-256:1AC171F51CC87F268617B4A635B2331D5991D987D32BB206DD4E38033449C052
                                                                    SHA-512:EF26A2C8B0094792E10CEABBF4D11724A9368D96F888240581A15D7A551754C1484F6B2ED1B963A73B686495C7952D9CB940021028D4F230B0B47D0794607D0F
                                                                    Malicious:false
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.$z8OJ)8OJ)8OJ)17.)>OJ)j:K(:OJ)j:O(4OJ)j:N(0OJ)j:I(;OJ).:K(;OJ).=K(:OJ)8OK)iOJ).:G(9OJ).:J(9OJ).:.)9OJ).:H(9OJ)Rich8OJ)........................PE..d....y.a.........." .....B..........`*.......................................@......5.....`.............................................X...(........ .......................0......0L..T............................L..8............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                    \Device\ConDrv

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    File Type:JSON data
                                                                    Category:dropped
                                                                    Size (bytes):76
                                                                    Entropy (8bit):4.48539457902855
                                                                    Encrypted:false
                                                                    SSDEEP:3:t3EMBFReNmI4Re1AuF5QEyn:tzMmI4Rt3
                                                                    MD5:358C75D13795E7625C272D8DA8CE0AC7
                                                                    SHA1:0B67BCC0B1EAF1C937EFCBCD94AC810E029614EE
                                                                    SHA-256:59EAFB63C0DC7FCFE72BDE217BEAFC14A995B98C3DC0F2D4B9C491C73BBC30FE
                                                                    SHA-512:1783B7EBCA08F50E720C424D90C2FAE48B4C15BA4E852596DD91D15B87D8764F38000A46CA23027CA1C1917F12668E4A5CA446578C66E8F1494E574390D2D69B
                                                                    Malicious:false
                                                                    Preview:[7440] Failed to execute script 'iDiag_Result' due to unhandled exception!..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32+ executable (console) x86-64, for MS Windows
                                                                    Entropy (8bit):7.990676310634488
                                                                    TrID:
                                                                    • Win64 Executable Console (202006/5) 77.37%
                                                                    • InstallShield setup (43055/19) 16.49%
                                                                    • Win64 Executable (generic) (12005/4) 4.60%
                                                                    • Generic Win/DOS Executable (2004/3) 0.77%
                                                                    • DOS Executable Generic (2002/1) 0.77%
                                                                    File name:X4KSeQkYJT.exe
                                                                    File size:6'950'934 bytes
                                                                    MD5:e7860ba329460f1e4bf4044ca8beff56
                                                                    SHA1:a5ce48ec7e14555a87d752ec45e84947dfa61f60
                                                                    SHA256:cbce5ee823038720ed796118cc5a10fb04979b31f107c6161d8cc0e6b1d23923
                                                                    SHA512:0c97d38295873d38ad590976ed7a9c13c2b1e1b0b0bec15063fc1fee3c48698234daebdf08510e6011ee0cb296eff532ecbf9a9ace23461cf190317b0d1c3e09
                                                                    SSDEEP:196608:X9iFpymvdsCncs4njQthsiHzy7k7EZRUoSzhYx/oQf:8BvaCncNnKhs57I2zz3
                                                                    TLSH:1B663341B2A008EAE07B82798417C635DB727876131A829F17F8D77B7F532E27D7A640
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^U..?;..?;..?;..T?..?;..T8..?;..T>..?;..P...?;..J>..?;..J?..?;..J8..?;..T:..?;..?:..?;..J?..?;..J9..?;.Rich.?;................

                                                                    File Icon

                                                                    Icon Hash:2e1e7c4c4c61e979

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x140009d30
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x140000000
                                                                    Subsystem:windows cui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x638659CE [Tue Nov 29 19:13:18 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:2
                                                                    File Version Major:5
                                                                    File Version Minor:2
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:2
                                                                    Import Hash:d170e2e5adcfc4c271f2eb78a565305e

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007FEE0080EE3Ch
                                                                    dec eax
                                                                    add esp, 28h
                                                                    jmp 00007FEE0080E7B7h
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    dec eax
                                                                    mov ebx, ecx
                                                                    xor ecx, ecx
                                                                    call dword ptr [0001B3B3h]
                                                                    dec eax
                                                                    mov ecx, ebx
                                                                    call dword ptr [0001B3A2h]
                                                                    call dword ptr [0001B32Ch]
                                                                    dec eax
                                                                    mov ecx, eax
                                                                    mov edx, C0000409h
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    dec eax
                                                                    jmp dword ptr [0001B398h]
                                                                    dec eax
                                                                    mov dword ptr [esp+08h], ecx
                                                                    dec eax
                                                                    sub esp, 38h
                                                                    mov ecx, 00000017h
                                                                    call dword ptr [0001B38Ch]
                                                                    test eax, eax
                                                                    je 00007FEE0080E949h
                                                                    mov ecx, 00000002h
                                                                    int 29h
                                                                    dec eax
                                                                    lea ecx, dword ptr [0003C272h]
                                                                    call 00007FEE0080EB0Eh
                                                                    dec eax
                                                                    mov eax, dword ptr [esp+38h]
                                                                    dec eax
                                                                    mov dword ptr [0003C359h], eax
                                                                    dec eax
                                                                    lea eax, dword ptr [esp+38h]
                                                                    dec eax
                                                                    add eax, 08h
                                                                    dec eax
                                                                    mov dword ptr [0003C2E9h], eax
                                                                    dec eax
                                                                    mov eax, dword ptr [0003C342h]
                                                                    dec eax
                                                                    mov dword ptr [0003C1B3h], eax
                                                                    dec eax
                                                                    mov eax, dword ptr [esp+40h]
                                                                    dec eax
                                                                    mov dword ptr [0003C2B7h], eax
                                                                    mov dword ptr [0003C18Dh], C0000409h
                                                                    mov dword ptr [0003C187h], 00000001h
                                                                    mov dword ptr [0003C191h], 00000001h

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x359f80x3c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000xf010.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1e48.pdata
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x5b0000x74c.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x338200x1c.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x338400x138.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x250000x320.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x235e00x23600d7fa6f1a0c2e39e5e7ead14e92ea99c9False0.5657851148409894zlib compressed data6.47352136327787IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x250000x114fc0x1160034e645f32df8a2de420f7c05ca3219d6False0.49572841726618705data5.731978018431414IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x370000x103980xc001cc543037802ecab778979a9d38fefa4False0.13899739583333334data1.858092386347253IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .pdata0x480000x1e480x2000ac00f06362e5910fa2833334b348e1bcFalse0.467529296875data5.167813698185148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    _RDATA0x4a0000xf40x200e2027b2205402187ea5ceb5c90bdf5f1False0.29296875data1.9794448201684922IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x4b0000xf0100xf200d9314e598f3ba65e83687a7f26097034False0.7952124225206612data7.356258776914317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x5b0000x74c0x8006607b018e266376a81d45bed63616545False0.55419921875data5.231240074144435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0x4b2080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                    RT_ICON0x4c0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                    RT_ICON0x4c9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                    RT_ICON0x4cec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                    RT_ICON0x55f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                    RT_ICON0x585040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                    RT_ICON0x595ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                    RT_GROUP_ICON0x59a140x68data0.7019230769230769
                                                                    RT_MANIFEST0x59a7c0x591XML 1.0 document, ASCII text, with CRLF line terminators0.44842105263157894

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, CreateProcessW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW
                                                                    ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                    Network Behavior

                                                                    No network behavior found

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:2
                                                                    Start time:06:19:17
                                                                    Start date:01/11/2024
                                                                    Path:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\X4KSeQkYJT.exe"
                                                                    Imagebase:0x7ff7a6a20000
                                                                    File size:6'950'934 bytes
                                                                    MD5 hash:E7860BA329460F1E4BF4044CA8BEFF56
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:3
                                                                    Start time:06:19:17
                                                                    Start date:01/11/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7699e0000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:06:19:18
                                                                    Start date:01/11/2024
                                                                    Path:C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\X4KSeQkYJT.exe"
                                                                    Imagebase:0x7ff7a6a20000
                                                                    File size:6'950'934 bytes
                                                                    MD5 hash:E7860BA329460F1E4BF4044CA8BEFF56
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:12%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:13.7%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:84
                                                                      execution_graph 14347 7ff7a6a2c0c8 14348 7ff7a6a2c0ea 14347->14348 14349 7ff7a6a2c10d 14347->14349 14361 7ff7a6a35a60 14348->14361 14349->14348 14350 7ff7a6a2c112 14349->14350 14360 7ff7a6a2fc20 EnterCriticalSection 14350->14360 14357 7ff7a6a2c0fa 14367 7ff7a6a38714 GetLastError 14361->14367 14363 7ff7a6a2c0ef 14364 7ff7a6a35940 14363->14364 14449 7ff7a6a35890 14364->14449 14368 7ff7a6a38736 14367->14368 14369 7ff7a6a3873b 14367->14369 14390 7ff7a6a39a64 14368->14390 14374 7ff7a6a38743 SetLastError 14369->14374 14394 7ff7a6a39aac 14369->14394 14374->14363 14377 7ff7a6a3878f 14380 7ff7a6a39aac _get_daylight 6 API calls 14377->14380 14378 7ff7a6a3877f 14379 7ff7a6a39aac _get_daylight 6 API calls 14378->14379 14382 7ff7a6a38786 14379->14382 14381 7ff7a6a38797 14380->14381 14383 7ff7a6a387ad 14381->14383 14384 7ff7a6a3879b 14381->14384 14406 7ff7a6a35a80 14382->14406 14411 7ff7a6a38348 14383->14411 14387 7ff7a6a39aac _get_daylight 6 API calls 14384->14387 14387->14382 14416 7ff7a6a39694 14390->14416 14395 7ff7a6a39694 try_get_function 5 API calls 14394->14395 14396 7ff7a6a39ada 14395->14396 14397 7ff7a6a39aec TlsSetValue 14396->14397 14398 7ff7a6a3875e 14396->14398 14397->14398 14398->14374 14399 7ff7a6a3961c 14398->14399 14404 7ff7a6a3962d _get_daylight 14399->14404 14400 7ff7a6a3967e 14403 7ff7a6a35a60 _get_daylight 12 API calls 14400->14403 14401 7ff7a6a39662 HeapAlloc 14402 7ff7a6a38771 14401->14402 14401->14404 14402->14377 14402->14378 14403->14402 14404->14400 14404->14401 14426 7ff7a6a3dc2c 14404->14426 14407 7ff7a6a35ab7 14406->14407 14408 7ff7a6a35a85 RtlFreeHeap 14406->14408 14407->14374 14408->14407 14409 7ff7a6a35aa0 14408->14409 14410 7ff7a6a35a60 _get_daylight 12 API calls 14409->14410 14410->14407 14435 7ff7a6a38220 14411->14435 14417 7ff7a6a396f5 TlsGetValue 14416->14417 14424 7ff7a6a396f0 try_get_function 14416->14424 14418 7ff7a6a397d8 14418->14417 14421 7ff7a6a397e6 GetProcAddress 14418->14421 14419 7ff7a6a39724 LoadLibraryExW 14420 7ff7a6a39745 GetLastError 14419->14420 14419->14424 14420->14424 14422 7ff7a6a397f7 14421->14422 14422->14417 14423 7ff7a6a397bd FreeLibrary 14423->14424 14424->14417 14424->14418 14424->14419 14424->14423 14425 7ff7a6a3977f LoadLibraryExW 14424->14425 14425->14424 14429 7ff7a6a3dc5c 14426->14429 14434 7ff7a6a3af3c EnterCriticalSection 14429->14434 14447 7ff7a6a3af3c EnterCriticalSection 14435->14447 14450 7ff7a6a38714 _get_daylight 13 API calls 14449->14450 14451 7ff7a6a358b5 14450->14451 14452 7ff7a6a358c6 14451->14452 14457 7ff7a6a35960 IsProcessorFeaturePresent 14451->14457 14452->14357 14458 7ff7a6a35973 14457->14458 14461 7ff7a6a3572c 14458->14461 14462 7ff7a6a35766 _wfindfirst32i64 memcpy_s 14461->14462 14463 7ff7a6a3578e RtlCaptureContext RtlLookupFunctionEntry 14462->14463 14464 7ff7a6a357c8 RtlVirtualUnwind 14463->14464 14465 7ff7a6a357fe IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14463->14465 14464->14465 14466 7ff7a6a35850 _wfindfirst32i64 14465->14466 14469 7ff7a6a29a50 14466->14469 14470 7ff7a6a29a59 14469->14470 14471 7ff7a6a29a64 GetCurrentProcess TerminateProcess 14470->14471 14472 7ff7a6a29d78 IsProcessorFeaturePresent 14470->14472 14473 7ff7a6a29d90 14472->14473 14478 7ff7a6a29f6c RtlCaptureContext 14473->14478 14479 7ff7a6a29f86 RtlLookupFunctionEntry 14478->14479 14480 7ff7a6a29f9c RtlVirtualUnwind 14479->14480 14481 7ff7a6a29da3 14479->14481 14480->14479 14480->14481 14482 7ff7a6a29d44 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14481->14482 17654 7ff7a6a29ad0 17655 7ff7a6a29ae0 17654->17655 17671 7ff7a6a30ec0 17655->17671 17657 7ff7a6a29aec 17677 7ff7a6a2a068 17657->17677 17659 7ff7a6a2a348 7 API calls 17661 7ff7a6a29b85 17659->17661 17660 7ff7a6a29b04 _RTC_Initialize 17669 7ff7a6a29b59 17660->17669 17682 7ff7a6a2a218 17660->17682 17663 7ff7a6a29b19 17685 7ff7a6a33988 17663->17685 17669->17659 17670 7ff7a6a29b75 17669->17670 17672 7ff7a6a30ed1 17671->17672 17673 7ff7a6a35a60 _get_daylight 13 API calls 17672->17673 17674 7ff7a6a30ed9 17672->17674 17675 7ff7a6a30ee8 17673->17675 17674->17657 17676 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 17675->17676 17676->17674 17678 7ff7a6a2a079 17677->17678 17679 7ff7a6a2a07e __scrt_acquire_startup_lock 17677->17679 17678->17679 17680 7ff7a6a2a348 7 API calls 17678->17680 17679->17660 17681 7ff7a6a2a0f2 17680->17681 17710 7ff7a6a2a1dc 17682->17710 17684 7ff7a6a2a221 17684->17663 17686 7ff7a6a339a8 17685->17686 17700 7ff7a6a29b25 17685->17700 17687 7ff7a6a339b0 17686->17687 17688 7ff7a6a339c6 GetModuleFileNameW 17686->17688 17689 7ff7a6a35a60 _get_daylight 13 API calls 17687->17689 17692 7ff7a6a339f1 17688->17692 17690 7ff7a6a339b5 17689->17690 17691 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 17690->17691 17691->17700 17725 7ff7a6a33928 17692->17725 17695 7ff7a6a33a39 17697 7ff7a6a35a60 _get_daylight 13 API calls 17695->17697 17696 7ff7a6a33a51 17701 7ff7a6a33a73 17696->17701 17703 7ff7a6a33ab8 17696->17703 17704 7ff7a6a33a9f 17696->17704 17698 7ff7a6a33a3e 17697->17698 17699 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17698->17699 17699->17700 17700->17669 17709 7ff7a6a2a2ec InitializeSListHead 17700->17709 17702 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17701->17702 17702->17700 17706 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17703->17706 17705 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17704->17705 17707 7ff7a6a33aa8 17705->17707 17706->17701 17708 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17707->17708 17708->17700 17711 7ff7a6a2a1f6 17710->17711 17713 7ff7a6a2a1ef 17710->17713 17714 7ff7a6a3499c 17711->17714 17713->17684 17717 7ff7a6a345e8 17714->17717 17724 7ff7a6a3af3c EnterCriticalSection 17717->17724 17726 7ff7a6a33940 17725->17726 17730 7ff7a6a33978 17725->17730 17727 7ff7a6a3961c _get_daylight 13 API calls 17726->17727 17726->17730 17728 7ff7a6a3396e 17727->17728 17729 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 17728->17729 17729->17730 17730->17695 17730->17696 17731 7ff7a6a443d4 17732 7ff7a6a443ed 17731->17732 17733 7ff7a6a443e3 17731->17733 17735 7ff7a6a3af90 LeaveCriticalSection 17733->17735 14483 7ff7a6a33028 14484 7ff7a6a3305e 14483->14484 14485 7ff7a6a3303f 14483->14485 14495 7ff7a6a2fc20 EnterCriticalSection 14484->14495 14486 7ff7a6a35a60 _get_daylight 13 API calls 14485->14486 14489 7ff7a6a33044 14486->14489 14491 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14489->14491 14494 7ff7a6a3304f 14491->14494 18513 7ff7a6a32630 18518 7ff7a6a3af3c EnterCriticalSection 18513->18518 14612 7ff7a6a3b134 14613 7ff7a6a3b158 14612->14613 14617 7ff7a6a3b16c 14612->14617 14614 7ff7a6a35a60 _get_daylight 13 API calls 14613->14614 14615 7ff7a6a3b15d 14614->14615 14616 7ff7a6a3b406 14618 7ff7a6a35a60 _get_daylight 13 API calls 14616->14618 14617->14616 14619 7ff7a6a3b1af 14617->14619 14736 7ff7a6a3b778 14617->14736 14654 7ff7a6a3b23b 14618->14654 14621 7ff7a6a3b20b 14619->14621 14622 7ff7a6a3b1d5 14619->14622 14629 7ff7a6a3b1ff 14619->14629 14625 7ff7a6a3961c _get_daylight 13 API calls 14621->14625 14621->14654 14751 7ff7a6a34000 14622->14751 14623 7ff7a6a3b2b9 14630 7ff7a6a3b2d6 14623->14630 14636 7ff7a6a3b328 14623->14636 14628 7ff7a6a3b221 14625->14628 14633 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14628->14633 14629->14623 14629->14654 14757 7ff7a6a416a0 14629->14757 14635 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14630->14635 14631 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14631->14615 14632 7ff7a6a3b1e3 14632->14629 14638 7ff7a6a3b778 33 API calls 14632->14638 14634 7ff7a6a3b22f 14633->14634 14634->14629 14640 7ff7a6a3961c _get_daylight 13 API calls 14634->14640 14634->14654 14637 7ff7a6a3b2df 14635->14637 14639 7ff7a6a3daa8 33 API calls 14636->14639 14636->14654 14647 7ff7a6a3b2e4 14637->14647 14793 7ff7a6a3daa8 14637->14793 14638->14629 14641 7ff7a6a3b363 14639->14641 14642 7ff7a6a3b25a 14640->14642 14643 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14641->14643 14645 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14642->14645 14643->14647 14645->14629 14646 7ff7a6a3b310 14648 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14646->14648 14647->14647 14649 7ff7a6a3961c _get_daylight 13 API calls 14647->14649 14647->14654 14648->14647 14650 7ff7a6a3b3ad 14649->14650 14664 7ff7a6a3b3f4 14650->14664 14712 7ff7a6a34c24 14650->14712 14652 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14652->14654 14654->14631 14655 7ff7a6a3b3c8 14802 7ff7a6a417b8 14655->14802 14656 7ff7a6a3b43f 14658 7ff7a6a35960 _wfindfirst32i64 17 API calls 14656->14658 14660 7ff7a6a3b453 14658->14660 14661 7ff7a6a3b47c 14660->14661 14666 7ff7a6a3b490 14660->14666 14663 7ff7a6a35a60 _get_daylight 13 API calls 14661->14663 14662 7ff7a6a35a60 _get_daylight 13 API calls 14662->14664 14665 7ff7a6a3b481 14663->14665 14664->14652 14667 7ff7a6a3b723 14666->14667 14669 7ff7a6a3b4cf 14666->14669 14721 7ff7a6a3b860 14666->14721 14668 7ff7a6a35a60 _get_daylight 13 API calls 14667->14668 14704 7ff7a6a3b55a 14668->14704 14671 7ff7a6a3b529 14669->14671 14673 7ff7a6a3b4f7 14669->14673 14677 7ff7a6a3b51d 14669->14677 14675 7ff7a6a3b551 14671->14675 14678 7ff7a6a3961c _get_daylight 13 API calls 14671->14678 14671->14704 14672 7ff7a6a3b5d8 14684 7ff7a6a3b5f5 14672->14684 14690 7ff7a6a3b648 14672->14690 14821 7ff7a6a3403c 14673->14821 14675->14677 14679 7ff7a6a3961c _get_daylight 13 API calls 14675->14679 14675->14704 14677->14672 14677->14704 14827 7ff7a6a41560 14677->14827 14681 7ff7a6a3b543 14678->14681 14683 7ff7a6a3b57c 14679->14683 14686 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14681->14686 14682 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14682->14665 14687 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14683->14687 14688 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14684->14688 14685 7ff7a6a3b505 14685->14677 14689 7ff7a6a3b860 33 API calls 14685->14689 14686->14675 14687->14677 14691 7ff7a6a3b5fe 14688->14691 14689->14677 14692 7ff7a6a3daa8 33 API calls 14690->14692 14690->14704 14695 7ff7a6a3daa8 33 API calls 14691->14695 14697 7ff7a6a3b604 14691->14697 14693 7ff7a6a3b684 14692->14693 14694 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14693->14694 14694->14697 14696 7ff7a6a3b630 14695->14696 14698 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14696->14698 14697->14697 14699 7ff7a6a3961c _get_daylight 13 API calls 14697->14699 14697->14704 14698->14697 14700 7ff7a6a3b6cf 14699->14700 14701 7ff7a6a3b711 14700->14701 14703 7ff7a6a3b0cc _wfindfirst32i64 30 API calls 14700->14703 14702 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14701->14702 14702->14704 14705 7ff7a6a3b6e5 14703->14705 14704->14682 14706 7ff7a6a3b6e9 SetEnvironmentVariableW 14705->14706 14707 7ff7a6a3b761 14705->14707 14706->14701 14709 7ff7a6a3b70c 14706->14709 14708 7ff7a6a35960 _wfindfirst32i64 17 API calls 14707->14708 14710 7ff7a6a3b775 14708->14710 14711 7ff7a6a35a60 _get_daylight 13 API calls 14709->14711 14711->14701 14713 7ff7a6a34c3b 14712->14713 14714 7ff7a6a34c31 14712->14714 14715 7ff7a6a35a60 _get_daylight 13 API calls 14713->14715 14714->14713 14718 7ff7a6a34c56 14714->14718 14720 7ff7a6a34c42 14715->14720 14716 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14717 7ff7a6a34c4e 14716->14717 14717->14655 14717->14656 14718->14717 14719 7ff7a6a35a60 _get_daylight 13 API calls 14718->14719 14719->14720 14720->14716 14722 7ff7a6a3b8a0 14721->14722 14723 7ff7a6a3b883 14721->14723 14724 7ff7a6a3961c _get_daylight 13 API calls 14722->14724 14723->14669 14731 7ff7a6a3b8c4 14724->14731 14725 7ff7a6a3b948 14851 7ff7a6a34c84 14725->14851 14726 7ff7a6a3b925 14729 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14726->14729 14729->14723 14730 7ff7a6a3961c _get_daylight 13 API calls 14730->14731 14731->14725 14731->14726 14731->14730 14732 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14731->14732 14733 7ff7a6a3b0cc _wfindfirst32i64 30 API calls 14731->14733 14734 7ff7a6a3b934 14731->14734 14732->14731 14733->14731 14735 7ff7a6a35960 _wfindfirst32i64 17 API calls 14734->14735 14735->14725 14737 7ff7a6a3b7ad 14736->14737 14738 7ff7a6a3b795 14736->14738 14739 7ff7a6a3961c _get_daylight 13 API calls 14737->14739 14738->14619 14745 7ff7a6a3b7d1 14739->14745 14740 7ff7a6a3b832 14742 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14740->14742 14741 7ff7a6a34c84 33 API calls 14743 7ff7a6a3b85c 14741->14743 14742->14738 14744 7ff7a6a3961c _get_daylight 13 API calls 14744->14745 14745->14740 14745->14744 14746 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14745->14746 14747 7ff7a6a34c24 30 API calls 14745->14747 14748 7ff7a6a3b841 14745->14748 14750 7ff7a6a3b856 14745->14750 14746->14745 14747->14745 14749 7ff7a6a35960 _wfindfirst32i64 17 API calls 14748->14749 14749->14750 14750->14741 14752 7ff7a6a34010 14751->14752 14753 7ff7a6a34019 14751->14753 14752->14753 14922 7ff7a6a33b0c 14752->14922 14753->14616 14753->14632 14758 7ff7a6a416ad 14757->14758 14759 7ff7a6a40844 14757->14759 14761 7ff7a6a2cefc 33 API calls 14758->14761 14760 7ff7a6a40851 14759->14760 14767 7ff7a6a40887 14759->14767 14762 7ff7a6a35a60 _get_daylight 13 API calls 14760->14762 14781 7ff7a6a407f8 14760->14781 14764 7ff7a6a416e1 14761->14764 14765 7ff7a6a4085b 14762->14765 14763 7ff7a6a408b1 14766 7ff7a6a35a60 _get_daylight 13 API calls 14763->14766 14768 7ff7a6a416e6 14764->14768 14769 7ff7a6a416f7 14764->14769 14773 7ff7a6a4170e 14764->14773 14770 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14765->14770 14771 7ff7a6a408b6 14766->14771 14767->14763 14772 7ff7a6a408d6 14767->14772 14768->14629 14774 7ff7a6a35a60 _get_daylight 13 API calls 14769->14774 14775 7ff7a6a40866 14770->14775 14776 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14771->14776 14777 7ff7a6a2cefc 33 API calls 14772->14777 14782 7ff7a6a408c1 14772->14782 14779 7ff7a6a4172a 14773->14779 14780 7ff7a6a41718 14773->14780 14778 7ff7a6a416fc 14774->14778 14775->14629 14776->14782 14777->14782 14783 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14778->14783 14785 7ff7a6a4173b 14779->14785 14786 7ff7a6a41752 14779->14786 14784 7ff7a6a35a60 _get_daylight 13 API calls 14780->14784 14781->14629 14782->14629 14783->14768 14788 7ff7a6a4171d 14784->14788 15182 7ff7a6a40894 14785->15182 15191 7ff7a6a43400 14786->15191 14791 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14788->14791 14791->14768 14792 7ff7a6a35a60 _get_daylight 13 API calls 14792->14768 14794 7ff7a6a3daca 14793->14794 14795 7ff7a6a3dae7 14793->14795 14794->14795 14796 7ff7a6a3dad8 14794->14796 14799 7ff7a6a3daf1 14795->14799 15226 7ff7a6a42148 14795->15226 14797 7ff7a6a35a60 _get_daylight 13 API calls 14796->14797 14801 7ff7a6a3dadd memcpy_s 14797->14801 15233 7ff7a6a42184 14799->15233 14801->14646 14803 7ff7a6a2cefc 33 API calls 14802->14803 14804 7ff7a6a4181e 14803->14804 14807 7ff7a6a4182c 14804->14807 15245 7ff7a6a398bc 14804->15245 15248 7ff7a6a2fd40 14807->15248 14809 7ff7a6a41910 14811 7ff7a6a41921 14809->14811 14813 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14809->14813 14810 7ff7a6a2cefc 33 API calls 14812 7ff7a6a41897 14810->14812 14814 7ff7a6a3b3eb 14811->14814 14816 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14811->14816 14815 7ff7a6a398bc 5 API calls 14812->14815 14817 7ff7a6a418a0 14812->14817 14813->14811 14814->14662 14814->14664 14815->14817 14816->14814 14818 7ff7a6a2fd40 16 API calls 14817->14818 14819 7ff7a6a418f7 14818->14819 14819->14809 14820 7ff7a6a418ff SetEnvironmentVariableW 14819->14820 14820->14809 14822 7ff7a6a3404c 14821->14822 14825 7ff7a6a34055 14821->14825 14822->14825 15275 7ff7a6a33b78 14822->15275 14825->14667 14825->14685 14828 7ff7a6a4156d 14827->14828 14831 7ff7a6a4159a 14827->14831 14829 7ff7a6a41572 14828->14829 14828->14831 14830 7ff7a6a35a60 _get_daylight 13 API calls 14829->14830 14833 7ff7a6a41577 14830->14833 14832 7ff7a6a415de 14831->14832 14835 7ff7a6a415fd 14831->14835 14849 7ff7a6a415d2 __crtLCMapStringW 14831->14849 14834 7ff7a6a35a60 _get_daylight 13 API calls 14832->14834 14836 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14833->14836 14837 7ff7a6a415e3 14834->14837 14838 7ff7a6a41619 14835->14838 14839 7ff7a6a41607 14835->14839 14840 7ff7a6a41582 14836->14840 14841 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14837->14841 14843 7ff7a6a2cefc 33 API calls 14838->14843 14842 7ff7a6a35a60 _get_daylight 13 API calls 14839->14842 14840->14677 14841->14849 14844 7ff7a6a4160c 14842->14844 14845 7ff7a6a41626 14843->14845 14846 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14844->14846 14845->14849 15317 7ff7a6a42fe0 14845->15317 14846->14849 14849->14677 14850 7ff7a6a35a60 _get_daylight 13 API calls 14850->14849 14860 7ff7a6a32700 14851->14860 14886 7ff7a6a325e8 14860->14886 14891 7ff7a6a3af3c EnterCriticalSection 14886->14891 14923 7ff7a6a33b21 14922->14923 14924 7ff7a6a33b25 14922->14924 14923->14753 14934 7ff7a6a33e40 14923->14934 14942 7ff7a6a3ccec 14924->14942 14929 7ff7a6a33b37 14932 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14929->14932 14932->14923 14933 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14933->14929 14939 7ff7a6a33e5f 14934->14939 14940 7ff7a6a33e72 14934->14940 14935 7ff7a6a3a888 WideCharToMultiByte 14935->14940 14936 7ff7a6a3961c _get_daylight 13 API calls 14936->14940 14937 7ff7a6a33f04 14938 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14937->14938 14938->14939 14939->14753 14940->14935 14940->14936 14940->14937 14940->14939 14941 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14940->14941 14941->14940 14943 7ff7a6a3ccf9 14942->14943 14944 7ff7a6a33b2a 14942->14944 14977 7ff7a6a3866c 14943->14977 14948 7ff7a6a3d024 GetEnvironmentStringsW 14944->14948 14952 7ff7a6a3d052 14948->14952 14959 7ff7a6a3d0f4 14948->14959 14949 7ff7a6a33b2f 14949->14929 14960 7ff7a6a33be0 14949->14960 14950 7ff7a6a3d0fe FreeEnvironmentStringsW 14950->14949 14951 7ff7a6a3a888 WideCharToMultiByte 14953 7ff7a6a3d0a4 14951->14953 14952->14951 14954 7ff7a6a37e44 _fread_nolock 14 API calls 14953->14954 14953->14959 14955 7ff7a6a3d0b3 14954->14955 14956 7ff7a6a3d0dd 14955->14956 14957 7ff7a6a3a888 WideCharToMultiByte 14955->14957 14958 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14956->14958 14957->14956 14958->14959 14959->14949 14959->14950 14961 7ff7a6a33c07 14960->14961 14962 7ff7a6a3961c _get_daylight 13 API calls 14961->14962 14969 7ff7a6a33c3c 14962->14969 14963 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14964 7ff7a6a33b44 14963->14964 14964->14933 14965 7ff7a6a3961c _get_daylight 13 API calls 14965->14969 14966 7ff7a6a33c9c 15176 7ff7a6a33dfc 14966->15176 14968 7ff7a6a34c24 30 API calls 14968->14969 14969->14965 14969->14966 14969->14968 14971 7ff7a6a33cd3 14969->14971 14973 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14969->14973 14974 7ff7a6a33cab 14969->14974 14975 7ff7a6a35960 _wfindfirst32i64 17 API calls 14971->14975 14972 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14972->14974 14973->14969 14974->14963 14976 7ff7a6a33ce5 14975->14976 14978 7ff7a6a38682 14977->14978 14979 7ff7a6a3867d 14977->14979 14981 7ff7a6a39aac _get_daylight 6 API calls 14978->14981 14985 7ff7a6a3868a 14978->14985 14980 7ff7a6a39a64 _get_daylight 6 API calls 14979->14980 14980->14978 14982 7ff7a6a386a1 14981->14982 14983 7ff7a6a3961c _get_daylight 13 API calls 14982->14983 14982->14985 14986 7ff7a6a386b4 14983->14986 14984 7ff7a6a34c84 33 API calls 14987 7ff7a6a38712 14984->14987 14985->14984 14990 7ff7a6a38704 14985->14990 14988 7ff7a6a386d2 14986->14988 14989 7ff7a6a386c2 14986->14989 14991 7ff7a6a39aac _get_daylight 6 API calls 14988->14991 14992 7ff7a6a39aac _get_daylight 6 API calls 14989->14992 15002 7ff7a6a3ca74 14990->15002 14993 7ff7a6a386da 14991->14993 14994 7ff7a6a386c9 14992->14994 14995 7ff7a6a386de 14993->14995 14996 7ff7a6a386f0 14993->14996 14999 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 14994->14999 14997 7ff7a6a39aac _get_daylight 6 API calls 14995->14997 14998 7ff7a6a38348 _get_daylight 13 API calls 14996->14998 14997->14994 15000 7ff7a6a386f8 14998->15000 14999->14985 15001 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15000->15001 15001->14985 15020 7ff7a6a3cc34 15002->15020 15004 7ff7a6a3ca9d 15035 7ff7a6a3c780 15004->15035 15007 7ff7a6a3cab7 15007->14944 15008 7ff7a6a37e44 _fread_nolock 14 API calls 15011 7ff7a6a3cac8 15008->15011 15009 7ff7a6a3cb63 15010 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15009->15010 15010->15007 15011->15009 15042 7ff7a6a3cd68 15011->15042 15014 7ff7a6a3cb5e 15015 7ff7a6a35a60 _get_daylight 13 API calls 15014->15015 15015->15009 15016 7ff7a6a3cbc0 15016->15009 15053 7ff7a6a3c5c4 15016->15053 15017 7ff7a6a3cb83 15017->15016 15019 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15017->15019 15019->15016 15021 7ff7a6a3cc57 15020->15021 15023 7ff7a6a3cc61 15021->15023 15068 7ff7a6a3af3c EnterCriticalSection 15021->15068 15024 7ff7a6a3ccd3 15023->15024 15027 7ff7a6a34c84 33 API calls 15023->15027 15024->15004 15028 7ff7a6a3cceb 15027->15028 15031 7ff7a6a3cd3e 15028->15031 15032 7ff7a6a3866c 33 API calls 15028->15032 15031->15004 15033 7ff7a6a3cd28 15032->15033 15034 7ff7a6a3ca74 43 API calls 15033->15034 15034->15031 15069 7ff7a6a2cefc 15035->15069 15038 7ff7a6a3c7b2 15040 7ff7a6a3c7c7 15038->15040 15041 7ff7a6a3c7b7 GetACP 15038->15041 15039 7ff7a6a3c7a0 GetOEMCP 15039->15040 15040->15007 15040->15008 15041->15040 15043 7ff7a6a3c780 35 API calls 15042->15043 15044 7ff7a6a3cd93 15043->15044 15046 7ff7a6a3cdd0 IsValidCodePage 15044->15046 15049 7ff7a6a3ce13 memcpy_s 15044->15049 15045 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15047 7ff7a6a3cb57 15045->15047 15048 7ff7a6a3cde1 15046->15048 15046->15049 15047->15014 15047->15017 15050 7ff7a6a3ce18 GetCPInfo 15048->15050 15052 7ff7a6a3cdea memcpy_s 15048->15052 15049->15045 15050->15049 15050->15052 15101 7ff7a6a3c890 15052->15101 15175 7ff7a6a3af3c EnterCriticalSection 15053->15175 15070 7ff7a6a2cf20 15069->15070 15076 7ff7a6a2cf1b 15069->15076 15071 7ff7a6a38598 33 API calls 15070->15071 15070->15076 15072 7ff7a6a2cf3b 15071->15072 15077 7ff7a6a38840 15072->15077 15076->15038 15076->15039 15078 7ff7a6a38855 15077->15078 15080 7ff7a6a2cf5e 15077->15080 15078->15080 15085 7ff7a6a3d9d0 15078->15085 15081 7ff7a6a38874 15080->15081 15082 7ff7a6a38889 15081->15082 15084 7ff7a6a3889c 15081->15084 15082->15084 15098 7ff7a6a3cd4c 15082->15098 15084->15076 15086 7ff7a6a38598 33 API calls 15085->15086 15087 7ff7a6a3d9df 15086->15087 15088 7ff7a6a3da2a 15087->15088 15097 7ff7a6a3af3c EnterCriticalSection 15087->15097 15088->15080 15099 7ff7a6a38598 33 API calls 15098->15099 15100 7ff7a6a3cd55 15099->15100 15102 7ff7a6a3c8cd GetCPInfo 15101->15102 15111 7ff7a6a3c9c3 15101->15111 15107 7ff7a6a3c8e0 15102->15107 15102->15111 15103 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15104 7ff7a6a3ca5c 15103->15104 15104->15049 15112 7ff7a6a3d50c 15107->15112 15111->15103 15113 7ff7a6a2cefc 33 API calls 15112->15113 15114 7ff7a6a3d54e 15113->15114 15132 7ff7a6a3a0a8 15114->15132 15133 7ff7a6a3a0b0 MultiByteToWideChar 15132->15133 15177 7ff7a6a33ca4 15176->15177 15178 7ff7a6a33e01 15176->15178 15177->14972 15179 7ff7a6a33e2a 15178->15179 15180 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15178->15180 15181 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15179->15181 15180->15178 15181->15177 15183 7ff7a6a408c8 15182->15183 15184 7ff7a6a408b1 15182->15184 15183->15184 15188 7ff7a6a408d6 15183->15188 15185 7ff7a6a35a60 _get_daylight 13 API calls 15184->15185 15186 7ff7a6a408b6 15185->15186 15187 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15186->15187 15190 7ff7a6a408c1 15187->15190 15189 7ff7a6a2cefc 33 API calls 15188->15189 15188->15190 15189->15190 15190->14768 15192 7ff7a6a2cefc 33 API calls 15191->15192 15193 7ff7a6a43425 15192->15193 15196 7ff7a6a430a0 15193->15196 15200 7ff7a6a430ea 15196->15200 15197 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15198 7ff7a6a41779 15197->15198 15198->14768 15198->14792 15199 7ff7a6a43171 15201 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15199->15201 15207 7ff7a6a43175 15199->15207 15200->15199 15202 7ff7a6a4315c GetCPInfo 15200->15202 15200->15207 15203 7ff7a6a43209 15201->15203 15202->15199 15202->15207 15204 7ff7a6a37e44 _fread_nolock 14 API calls 15203->15204 15205 7ff7a6a4323c 15203->15205 15203->15207 15204->15205 15206 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15205->15206 15209 7ff7a6a433b9 15205->15209 15208 7ff7a6a432ab 15206->15208 15207->15197 15208->15209 15210 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15208->15210 15209->15207 15211 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15209->15211 15213 7ff7a6a432d1 15210->15213 15211->15207 15212 7ff7a6a432fa 15215 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15212->15215 15216 7ff7a6a4339d 15212->15216 15213->15209 15213->15212 15214 7ff7a6a37e44 _fread_nolock 14 API calls 15213->15214 15214->15212 15217 7ff7a6a4336b 15215->15217 15216->15209 15219 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15216->15219 15217->15216 15220 7ff7a6a398f8 15217->15220 15219->15209 15221 7ff7a6a39694 try_get_function 5 API calls 15220->15221 15222 7ff7a6a39936 15221->15222 15223 7ff7a6a3993b 15222->15223 15224 7ff7a6a39c40 __crtLCMapStringW 5 API calls 15222->15224 15223->15216 15225 7ff7a6a39997 CompareStringW 15224->15225 15225->15223 15227 7ff7a6a4216a HeapSize 15226->15227 15228 7ff7a6a42151 15226->15228 15229 7ff7a6a35a60 _get_daylight 13 API calls 15228->15229 15230 7ff7a6a42156 15229->15230 15231 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15230->15231 15232 7ff7a6a42161 15231->15232 15232->14799 15234 7ff7a6a42199 15233->15234 15235 7ff7a6a421a3 15233->15235 15236 7ff7a6a37e44 _fread_nolock 14 API calls 15234->15236 15237 7ff7a6a421a8 15235->15237 15243 7ff7a6a421af _get_daylight 15235->15243 15241 7ff7a6a421a1 15236->15241 15238 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15237->15238 15238->15241 15239 7ff7a6a421e2 HeapReAlloc 15239->15241 15239->15243 15240 7ff7a6a421b5 15242 7ff7a6a35a60 _get_daylight 13 API calls 15240->15242 15241->14801 15242->15241 15243->15239 15243->15240 15244 7ff7a6a3dc2c _get_daylight 2 API calls 15243->15244 15244->15243 15246 7ff7a6a39694 try_get_function 5 API calls 15245->15246 15247 7ff7a6a398dc 15246->15247 15247->14807 15249 7ff7a6a2fd8b 15248->15249 15252 7ff7a6a2fd69 15248->15252 15250 7ff7a6a2fd8f 15249->15250 15251 7ff7a6a2fde4 15249->15251 15255 7ff7a6a2fda3 15250->15255 15256 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15250->15256 15260 7ff7a6a2fd77 15250->15260 15253 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15251->15253 15254 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15252->15254 15252->15260 15263 7ff7a6a2fdff 15253->15263 15254->15260 15257 7ff7a6a37e44 _fread_nolock 14 API calls 15255->15257 15256->15255 15257->15260 15258 7ff7a6a2fe06 GetLastError 15270 7ff7a6a359f0 15258->15270 15259 7ff7a6a2fe3f 15259->15260 15265 7ff7a6a3a0a8 _fread_nolock MultiByteToWideChar 15259->15265 15260->14809 15260->14810 15262 7ff7a6a2fe13 15266 7ff7a6a35a60 _get_daylight 13 API calls 15262->15266 15263->15258 15263->15259 15264 7ff7a6a2fe33 15263->15264 15267 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15263->15267 15268 7ff7a6a37e44 _fread_nolock 14 API calls 15264->15268 15269 7ff7a6a2fe87 15265->15269 15266->15260 15267->15264 15268->15259 15269->15258 15269->15260 15271 7ff7a6a38714 _get_daylight 13 API calls 15270->15271 15272 7ff7a6a35a01 15271->15272 15273 7ff7a6a38714 _get_daylight 13 API calls 15272->15273 15274 7ff7a6a35a1a _fread_nolock 15273->15274 15274->15262 15276 7ff7a6a33b8d 15275->15276 15277 7ff7a6a33b91 15275->15277 15276->14825 15285 7ff7a6a33f14 15276->15285 15293 7ff7a6a3d128 GetEnvironmentStringsW 15277->15293 15280 7ff7a6a33b9e 15282 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15280->15282 15282->15276 15284 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15284->15280 15286 7ff7a6a33f2f 15285->15286 15291 7ff7a6a33f42 15285->15291 15286->14825 15287 7ff7a6a3a0a8 MultiByteToWideChar _fread_nolock 15287->15291 15288 7ff7a6a3961c _get_daylight 13 API calls 15288->15291 15289 7ff7a6a33fb8 15290 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15289->15290 15290->15286 15291->15286 15291->15287 15291->15288 15291->15289 15292 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15291->15292 15292->15291 15294 7ff7a6a3d14c 15293->15294 15295 7ff7a6a33b96 15293->15295 15296 7ff7a6a37e44 _fread_nolock 14 API calls 15294->15296 15295->15280 15300 7ff7a6a33ce8 15295->15300 15297 7ff7a6a3d186 memcpy_s 15296->15297 15298 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15297->15298 15299 7ff7a6a3d1a6 FreeEnvironmentStringsW 15298->15299 15299->15295 15301 7ff7a6a33d10 15300->15301 15302 7ff7a6a3961c _get_daylight 13 API calls 15301->15302 15313 7ff7a6a33d4b 15302->15313 15303 7ff7a6a33dc0 15304 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15303->15304 15305 7ff7a6a33bab 15304->15305 15305->15284 15306 7ff7a6a3961c _get_daylight 13 API calls 15306->15313 15307 7ff7a6a33db1 15309 7ff7a6a33dfc 13 API calls 15307->15309 15308 7ff7a6a3b0cc _wfindfirst32i64 30 API calls 15308->15313 15310 7ff7a6a33db9 15309->15310 15311 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15310->15311 15311->15303 15312 7ff7a6a33de8 15314 7ff7a6a35960 _wfindfirst32i64 17 API calls 15312->15314 15313->15303 15313->15306 15313->15307 15313->15308 15313->15312 15315 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 15313->15315 15316 7ff7a6a33dfa 15314->15316 15315->15313 15318 7ff7a6a43009 __crtLCMapStringW 15317->15318 15319 7ff7a6a41662 15318->15319 15320 7ff7a6a398f8 6 API calls 15318->15320 15319->14849 15319->14850 15320->15319 15375 7ff7a6a29bb4 15398 7ff7a6a2a01c 15375->15398 15378 7ff7a6a29d0b 15513 7ff7a6a2a348 IsProcessorFeaturePresent 15378->15513 15379 7ff7a6a29bd5 __scrt_acquire_startup_lock 15381 7ff7a6a29d15 15379->15381 15383 7ff7a6a29bf3 15379->15383 15382 7ff7a6a2a348 7 API calls 15381->15382 15385 7ff7a6a29d20 15382->15385 15384 7ff7a6a29c18 15383->15384 15388 7ff7a6a29c35 __scrt_release_startup_lock 15383->15388 15498 7ff7a6a34108 15383->15498 15387 7ff7a6a29c9e 15406 7ff7a6a340b0 15387->15406 15388->15387 15502 7ff7a6a3444c 15388->15502 15391 7ff7a6a29ca3 15412 7ff7a6a21000 15391->15412 15395 7ff7a6a29cc7 15395->15385 15509 7ff7a6a2a1b0 15395->15509 15520 7ff7a6a2a5d4 15398->15520 15401 7ff7a6a29bcd 15401->15378 15401->15379 15402 7ff7a6a2a04b 15522 7ff7a6a34b10 15402->15522 15407 7ff7a6a340c0 15406->15407 15408 7ff7a6a340d5 15406->15408 15407->15408 15409 7ff7a6a33b78 33 API calls 15407->15409 15408->15391 15410 7ff7a6a340de 15409->15410 15410->15408 15411 7ff7a6a33f14 14 API calls 15410->15411 15411->15408 15413 7ff7a6a21011 15412->15413 15565 7ff7a6a26390 15413->15565 15415 7ff7a6a21023 15576 7ff7a6a3069c 15415->15576 15420 7ff7a6a2285c 15422 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15420->15422 15423 7ff7a6a22870 15422->15423 15507 7ff7a6a2a49c GetModuleHandleW 15423->15507 15424 7ff7a6a2275b 15424->15420 15601 7ff7a6a25720 15424->15601 15426 7ff7a6a227a9 15427 7ff7a6a227f5 15426->15427 15428 7ff7a6a25720 83 API calls 15426->15428 15616 7ff7a6a25cc0 15427->15616 15430 7ff7a6a227ca 15428->15430 15430->15427 15736 7ff7a6a2f9e0 15430->15736 15435 7ff7a6a228ff 15437 7ff7a6a2292a 15435->15437 15776 7ff7a6a22690 15435->15776 15447 7ff7a6a2296d 15437->15447 15627 7ff7a6a268f0 15437->15627 15438 7ff7a6a219c0 106 API calls 15439 7ff7a6a22840 15438->15439 15443 7ff7a6a22882 15439->15443 15444 7ff7a6a22844 15439->15444 15440 7ff7a6a25cc0 80 API calls 15440->15427 15443->15435 15748 7ff7a6a22d70 15443->15748 15742 7ff7a6a21c40 15444->15742 15445 7ff7a6a2294a 15448 7ff7a6a22960 SetDllDirectoryW 15445->15448 15449 7ff7a6a2294f 15445->15449 15641 7ff7a6a24c10 15447->15641 15448->15447 15452 7ff7a6a21c40 77 API calls 15449->15452 15452->15420 15455 7ff7a6a229c8 15457 7ff7a6a24b90 14 API calls 15455->15457 15456 7ff7a6a228a4 15460 7ff7a6a21c40 77 API calls 15456->15460 15461 7ff7a6a229d2 15457->15461 15460->15420 15464 7ff7a6a22a86 15461->15464 15473 7ff7a6a229db 15461->15473 15645 7ff7a6a22520 15464->15645 15465 7ff7a6a228d7 15764 7ff7a6a2bce4 15465->15764 15471 7ff7a6a229be 15474 7ff7a6a24710 FreeLibrary 15471->15474 15472 7ff7a6a2299f 15804 7ff7a6a24430 15472->15804 15473->15420 15878 7ff7a6a222b0 15473->15878 15474->15455 15477 7ff7a6a229a9 15477->15471 15481 7ff7a6a229ad 15477->15481 15479 7ff7a6a25720 83 API calls 15485 7ff7a6a22ac7 15479->15485 15872 7ff7a6a24aa0 15481->15872 15482 7ff7a6a22a61 15486 7ff7a6a24710 FreeLibrary 15482->15486 15485->15420 15666 7ff7a6a25d00 15485->15666 15487 7ff7a6a22a75 15486->15487 15488 7ff7a6a24b90 14 API calls 15487->15488 15488->15420 15499 7ff7a6a34157 15498->15499 15500 7ff7a6a3413d 15498->15500 15499->15388 15500->15499 17582 7ff7a6a2fbc4 15500->17582 15503 7ff7a6a34482 15502->15503 15504 7ff7a6a34470 15502->15504 17605 7ff7a6a34b5c 15503->17605 15504->15387 15508 7ff7a6a2a4ad 15507->15508 15508->15395 15510 7ff7a6a2a1c1 15509->15510 15511 7ff7a6a29cde 15510->15511 15512 7ff7a6a2b534 __scrt_initialize_crt 7 API calls 15510->15512 15511->15384 15512->15511 15514 7ff7a6a2a36e _wfindfirst32i64 memcpy_s 15513->15514 15515 7ff7a6a2a38d RtlCaptureContext RtlLookupFunctionEntry 15514->15515 15516 7ff7a6a2a3f2 memcpy_s 15515->15516 15517 7ff7a6a2a3b6 RtlVirtualUnwind 15515->15517 15518 7ff7a6a2a424 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15516->15518 15517->15516 15519 7ff7a6a2a476 _wfindfirst32i64 15518->15519 15519->15381 15521 7ff7a6a2a03e __scrt_dllmain_crt_thread_attach 15520->15521 15521->15401 15521->15402 15523 7ff7a6a3db68 15522->15523 15524 7ff7a6a2a050 15523->15524 15532 7ff7a6a36e18 15523->15532 15524->15401 15526 7ff7a6a2b534 15524->15526 15527 7ff7a6a2b53c 15526->15527 15528 7ff7a6a2b546 15526->15528 15544 7ff7a6a2b7b0 15527->15544 15528->15401 15543 7ff7a6a3af3c EnterCriticalSection 15532->15543 15545 7ff7a6a2b541 15544->15545 15546 7ff7a6a2b7bf 15544->15546 15548 7ff7a6a2b808 15545->15548 15552 7ff7a6a2b9d8 15546->15552 15549 7ff7a6a2b833 15548->15549 15550 7ff7a6a2b837 15549->15550 15551 7ff7a6a2b816 DeleteCriticalSection 15549->15551 15550->15528 15551->15549 15556 7ff7a6a2b840 15552->15556 15557 7ff7a6a2b884 try_get_function 15556->15557 15563 7ff7a6a2b95a TlsFree 15556->15563 15558 7ff7a6a2b8b2 LoadLibraryExW 15557->15558 15559 7ff7a6a2b949 GetProcAddress 15557->15559 15557->15563 15564 7ff7a6a2b8f5 LoadLibraryExW 15557->15564 15560 7ff7a6a2b929 15558->15560 15561 7ff7a6a2b8d3 GetLastError 15558->15561 15559->15563 15560->15559 15562 7ff7a6a2b940 FreeLibrary 15560->15562 15561->15557 15562->15559 15564->15557 15564->15560 15568 7ff7a6a263af 15565->15568 15566 7ff7a6a26400 WideCharToMultiByte 15566->15568 15570 7ff7a6a264a7 15566->15570 15567 7ff7a6a263b7 15567->15415 15568->15566 15568->15567 15568->15570 15571 7ff7a6a26456 WideCharToMultiByte 15568->15571 15906 7ff7a6a21ca0 15570->15906 15571->15568 15571->15570 15572 7ff7a6a264d3 15573 7ff7a6a264f1 15572->15573 15575 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15572->15575 15574 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15573->15574 15574->15567 15575->15572 15579 7ff7a6a3a4bc 15576->15579 15577 7ff7a6a3a53f 15578 7ff7a6a35a60 _get_daylight 13 API calls 15577->15578 15580 7ff7a6a3a544 15578->15580 15579->15577 15581 7ff7a6a3a500 15579->15581 15582 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15580->15582 15978 7ff7a6a3a398 15581->15978 15584 7ff7a6a2273b 15582->15584 15585 7ff7a6a21ae0 15584->15585 15586 7ff7a6a21af5 15585->15586 15587 7ff7a6a21b10 15586->15587 15986 7ff7a6a21c00 15586->15986 15587->15420 15589 7ff7a6a22c60 15587->15589 16007 7ff7a6a29a80 15589->16007 15592 7ff7a6a22c9b 15595 7ff7a6a21ca0 77 API calls 15592->15595 15593 7ff7a6a22cb2 16009 7ff7a6a26a00 15593->16009 15599 7ff7a6a22cae 15595->15599 15597 7ff7a6a21c40 77 API calls 15597->15599 15598 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15600 7ff7a6a22cef 15598->15600 15599->15598 15600->15424 15602 7ff7a6a2572a 15601->15602 15603 7ff7a6a268f0 79 API calls 15602->15603 15604 7ff7a6a2574c GetEnvironmentVariableW 15603->15604 15605 7ff7a6a25764 ExpandEnvironmentStringsW 15604->15605 15606 7ff7a6a257b6 15604->15606 15607 7ff7a6a26a00 79 API calls 15605->15607 15608 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15606->15608 15610 7ff7a6a2578c 15607->15610 15609 7ff7a6a257c8 15608->15609 15609->15426 15610->15606 15611 7ff7a6a25796 15610->15611 16020 7ff7a6a34b84 15611->16020 15614 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15615 7ff7a6a257ae 15614->15615 15615->15426 15617 7ff7a6a268f0 79 API calls 15616->15617 15618 7ff7a6a25cd7 SetEnvironmentVariableW 15617->15618 15619 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15618->15619 15620 7ff7a6a2280a 15619->15620 15621 7ff7a6a219c0 15620->15621 15622 7ff7a6a219f0 15621->15622 15626 7ff7a6a21a6a 15622->15626 16027 7ff7a6a217a0 15622->16027 15625 7ff7a6a2bce4 64 API calls 15625->15626 15626->15435 15626->15438 15628 7ff7a6a26997 MultiByteToWideChar 15627->15628 15629 7ff7a6a26911 MultiByteToWideChar 15627->15629 15631 7ff7a6a269ba 15628->15631 15632 7ff7a6a269df 15628->15632 15630 7ff7a6a26937 15629->15630 15636 7ff7a6a2695c 15629->15636 15633 7ff7a6a21ca0 77 API calls 15630->15633 15634 7ff7a6a21ca0 77 API calls 15631->15634 15632->15445 15635 7ff7a6a2694a 15633->15635 15637 7ff7a6a269cd 15634->15637 15635->15445 15636->15628 15638 7ff7a6a26972 15636->15638 15637->15445 15639 7ff7a6a21ca0 77 API calls 15638->15639 15640 7ff7a6a26985 15639->15640 15640->15445 15642 7ff7a6a24c25 15641->15642 15643 7ff7a6a22972 15642->15643 15644 7ff7a6a21c00 77 API calls 15642->15644 15643->15455 15780 7ff7a6a248f0 15643->15780 15644->15643 15646 7ff7a6a225d4 15645->15646 15654 7ff7a6a22593 15645->15654 15647 7ff7a6a22613 15646->15647 15648 7ff7a6a21aa0 65 API calls 15646->15648 15649 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15647->15649 15648->15646 15650 7ff7a6a22625 15649->15650 15650->15420 15655 7ff7a6a25c50 15650->15655 15654->15646 16080 7ff7a6a21440 15654->16080 16114 7ff7a6a21dc0 15654->16114 16158 7ff7a6a21770 15654->16158 15656 7ff7a6a268f0 79 API calls 15655->15656 15657 7ff7a6a25c6f 15656->15657 15658 7ff7a6a268f0 79 API calls 15657->15658 15659 7ff7a6a25c7f 15658->15659 15660 7ff7a6a31d2c 31 API calls 15659->15660 15661 7ff7a6a25c8d 15660->15661 15662 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15661->15662 15663 7ff7a6a25c97 15662->15663 15664 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15663->15664 15665 7ff7a6a22abb 15664->15665 15665->15479 15667 7ff7a6a25d10 15666->15667 15668 7ff7a6a268f0 79 API calls 15667->15668 15669 7ff7a6a25d41 15668->15669 16783 7ff7a6a329bc 15669->16783 15672 7ff7a6a329bc 16 API calls 15673 7ff7a6a25d5a 15672->15673 15674 7ff7a6a329bc 16 API calls 15673->15674 15675 7ff7a6a25d64 15674->15675 15676 7ff7a6a329bc 16 API calls 15675->15676 15677 7ff7a6a25d6e GetStartupInfoW 15676->15677 15678 7ff7a6a25dbb 15677->15678 16801 7ff7a6a34bfc 15678->16801 15737 7ff7a6a35a80 15736->15737 15738 7ff7a6a227e9 15737->15738 15739 7ff7a6a35a85 RtlFreeHeap 15737->15739 15738->15440 15739->15738 15740 7ff7a6a35aa0 15739->15740 15741 7ff7a6a35a60 _get_daylight 13 API calls 15740->15741 15741->15738 15743 7ff7a6a21c5e 15742->15743 15744 7ff7a6a21b80 68 API calls 15743->15744 15745 7ff7a6a21c7c 15744->15745 15746 7ff7a6a21cf0 77 API calls 15745->15746 15747 7ff7a6a21c8b 15746->15747 15747->15420 15749 7ff7a6a22d7c 15748->15749 15750 7ff7a6a268f0 79 API calls 15749->15750 15751 7ff7a6a22da7 15750->15751 15752 7ff7a6a268f0 79 API calls 15751->15752 15753 7ff7a6a22dba 15752->15753 16848 7ff7a6a30c68 15753->16848 15756 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15757 7ff7a6a2289c 15756->15757 15757->15456 15758 7ff7a6a25f30 15757->15758 15763 7ff7a6a25f54 15758->15763 15759 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15760 7ff7a6a228d2 15759->15760 15760->15435 15760->15465 15761 7ff7a6a2602b 15761->15759 15762 7ff7a6a2c000 _fread_nolock 46 API calls 15762->15763 15763->15761 15763->15762 15765 7ff7a6a2bcfb 15764->15765 15766 7ff7a6a2bd19 15764->15766 15767 7ff7a6a35a60 _get_daylight 13 API calls 15765->15767 15772 7ff7a6a2bd0b 15766->15772 17289 7ff7a6a2fc20 EnterCriticalSection 15766->17289 15769 7ff7a6a2bd00 15767->15769 15770 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15769->15770 15770->15772 15772->15456 15777 7ff7a6a226a7 15776->15777 15778 7ff7a6a226d0 15776->15778 15777->15778 15779 7ff7a6a21770 77 API calls 15777->15779 15778->15437 15779->15777 15781 7ff7a6a24914 15780->15781 15786 7ff7a6a24941 15780->15786 15782 7ff7a6a2493c 15781->15782 15783 7ff7a6a21770 77 API calls 15781->15783 15785 7ff7a6a2298a 15781->15785 15781->15786 17290 7ff7a6a212b0 15782->17290 15783->15781 15785->15455 15791 7ff7a6a244a0 15785->15791 15786->15785 15787 7ff7a6a24a77 15786->15787 15789 7ff7a6a24a17 memcpy_s 15786->15789 15788 7ff7a6a21c40 77 API calls 15787->15788 15788->15785 15789->15785 15790 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15789->15790 15790->15785 15792 7ff7a6a244b3 memcpy_s 15791->15792 15797 7ff7a6a246ec 15792->15797 15800 7ff7a6a21440 144 API calls 15792->15800 15801 7ff7a6a246d5 15792->15801 15803 7ff7a6a245f6 15792->15803 17316 7ff7a6a21650 15792->17316 15794 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15795 7ff7a6a246b3 15794->15795 15796 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15795->15796 15798 7ff7a6a2299b 15796->15798 15799 7ff7a6a21c40 77 API calls 15797->15799 15798->15471 15798->15472 15799->15803 15800->15792 15802 7ff7a6a21c40 77 API calls 15801->15802 15802->15803 15803->15794 17321 7ff7a6a25ee0 15804->17321 15807 7ff7a6a25ee0 80 API calls 15808 7ff7a6a24455 15807->15808 15809 7ff7a6a2447a 15808->15809 15810 7ff7a6a2446d GetProcAddress 15808->15810 15811 7ff7a6a21c40 77 API calls 15809->15811 15814 7ff7a6a24d29 15810->15814 15815 7ff7a6a24d4c GetProcAddress 15810->15815 15813 7ff7a6a24486 15811->15813 15813->15477 15817 7ff7a6a21ca0 77 API calls 15814->15817 15815->15814 15816 7ff7a6a24d71 GetProcAddress 15815->15816 15816->15814 15818 7ff7a6a24d96 GetProcAddress 15816->15818 15819 7ff7a6a24d3c 15817->15819 15818->15814 15820 7ff7a6a24dbe GetProcAddress 15818->15820 15819->15477 15820->15814 15821 7ff7a6a24de6 GetProcAddress 15820->15821 15821->15814 15822 7ff7a6a24e0e GetProcAddress 15821->15822 15823 7ff7a6a24e2a 15822->15823 15824 7ff7a6a24e36 GetProcAddress 15822->15824 15823->15824 15825 7ff7a6a24e5e GetProcAddress 15824->15825 15826 7ff7a6a24e52 15824->15826 15827 7ff7a6a24e7a 15825->15827 15828 7ff7a6a24e86 GetProcAddress 15825->15828 15826->15825 15827->15828 15829 7ff7a6a24eae GetProcAddress 15828->15829 15830 7ff7a6a24ea2 15828->15830 15831 7ff7a6a24eca 15829->15831 15832 7ff7a6a24ed6 GetProcAddress 15829->15832 15830->15829 15831->15832 15833 7ff7a6a24efe GetProcAddress 15832->15833 15834 7ff7a6a24ef2 15832->15834 15835 7ff7a6a24f1a 15833->15835 15836 7ff7a6a24f26 GetProcAddress 15833->15836 15834->15833 15835->15836 15837 7ff7a6a24f4e GetProcAddress 15836->15837 15838 7ff7a6a24f42 15836->15838 15839 7ff7a6a24f6a 15837->15839 15840 7ff7a6a24f76 GetProcAddress 15837->15840 15838->15837 15839->15840 15841 7ff7a6a24f9e GetProcAddress 15840->15841 15842 7ff7a6a24f92 15840->15842 15843 7ff7a6a24fba 15841->15843 15844 7ff7a6a24fc6 GetProcAddress 15841->15844 15842->15841 15843->15844 15845 7ff7a6a24fee GetProcAddress 15844->15845 15846 7ff7a6a24fe2 15844->15846 15847 7ff7a6a2500a 15845->15847 15848 7ff7a6a25016 GetProcAddress 15845->15848 15846->15845 15847->15848 15873 7ff7a6a24abd 15872->15873 15874 7ff7a6a21c40 77 API calls 15873->15874 15877 7ff7a6a229bc 15873->15877 15875 7ff7a6a24b09 15874->15875 15876 7ff7a6a24710 FreeLibrary 15875->15876 15876->15877 15877->15461 15879 7ff7a6a222bd 15878->15879 17326 7ff7a6a239b0 15879->17326 15883 7ff7a6a222f5 15895 7ff7a6a22352 15883->15895 17374 7ff7a6a23780 15883->17374 15884 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15885 7ff7a6a22509 15884->15885 15885->15482 15887 7ff7a6a22305 15887->15895 17385 7ff7a6a238b0 15887->17385 15890 7ff7a6a2235b 15893 7ff7a6a22374 15890->15893 15902 7ff7a6a2238a 15890->15902 15891 7ff7a6a22346 15892 7ff7a6a21c40 77 API calls 15891->15892 15892->15895 15894 7ff7a6a21c40 77 API calls 15893->15894 15894->15895 15895->15884 15896 7ff7a6a21770 77 API calls 15896->15902 15897 7ff7a6a212b0 106 API calls 15897->15902 15898 7ff7a6a224e1 15899 7ff7a6a21c40 77 API calls 15898->15899 15899->15895 15900 7ff7a6a224c4 15901 7ff7a6a21c40 77 API calls 15900->15901 15901->15895 15902->15895 15902->15896 15902->15897 15902->15898 15902->15900 15903 7ff7a6a224ac 15902->15903 15904 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15902->15904 15905 7ff7a6a21c40 77 API calls 15903->15905 15904->15902 15905->15895 15913 7ff7a6a21cf0 15906->15913 15914 7ff7a6a21d00 15913->15914 15936 7ff7a6a26730 MultiByteToWideChar 15914->15936 15916 7ff7a6a21d60 15957 7ff7a6a21b80 15916->15957 15919 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15920 7ff7a6a21cc7 GetLastError 15919->15920 15921 7ff7a6a26240 15920->15921 15922 7ff7a6a2624c 15921->15922 15923 7ff7a6a26267 GetLastError 15922->15923 15924 7ff7a6a2626d FormatMessageW 15922->15924 15923->15924 15925 7ff7a6a262bc WideCharToMultiByte 15924->15925 15926 7ff7a6a262a0 15924->15926 15927 7ff7a6a262f6 15925->15927 15930 7ff7a6a262b3 15925->15930 15928 7ff7a6a21ca0 74 API calls 15926->15928 15929 7ff7a6a21ca0 74 API calls 15927->15929 15928->15930 15929->15930 15931 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15930->15931 15932 7ff7a6a21cd4 15931->15932 15933 7ff7a6a21bd0 15932->15933 15934 7ff7a6a21cf0 77 API calls 15933->15934 15935 7ff7a6a21bf2 15934->15935 15935->15572 15937 7ff7a6a26779 15936->15937 15938 7ff7a6a26793 15936->15938 15939 7ff7a6a21ca0 73 API calls 15937->15939 15940 7ff7a6a267a9 15938->15940 15941 7ff7a6a267c3 MultiByteToWideChar 15938->15941 15954 7ff7a6a2678c 15939->15954 15942 7ff7a6a21ca0 73 API calls 15940->15942 15943 7ff7a6a26800 WideCharToMultiByte 15941->15943 15944 7ff7a6a267e6 15941->15944 15942->15954 15946 7ff7a6a26836 15943->15946 15949 7ff7a6a2682d 15943->15949 15945 7ff7a6a21ca0 73 API calls 15944->15945 15945->15954 15948 7ff7a6a2685b WideCharToMultiByte 15946->15948 15946->15949 15947 7ff7a6a21ca0 73 API calls 15950 7ff7a6a26898 15947->15950 15948->15949 15951 7ff7a6a268a4 15948->15951 15949->15947 15952 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15950->15952 15953 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15951->15953 15952->15954 15955 7ff7a6a268ac 15953->15955 15954->15916 15955->15954 15956 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 15955->15956 15956->15954 15958 7ff7a6a21ba6 15957->15958 15961 7ff7a6a2f93c 15958->15961 15962 7ff7a6a2f977 15961->15962 15963 7ff7a6a2f962 15961->15963 15962->15963 15965 7ff7a6a2f97c 15962->15965 15964 7ff7a6a35a60 _get_daylight 13 API calls 15963->15964 15966 7ff7a6a2f967 15964->15966 15970 7ff7a6a2c5ac 15965->15970 15968 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15966->15968 15969 7ff7a6a21bbc 15968->15969 15969->15919 15977 7ff7a6a2fc20 EnterCriticalSection 15970->15977 15985 7ff7a6a2fc20 EnterCriticalSection 15978->15985 15987 7ff7a6a21cf0 77 API calls 15986->15987 15988 7ff7a6a21c27 15987->15988 15991 7ff7a6a2fc94 15988->15991 16006 7ff7a6a32264 EnterCriticalSection 15991->16006 16008 7ff7a6a22c6c GetModuleFileNameW 16007->16008 16008->15592 16008->15593 16010 7ff7a6a26a92 WideCharToMultiByte 16009->16010 16011 7ff7a6a26a24 WideCharToMultiByte 16009->16011 16012 7ff7a6a26abf 16010->16012 16019 7ff7a6a22cc5 16010->16019 16013 7ff7a6a26a4e 16011->16013 16014 7ff7a6a26a65 16011->16014 16015 7ff7a6a21ca0 77 API calls 16012->16015 16016 7ff7a6a21ca0 77 API calls 16013->16016 16014->16010 16017 7ff7a6a26a7b 16014->16017 16015->16019 16016->16019 16018 7ff7a6a21ca0 77 API calls 16017->16018 16018->16019 16019->15597 16019->15599 16021 7ff7a6a34b9b 16020->16021 16024 7ff7a6a2579e 16020->16024 16022 7ff7a6a34c24 30 API calls 16021->16022 16021->16024 16023 7ff7a6a34bc8 16022->16023 16023->16024 16025 7ff7a6a35960 _wfindfirst32i64 17 API calls 16023->16025 16024->15614 16026 7ff7a6a34bf8 16025->16026 16028 7ff7a6a217d4 16027->16028 16029 7ff7a6a217c4 16027->16029 16031 7ff7a6a25f30 47 API calls 16028->16031 16053 7ff7a6a21832 16028->16053 16030 7ff7a6a22d70 106 API calls 16029->16030 16030->16028 16032 7ff7a6a21805 16031->16032 16034 7ff7a6a2183c 16032->16034 16035 7ff7a6a2181f 16032->16035 16032->16053 16033 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16036 7ff7a6a219b0 16033->16036 16057 7ff7a6a2c000 16034->16057 16037 7ff7a6a21c00 77 API calls 16035->16037 16036->15625 16036->15626 16037->16053 16039 7ff7a6a21857 16041 7ff7a6a21c00 77 API calls 16039->16041 16040 7ff7a6a21851 16040->16039 16042 7ff7a6a218ee 16040->16042 16043 7ff7a6a218d3 16040->16043 16041->16053 16045 7ff7a6a2c000 _fread_nolock 46 API calls 16042->16045 16044 7ff7a6a21c00 77 API calls 16043->16044 16044->16053 16046 7ff7a6a21903 16045->16046 16046->16039 16047 7ff7a6a21915 16046->16047 16060 7ff7a6a2bd74 16047->16060 16050 7ff7a6a2192d 16052 7ff7a6a21c40 77 API calls 16050->16052 16051 7ff7a6a21983 16051->16053 16055 7ff7a6a2bce4 64 API calls 16051->16055 16052->16053 16053->16033 16054 7ff7a6a21940 16054->16051 16056 7ff7a6a21c40 77 API calls 16054->16056 16055->16053 16056->16051 16066 7ff7a6a2c020 16057->16066 16061 7ff7a6a2bd7d 16060->16061 16062 7ff7a6a21929 16060->16062 16063 7ff7a6a35a60 _get_daylight 13 API calls 16061->16063 16062->16050 16062->16054 16064 7ff7a6a2bd82 16063->16064 16065 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16064->16065 16065->16062 16067 7ff7a6a2c018 16066->16067 16068 7ff7a6a2c04a 16066->16068 16067->16040 16068->16067 16069 7ff7a6a2c059 memcpy_s 16068->16069 16070 7ff7a6a2c096 16068->16070 16073 7ff7a6a35a60 _get_daylight 13 API calls 16069->16073 16079 7ff7a6a2fc20 EnterCriticalSection 16070->16079 16074 7ff7a6a2c06e 16073->16074 16076 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16074->16076 16076->16067 16162 7ff7a6a254b0 16080->16162 16082 7ff7a6a21454 16083 7ff7a6a21459 16082->16083 16171 7ff7a6a257d0 16082->16171 16083->15654 16086 7ff7a6a214a7 16088 7ff7a6a214e0 16086->16088 16090 7ff7a6a22d70 106 API calls 16086->16090 16087 7ff7a6a21487 16089 7ff7a6a21c00 77 API calls 16087->16089 16094 7ff7a6a21516 16088->16094 16095 7ff7a6a214f6 16088->16095 16091 7ff7a6a2149d 16089->16091 16092 7ff7a6a214bf 16090->16092 16091->15654 16092->16088 16093 7ff7a6a214c7 16092->16093 16096 7ff7a6a21c40 77 API calls 16093->16096 16098 7ff7a6a2151c 16094->16098 16099 7ff7a6a21534 16094->16099 16097 7ff7a6a21c00 77 API calls 16095->16097 16106 7ff7a6a214d6 16096->16106 16097->16106 16187 7ff7a6a21050 16098->16187 16101 7ff7a6a21556 16099->16101 16112 7ff7a6a21575 16099->16112 16103 7ff7a6a21c00 77 API calls 16101->16103 16102 7ff7a6a21624 16105 7ff7a6a2bce4 64 API calls 16102->16105 16103->16106 16104 7ff7a6a2bce4 64 API calls 16104->16102 16105->16091 16106->16102 16106->16104 16107 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16107->16106 16108 7ff7a6a2c000 _fread_nolock 46 API calls 16108->16112 16109 7ff7a6a215d5 16111 7ff7a6a21c00 77 API calls 16109->16111 16113 7ff7a6a215d3 16111->16113 16112->16108 16112->16109 16112->16113 16209 7ff7a6a2c528 16112->16209 16113->16107 16116 7ff7a6a21dd6 16114->16116 16115 7ff7a6a221f9 16116->16115 16596 7ff7a6a22210 16116->16596 16119 7ff7a6a21f17 16121 7ff7a6a254b0 113 API calls 16119->16121 16120 7ff7a6a22210 55 API calls 16123 7ff7a6a21f13 16120->16123 16122 7ff7a6a21f1f 16121->16122 16124 7ff7a6a21f3c 16122->16124 16602 7ff7a6a25390 16122->16602 16123->16119 16125 7ff7a6a21f85 16123->16125 16128 7ff7a6a21c40 77 API calls 16124->16128 16157 7ff7a6a21f56 16124->16157 16127 7ff7a6a22210 55 API calls 16125->16127 16129 7ff7a6a21fae 16127->16129 16128->16157 16130 7ff7a6a22008 16129->16130 16132 7ff7a6a22210 55 API calls 16129->16132 16130->16124 16131 7ff7a6a254b0 113 API calls 16130->16131 16137 7ff7a6a22018 16131->16137 16133 7ff7a6a21fdb 16132->16133 16133->16130 16136 7ff7a6a22210 55 API calls 16133->16136 16134 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16135 7ff7a6a21f7a 16134->16135 16135->15654 16136->16130 16137->16124 16138 7ff7a6a21ae0 77 API calls 16137->16138 16139 7ff7a6a22136 16137->16139 16143 7ff7a6a2206f 16138->16143 16139->16124 16148 7ff7a6a2214e 16139->16148 16140 7ff7a6a221d2 16141 7ff7a6a21c40 77 API calls 16140->16141 16142 7ff7a6a22131 16141->16142 16144 7ff7a6a21aa0 65 API calls 16142->16144 16143->16124 16143->16140 16147 7ff7a6a220fc 16143->16147 16144->16124 16145 7ff7a6a21440 144 API calls 16145->16148 16146 7ff7a6a21770 77 API calls 16146->16148 16149 7ff7a6a217a0 106 API calls 16147->16149 16148->16145 16148->16146 16150 7ff7a6a221b4 16148->16150 16148->16157 16152 7ff7a6a22113 16149->16152 16151 7ff7a6a21c40 77 API calls 16150->16151 16153 7ff7a6a221c5 16151->16153 16152->16148 16154 7ff7a6a22117 16152->16154 16155 7ff7a6a21aa0 65 API calls 16153->16155 16156 7ff7a6a21c00 77 API calls 16154->16156 16155->16157 16156->16142 16157->16134 16159 7ff7a6a21791 16158->16159 16160 7ff7a6a21785 16158->16160 16159->15654 16161 7ff7a6a21c40 77 API calls 16160->16161 16161->16159 16163 7ff7a6a254f8 16162->16163 16164 7ff7a6a254c2 16162->16164 16163->16082 16218 7ff7a6a216d0 16164->16218 16169 7ff7a6a21c40 77 API calls 16170 7ff7a6a254ed 16169->16170 16170->16082 16174 7ff7a6a257e0 16171->16174 16172 7ff7a6a25999 16173 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16172->16173 16175 7ff7a6a2147f 16173->16175 16174->16172 16566 7ff7a6a30878 16174->16566 16175->16086 16175->16087 16177 7ff7a6a25949 16178 7ff7a6a268f0 79 API calls 16177->16178 16180 7ff7a6a25961 16178->16180 16179 7ff7a6a25988 16182 7ff7a6a22d70 106 API calls 16179->16182 16180->16179 16181 7ff7a6a21c40 77 API calls 16180->16181 16181->16179 16182->16172 16183 7ff7a6a2586d 16183->16172 16183->16177 16184 7ff7a6a30878 37 API calls 16183->16184 16185 7ff7a6a268f0 79 API calls 16183->16185 16186 7ff7a6a265a0 32 API calls 16183->16186 16184->16183 16185->16183 16186->16183 16188 7ff7a6a210a6 16187->16188 16189 7ff7a6a210ad 16188->16189 16190 7ff7a6a210d3 16188->16190 16191 7ff7a6a21c40 77 API calls 16189->16191 16193 7ff7a6a21109 16190->16193 16194 7ff7a6a210ed 16190->16194 16192 7ff7a6a210c0 16191->16192 16192->16106 16196 7ff7a6a2111b 16193->16196 16208 7ff7a6a21137 memcpy_s 16193->16208 16195 7ff7a6a21c00 77 API calls 16194->16195 16199 7ff7a6a21104 16195->16199 16197 7ff7a6a21c00 77 API calls 16196->16197 16197->16199 16198 7ff7a6a2c000 _fread_nolock 46 API calls 16198->16208 16200 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16199->16200 16201 7ff7a6a2127e 16200->16201 16203 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16201->16203 16202 7ff7a6a2bd74 30 API calls 16202->16208 16204 7ff7a6a21286 16203->16204 16204->16106 16205 7ff7a6a211fe 16206 7ff7a6a21c40 77 API calls 16205->16206 16206->16199 16207 7ff7a6a2c528 64 API calls 16207->16208 16208->16198 16208->16199 16208->16202 16208->16205 16208->16207 16210 7ff7a6a2c548 16209->16210 16211 7ff7a6a2c562 16209->16211 16210->16211 16212 7ff7a6a2c56a 16210->16212 16213 7ff7a6a2c552 16210->16213 16211->16112 16588 7ff7a6a2c2d8 16212->16588 16215 7ff7a6a35a60 _get_daylight 13 API calls 16213->16215 16216 7ff7a6a2c557 16215->16216 16217 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16216->16217 16217->16211 16220 7ff7a6a216f5 16218->16220 16219 7ff7a6a21732 16222 7ff7a6a25510 16219->16222 16220->16219 16221 7ff7a6a21c40 77 API calls 16220->16221 16221->16219 16223 7ff7a6a25528 16222->16223 16224 7ff7a6a25548 16223->16224 16225 7ff7a6a2559b 16223->16225 16227 7ff7a6a25720 83 API calls 16224->16227 16226 7ff7a6a255a0 GetTempPathW GetCurrentProcessId 16225->16226 16232 7ff7a6a255ce 16226->16232 16228 7ff7a6a25554 16227->16228 16299 7ff7a6a25210 16228->16299 16239 7ff7a6a25676 16232->16239 16241 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16232->16241 16247 7ff7a6a25601 16232->16247 16278 7ff7a6a32f5c 16232->16278 16281 7ff7a6a265a0 16232->16281 16234 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16237 7ff7a6a254dd 16234->16237 16237->16163 16237->16169 16238 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16240 7ff7a6a25584 16238->16240 16243 7ff7a6a26a00 79 API calls 16239->16243 16240->16226 16242 7ff7a6a25588 16240->16242 16241->16232 16245 7ff7a6a21c40 77 API calls 16242->16245 16244 7ff7a6a25687 16243->16244 16246 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16244->16246 16248 7ff7a6a25594 16245->16248 16249 7ff7a6a2568f 16246->16249 16250 7ff7a6a25652 16247->16250 16251 7ff7a6a268f0 79 API calls 16247->16251 16248->16250 16249->16250 16252 7ff7a6a268f0 79 API calls 16249->16252 16250->16234 16253 7ff7a6a25617 16251->16253 16256 7ff7a6a256a5 16252->16256 16254 7ff7a6a25659 SetEnvironmentVariableW 16253->16254 16255 7ff7a6a2561c 16253->16255 16260 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16254->16260 16257 7ff7a6a268f0 79 API calls 16255->16257 16258 7ff7a6a256aa 16256->16258 16259 7ff7a6a256dd SetEnvironmentVariableW 16256->16259 16262 7ff7a6a2562c 16257->16262 16263 7ff7a6a268f0 79 API calls 16258->16263 16261 7ff7a6a256d8 16259->16261 16260->16250 16264 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16261->16264 16265 7ff7a6a31d2c 31 API calls 16262->16265 16266 7ff7a6a256ba 16263->16266 16264->16250 16267 7ff7a6a2563a 16265->16267 16268 7ff7a6a31d2c 31 API calls 16266->16268 16269 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16267->16269 16270 7ff7a6a256c8 16268->16270 16271 7ff7a6a25642 16269->16271 16272 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16270->16272 16273 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16271->16273 16274 7ff7a6a256d0 16272->16274 16275 7ff7a6a2564a 16273->16275 16276 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16274->16276 16277 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16275->16277 16276->16261 16277->16250 16334 7ff7a6a32bc0 16278->16334 16282 7ff7a6a29a80 16281->16282 16283 7ff7a6a265b0 GetCurrentProcess OpenProcessToken 16282->16283 16284 7ff7a6a265fb GetTokenInformation 16283->16284 16285 7ff7a6a26671 16283->16285 16287 7ff7a6a26628 16284->16287 16288 7ff7a6a2661d GetLastError 16284->16288 16286 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16285->16286 16289 7ff7a6a26679 16286->16289 16287->16285 16292 7ff7a6a2663e GetTokenInformation 16287->16292 16288->16285 16288->16287 16290 7ff7a6a2668a 16289->16290 16291 7ff7a6a26684 CloseHandle 16289->16291 16293 7ff7a6a266b3 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16290->16293 16291->16290 16292->16285 16294 7ff7a6a26664 ConvertSidToStringSidW 16292->16294 16295 7ff7a6a266f8 16293->16295 16296 7ff7a6a266e6 CreateDirectoryW 16293->16296 16294->16285 16297 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16295->16297 16296->16295 16298 7ff7a6a26711 16297->16298 16298->16232 16300 7ff7a6a2521c 16299->16300 16301 7ff7a6a268f0 79 API calls 16300->16301 16302 7ff7a6a2523e 16301->16302 16303 7ff7a6a25259 ExpandEnvironmentStringsW 16302->16303 16304 7ff7a6a25246 16302->16304 16306 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16303->16306 16305 7ff7a6a21c40 77 API calls 16304->16305 16307 7ff7a6a25252 16305->16307 16308 7ff7a6a2527f 16306->16308 16312 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16307->16312 16309 7ff7a6a25283 16308->16309 16310 7ff7a6a25296 16308->16310 16311 7ff7a6a21c40 77 API calls 16309->16311 16314 7ff7a6a252b0 16310->16314 16315 7ff7a6a252a4 16310->16315 16311->16307 16313 7ff7a6a25378 16312->16313 16313->16250 16324 7ff7a6a31d2c 16313->16324 16457 7ff7a6a30ae8 16314->16457 16450 7ff7a6a315b4 16315->16450 16318 7ff7a6a252ae 16319 7ff7a6a252ca 16318->16319 16322 7ff7a6a252dd memcpy_s 16318->16322 16320 7ff7a6a21c40 77 API calls 16319->16320 16320->16307 16321 7ff7a6a25352 CreateDirectoryW 16321->16307 16322->16321 16323 7ff7a6a2532c CreateDirectoryW 16322->16323 16323->16322 16325 7ff7a6a31d39 16324->16325 16326 7ff7a6a31d4c 16324->16326 16327 7ff7a6a35a60 _get_daylight 13 API calls 16325->16327 16558 7ff7a6a319a8 16326->16558 16329 7ff7a6a31d3e 16327->16329 16330 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16329->16330 16332 7ff7a6a2557a 16330->16332 16332->16238 16377 7ff7a6a3bd38 16334->16377 16427 7ff7a6a3bab4 16377->16427 16448 7ff7a6a3af3c EnterCriticalSection 16427->16448 16451 7ff7a6a315d2 16450->16451 16454 7ff7a6a31605 16450->16454 16452 7ff7a6a3b0cc _wfindfirst32i64 30 API calls 16451->16452 16451->16454 16453 7ff7a6a31601 16452->16453 16453->16454 16455 7ff7a6a35960 _wfindfirst32i64 17 API calls 16453->16455 16454->16318 16456 7ff7a6a31635 16455->16456 16458 7ff7a6a30b07 16457->16458 16459 7ff7a6a30b70 16457->16459 16458->16459 16461 7ff7a6a30b0c 16458->16461 16498 7ff7a6a3a860 16459->16498 16462 7ff7a6a30b3c 16461->16462 16463 7ff7a6a30b1f 16461->16463 16479 7ff7a6a3091c GetFullPathNameW 16462->16479 16471 7ff7a6a308a8 GetFullPathNameW 16463->16471 16466 7ff7a6a30b34 16466->16318 16469 7ff7a6a30b5a 16469->16466 16470 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16469->16470 16470->16466 16472 7ff7a6a308ce GetLastError 16471->16472 16473 7ff7a6a308e4 16471->16473 16474 7ff7a6a359f0 _fread_nolock 13 API calls 16472->16474 16477 7ff7a6a35a60 _get_daylight 13 API calls 16473->16477 16478 7ff7a6a308e0 16473->16478 16475 7ff7a6a308db 16474->16475 16476 7ff7a6a35a60 _get_daylight 13 API calls 16475->16476 16476->16478 16477->16478 16478->16466 16480 7ff7a6a30953 GetLastError 16479->16480 16483 7ff7a6a30969 16479->16483 16481 7ff7a6a359f0 _fread_nolock 13 API calls 16480->16481 16484 7ff7a6a30960 16481->16484 16482 7ff7a6a30965 16489 7ff7a6a30a00 16482->16489 16483->16482 16485 7ff7a6a30987 16483->16485 16487 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16483->16487 16486 7ff7a6a35a60 _get_daylight 13 API calls 16484->16486 16485->16482 16488 7ff7a6a309c0 GetFullPathNameW 16485->16488 16486->16482 16487->16485 16488->16480 16488->16482 16493 7ff7a6a30a79 memcpy_s 16489->16493 16494 7ff7a6a30a29 memcpy_s 16489->16494 16490 7ff7a6a30a62 16491 7ff7a6a35a60 _get_daylight 13 API calls 16490->16491 16492 7ff7a6a30a67 16491->16492 16493->16469 16494->16490 16494->16493 16495 7ff7a6a30a9b 16494->16495 16495->16493 16497 7ff7a6a35a60 _get_daylight 13 API calls 16495->16497 16497->16492 16501 7ff7a6a3a678 16498->16501 16502 7ff7a6a3a6cd 16501->16502 16503 7ff7a6a3a6a4 16501->16503 16504 7ff7a6a3a6f2 16502->16504 16505 7ff7a6a3a6d1 16502->16505 16506 7ff7a6a35a60 _get_daylight 13 API calls 16503->16506 16544 7ff7a6a39dcc 16504->16544 16532 7ff7a6a3a7e0 16505->16532 16521 7ff7a6a3a6a9 16506->16521 16510 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16513 7ff7a6a3a6b4 16510->16513 16511 7ff7a6a3a6f7 16512 7ff7a6a3a6da 16514 7ff7a6a35a40 _fread_nolock 13 API calls 16512->16514 16516 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16513->16516 16519 7ff7a6a3a6c2 16516->16519 16519->16466 16521->16510 16533 7ff7a6a3a7fa 16532->16533 16534 7ff7a6a3a819 16532->16534 16535 7ff7a6a35a40 _fread_nolock 13 API calls 16533->16535 16536 7ff7a6a3a824 GetDriveTypeW 16534->16536 16543 7ff7a6a3a815 16534->16543 16537 7ff7a6a3a7ff 16535->16537 16536->16543 16538 7ff7a6a35a60 _get_daylight 13 API calls 16537->16538 16540 7ff7a6a3a80a 16538->16540 16539 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16541 7ff7a6a3a6d6 16539->16541 16541->16511 16541->16512 16543->16539 16545 7ff7a6a2b170 memcpy_s 16544->16545 16546 7ff7a6a39e02 GetCurrentDirectoryW 16545->16546 16547 7ff7a6a39e19 16546->16547 16548 7ff7a6a39e40 16546->16548 16551 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16547->16551 16549 7ff7a6a3961c _get_daylight 13 API calls 16548->16549 16550 7ff7a6a39e4f 16549->16550 16553 7ff7a6a39e59 GetCurrentDirectoryW 16550->16553 16552 7ff7a6a39ead 16551->16552 16552->16511 16565 7ff7a6a3af3c EnterCriticalSection 16558->16565 16567 7ff7a6a38598 33 API calls 16566->16567 16568 7ff7a6a3088d 16567->16568 16569 7ff7a6a3a671 16568->16569 16572 7ff7a6a3a598 16568->16572 16575 7ff7a6a29e4c 16569->16575 16573 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16572->16573 16574 7ff7a6a3a666 16573->16574 16574->16183 16578 7ff7a6a29e60 IsProcessorFeaturePresent 16575->16578 16579 7ff7a6a29e77 16578->16579 16584 7ff7a6a29efc RtlCaptureContext RtlLookupFunctionEntry 16579->16584 16585 7ff7a6a29e8b 16584->16585 16586 7ff7a6a29f2c RtlVirtualUnwind 16584->16586 16587 7ff7a6a29d44 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16585->16587 16586->16585 16595 7ff7a6a2fc20 EnterCriticalSection 16588->16595 16597 7ff7a6a22244 16596->16597 16598 7ff7a6a2227b 16597->16598 16626 7ff7a6a30594 16597->16626 16600 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16598->16600 16601 7ff7a6a21ec6 16600->16601 16601->16119 16601->16120 16603 7ff7a6a2539e 16602->16603 16604 7ff7a6a22d70 106 API calls 16603->16604 16605 7ff7a6a253c5 16604->16605 16606 7ff7a6a257d0 120 API calls 16605->16606 16607 7ff7a6a253d3 16606->16607 16608 7ff7a6a25483 16607->16608 16609 7ff7a6a253ed 16607->16609 16610 7ff7a6a2bce4 64 API calls 16608->16610 16619 7ff7a6a2547f 16608->16619 16757 7ff7a6a2bd48 16609->16757 16610->16619 16612 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16614 7ff7a6a254a5 16612->16614 16613 7ff7a6a25460 16615 7ff7a6a2bce4 64 API calls 16613->16615 16614->16124 16617 7ff7a6a25477 16615->16617 16616 7ff7a6a2c000 _fread_nolock 46 API calls 16621 7ff7a6a253f2 16616->16621 16618 7ff7a6a2bce4 64 API calls 16617->16618 16618->16619 16619->16612 16620 7ff7a6a2c528 64 API calls 16620->16621 16621->16613 16621->16616 16621->16620 16622 7ff7a6a25429 16621->16622 16623 7ff7a6a2bd74 30 API calls 16621->16623 16624 7ff7a6a2bd48 30 API calls 16621->16624 16763 7ff7a6a32f78 16622->16763 16623->16621 16624->16621 16627 7ff7a6a305bd 16626->16627 16628 7ff7a6a305b1 16626->16628 16630 7ff7a6a2cefc 33 API calls 16627->16630 16643 7ff7a6a2feb8 16628->16643 16631 7ff7a6a305e5 16630->16631 16632 7ff7a6a398bc 5 API calls 16631->16632 16635 7ff7a6a305f5 16631->16635 16632->16635 16633 7ff7a6a2fd40 16 API calls 16634 7ff7a6a30649 16633->16634 16636 7ff7a6a3064d 16634->16636 16637 7ff7a6a30661 16634->16637 16635->16633 16639 7ff7a6a305b6 16636->16639 16641 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 16636->16641 16638 7ff7a6a2feb8 52 API calls 16637->16638 16640 7ff7a6a3066d 16638->16640 16639->16598 16640->16639 16642 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 16640->16642 16641->16639 16642->16639 16644 7ff7a6a2fed7 16643->16644 16645 7ff7a6a2fef3 16643->16645 16646 7ff7a6a35a40 _fread_nolock 13 API calls 16644->16646 16645->16644 16647 7ff7a6a2ff06 CreateFileW 16645->16647 16648 7ff7a6a2fedc 16646->16648 16649 7ff7a6a2ff39 16647->16649 16650 7ff7a6a2ff80 16647->16650 16652 7ff7a6a35a60 _get_daylight 13 API calls 16648->16652 16667 7ff7a6a30004 GetFileType 16649->16667 16693 7ff7a6a30488 16650->16693 16656 7ff7a6a2fee3 16652->16656 16654 7ff7a6a2ff47 16660 7ff7a6a2feee 16654->16660 16661 7ff7a6a2ff62 CloseHandle 16654->16661 16659 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16656->16659 16657 7ff7a6a2ff89 16662 7ff7a6a359f0 _fread_nolock 13 API calls 16657->16662 16658 7ff7a6a2ff95 16716 7ff7a6a30244 16658->16716 16659->16660 16660->16639 16661->16660 16666 7ff7a6a2ff93 16662->16666 16666->16654 16668 7ff7a6a30052 16667->16668 16669 7ff7a6a3010f 16667->16669 16670 7ff7a6a3007e GetFileInformationByHandle 16668->16670 16674 7ff7a6a30380 23 API calls 16668->16674 16671 7ff7a6a30139 16669->16671 16672 7ff7a6a30117 16669->16672 16675 7ff7a6a3012a GetLastError 16670->16675 16676 7ff7a6a300a7 16670->16676 16673 7ff7a6a3015c PeekNamedPipe 16671->16673 16682 7ff7a6a300fa 16671->16682 16672->16675 16677 7ff7a6a3011b 16672->16677 16673->16682 16679 7ff7a6a3006c 16674->16679 16678 7ff7a6a359f0 _fread_nolock 13 API calls 16675->16678 16680 7ff7a6a30244 34 API calls 16676->16680 16681 7ff7a6a35a60 _get_daylight 13 API calls 16677->16681 16678->16682 16679->16670 16679->16682 16684 7ff7a6a300b2 16680->16684 16681->16682 16683 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16682->16683 16685 7ff7a6a30195 16683->16685 16733 7ff7a6a301ac 16684->16733 16685->16654 16688 7ff7a6a301ac 10 API calls 16689 7ff7a6a300d1 16688->16689 16690 7ff7a6a301ac 10 API calls 16689->16690 16691 7ff7a6a300e2 16690->16691 16691->16682 16692 7ff7a6a35a60 _get_daylight 13 API calls 16691->16692 16692->16682 16694 7ff7a6a304be 16693->16694 16695 7ff7a6a30566 16694->16695 16697 7ff7a6a35a60 _get_daylight 13 API calls 16694->16697 16696 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16695->16696 16698 7ff7a6a2ff85 16696->16698 16699 7ff7a6a304d2 16697->16699 16698->16657 16698->16658 16700 7ff7a6a35a60 _get_daylight 13 API calls 16699->16700 16701 7ff7a6a304d9 16700->16701 16702 7ff7a6a30ae8 39 API calls 16701->16702 16703 7ff7a6a304ef 16702->16703 16704 7ff7a6a304f7 16703->16704 16705 7ff7a6a30500 16703->16705 16706 7ff7a6a35a60 _get_daylight 13 API calls 16704->16706 16707 7ff7a6a35a60 _get_daylight 13 API calls 16705->16707 16715 7ff7a6a304fc 16706->16715 16708 7ff7a6a30505 16707->16708 16709 7ff7a6a3055b 16708->16709 16710 7ff7a6a35a60 _get_daylight 13 API calls 16708->16710 16711 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 16709->16711 16712 7ff7a6a3050f 16710->16712 16711->16695 16713 7ff7a6a30ae8 39 API calls 16712->16713 16713->16715 16714 7ff7a6a30549 GetDriveTypeW 16714->16709 16715->16709 16715->16714 16718 7ff7a6a3026c 16716->16718 16717 7ff7a6a2ffa2 16726 7ff7a6a30380 16717->16726 16718->16717 16740 7ff7a6a39f38 16718->16740 16720 7ff7a6a30300 16720->16717 16721 7ff7a6a39f38 34 API calls 16720->16721 16722 7ff7a6a30313 16721->16722 16722->16717 16723 7ff7a6a39f38 34 API calls 16722->16723 16724 7ff7a6a30326 16723->16724 16724->16717 16725 7ff7a6a39f38 34 API calls 16724->16725 16725->16717 16727 7ff7a6a3039a 16726->16727 16728 7ff7a6a303d2 16727->16728 16729 7ff7a6a303aa 16727->16729 16730 7ff7a6a39dcc 23 API calls 16728->16730 16731 7ff7a6a359f0 _fread_nolock 13 API calls 16729->16731 16732 7ff7a6a303ba 16729->16732 16730->16732 16731->16732 16732->16666 16734 7ff7a6a301d8 FileTimeToSystemTime 16733->16734 16735 7ff7a6a301cb 16733->16735 16736 7ff7a6a301ea SystemTimeToTzSpecificLocalTime 16734->16736 16737 7ff7a6a301d3 16734->16737 16735->16734 16735->16737 16736->16737 16738 7ff7a6a29a50 _wfindfirst32i64 8 API calls 16737->16738 16739 7ff7a6a300c1 16738->16739 16739->16688 16741 7ff7a6a39f69 16740->16741 16742 7ff7a6a39f45 16740->16742 16745 7ff7a6a39fa3 16741->16745 16748 7ff7a6a39fc2 16741->16748 16742->16741 16743 7ff7a6a39f4a 16742->16743 16744 7ff7a6a35a60 _get_daylight 13 API calls 16743->16744 16746 7ff7a6a39f4f 16744->16746 16747 7ff7a6a35a60 _get_daylight 13 API calls 16745->16747 16750 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16746->16750 16751 7ff7a6a39fa8 16747->16751 16749 7ff7a6a2cefc 33 API calls 16748->16749 16755 7ff7a6a39fcf 16749->16755 16752 7ff7a6a39f5a 16750->16752 16753 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16751->16753 16752->16720 16754 7ff7a6a39fb3 16753->16754 16754->16720 16755->16754 16756 7ff7a6a3f86c 34 API calls 16755->16756 16756->16755 16758 7ff7a6a2bd51 16757->16758 16762 7ff7a6a2bd61 16757->16762 16759 7ff7a6a35a60 _get_daylight 13 API calls 16758->16759 16760 7ff7a6a2bd56 16759->16760 16761 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16760->16761 16761->16762 16762->16621 16764 7ff7a6a32f80 16763->16764 16765 7ff7a6a32fbd 16764->16765 16766 7ff7a6a32f9c 16764->16766 16782 7ff7a6a2fc20 EnterCriticalSection 16765->16782 16767 7ff7a6a35a60 _get_daylight 13 API calls 16766->16767 16769 7ff7a6a32fa1 16767->16769 16771 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16769->16771 16778 7ff7a6a32fab 16771->16778 16778->16613 16784 7ff7a6a329e4 16783->16784 16798 7ff7a6a32a97 memcpy_s 16783->16798 16785 7ff7a6a32aa7 16784->16785 16787 7ff7a6a329fb 16784->16787 16790 7ff7a6a38714 _get_daylight 13 API calls 16785->16790 16785->16798 16786 7ff7a6a35a60 _get_daylight 13 API calls 16788 7ff7a6a25d50 16786->16788 16819 7ff7a6a3af3c EnterCriticalSection 16787->16819 16788->15672 16791 7ff7a6a32ac3 16790->16791 16796 7ff7a6a37e44 _fread_nolock 14 API calls 16791->16796 16791->16798 16796->16798 16798->16786 16798->16788 16802 7ff7a6a34c05 16801->16802 16803 7ff7a6a25dc3 16801->16803 16804 7ff7a6a35a60 _get_daylight 13 API calls 16802->16804 16807 7ff7a6a32570 16803->16807 16849 7ff7a6a30b9c 16848->16849 16850 7ff7a6a30bc2 16849->16850 16853 7ff7a6a30bf5 16849->16853 16851 7ff7a6a35a60 _get_daylight 13 API calls 16850->16851 16852 7ff7a6a30bc7 16851->16852 16854 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 16852->16854 16855 7ff7a6a30c08 16853->16855 16856 7ff7a6a30bfb 16853->16856 16858 7ff7a6a22dc9 16854->16858 16867 7ff7a6a35c98 16855->16867 16859 7ff7a6a35a60 _get_daylight 13 API calls 16856->16859 16858->15756 16859->16858 16880 7ff7a6a3af3c EnterCriticalSection 16867->16880 17291 7ff7a6a212f8 17290->17291 17292 7ff7a6a212c6 17290->17292 17295 7ff7a6a2130e 17291->17295 17296 7ff7a6a2132f 17291->17296 17293 7ff7a6a22d70 106 API calls 17292->17293 17294 7ff7a6a212d6 17293->17294 17294->17291 17297 7ff7a6a212de 17294->17297 17298 7ff7a6a21c00 77 API calls 17295->17298 17302 7ff7a6a21364 17296->17302 17303 7ff7a6a21344 17296->17303 17299 7ff7a6a21c40 77 API calls 17297->17299 17300 7ff7a6a21325 17298->17300 17301 7ff7a6a212ee 17299->17301 17300->15786 17301->15786 17305 7ff7a6a2137e 17302->17305 17310 7ff7a6a21395 17302->17310 17304 7ff7a6a21c00 77 API calls 17303->17304 17314 7ff7a6a2135f 17304->17314 17306 7ff7a6a21050 85 API calls 17305->17306 17307 7ff7a6a2138f 17306->17307 17313 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17307->17313 17307->17314 17308 7ff7a6a2c000 _fread_nolock 46 API calls 17308->17310 17309 7ff7a6a21421 17309->15786 17310->17308 17312 7ff7a6a213de 17310->17312 17310->17314 17311 7ff7a6a2bce4 64 API calls 17311->17309 17315 7ff7a6a21c00 77 API calls 17312->17315 17313->17314 17314->17309 17314->17311 17315->17307 17317 7ff7a6a216ab 17316->17317 17318 7ff7a6a21669 17316->17318 17317->15792 17318->17317 17319 7ff7a6a21c40 77 API calls 17318->17319 17320 7ff7a6a216bf 17319->17320 17320->15792 17322 7ff7a6a268f0 79 API calls 17321->17322 17323 7ff7a6a25ef7 LoadLibraryExW 17322->17323 17324 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17323->17324 17325 7ff7a6a24442 17324->17325 17325->15807 17327 7ff7a6a239c0 17326->17327 17328 7ff7a6a239fb 17327->17328 17331 7ff7a6a23a1b 17327->17331 17329 7ff7a6a21c40 77 API calls 17328->17329 17330 7ff7a6a23a11 17329->17330 17332 7ff7a6a29a50 _wfindfirst32i64 8 API calls 17330->17332 17334 7ff7a6a23a72 17331->17334 17335 7ff7a6a23a5a 17331->17335 17336 7ff7a6a21c40 77 API calls 17331->17336 17338 7ff7a6a222da 17332->17338 17333 7ff7a6a23aa9 17340 7ff7a6a25ee0 80 API calls 17333->17340 17334->17333 17339 7ff7a6a21c40 77 API calls 17334->17339 17390 7ff7a6a22d00 17335->17390 17336->17335 17338->15895 17348 7ff7a6a23d30 17338->17348 17339->17333 17342 7ff7a6a23ab6 17340->17342 17343 7ff7a6a23abb 17342->17343 17344 7ff7a6a23add 17342->17344 17347 7ff7a6a21ca0 77 API calls 17343->17347 17396 7ff7a6a22eb0 GetProcAddress 17344->17396 17346 7ff7a6a25ee0 80 API calls 17346->17334 17347->17330 17349 7ff7a6a268f0 79 API calls 17348->17349 17350 7ff7a6a23d52 17349->17350 17351 7ff7a6a23d57 17350->17351 17352 7ff7a6a23d6e 17350->17352 17353 7ff7a6a21c40 77 API calls 17351->17353 17355 7ff7a6a268f0 79 API calls 17352->17355 17354 7ff7a6a23d63 17353->17354 17354->15883 17358 7ff7a6a23d9c 17355->17358 17356 7ff7a6a21c40 77 API calls 17357 7ff7a6a23f17 17356->17357 17357->15883 17359 7ff7a6a23e1e 17358->17359 17360 7ff7a6a23e43 17358->17360 17372 7ff7a6a23da1 17358->17372 17362 7ff7a6a21c40 77 API calls 17359->17362 17361 7ff7a6a268f0 79 API calls 17360->17361 17364 7ff7a6a23e5c 17361->17364 17363 7ff7a6a23e33 17362->17363 17363->15883 17364->17372 17500 7ff7a6a23b10 17364->17500 17368 7ff7a6a23ead 17369 7ff7a6a23ee4 17368->17369 17370 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17368->17370 17368->17372 17371 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17369->17371 17370->17368 17371->17372 17372->17356 17373 7ff7a6a23f00 17372->17373 17373->15883 17375 7ff7a6a23797 17374->17375 17375->17375 17376 7ff7a6a237b9 17375->17376 17384 7ff7a6a237d0 17375->17384 17377 7ff7a6a21c40 77 API calls 17376->17377 17378 7ff7a6a237c5 17377->17378 17378->15887 17379 7ff7a6a212b0 106 API calls 17379->17384 17380 7ff7a6a21770 77 API calls 17380->17384 17381 7ff7a6a2389d 17381->15887 17382 7ff7a6a21c40 77 API calls 17382->17384 17383 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17383->17384 17384->17379 17384->17380 17384->17381 17384->17382 17384->17383 17386 7ff7a6a22315 17385->17386 17387 7ff7a6a238cb 17385->17387 17386->15890 17386->15891 17386->15895 17387->17386 17387->17387 17388 7ff7a6a21770 77 API calls 17387->17388 17389 7ff7a6a21c40 77 API calls 17387->17389 17388->17387 17389->17387 17391 7ff7a6a22d0a 17390->17391 17392 7ff7a6a268f0 79 API calls 17391->17392 17393 7ff7a6a22d32 17392->17393 17394 7ff7a6a29a50 _wfindfirst32i64 8 API calls 17393->17394 17395 7ff7a6a22d5a 17394->17395 17395->17334 17395->17346 17397 7ff7a6a22ef0 GetProcAddress 17396->17397 17398 7ff7a6a22ed2 17396->17398 17397->17398 17399 7ff7a6a22f15 GetProcAddress 17397->17399 17400 7ff7a6a21ca0 77 API calls 17398->17400 17399->17398 17401 7ff7a6a22f3a GetProcAddress 17399->17401 17403 7ff7a6a22ee5 17400->17403 17401->17398 17402 7ff7a6a22f62 GetProcAddress 17401->17402 17402->17398 17404 7ff7a6a22f8a GetProcAddress 17402->17404 17403->17330 17404->17398 17405 7ff7a6a22fb2 GetProcAddress 17404->17405 17405->17398 17406 7ff7a6a22fda GetProcAddress 17405->17406 17407 7ff7a6a23002 GetProcAddress 17406->17407 17408 7ff7a6a22ff6 17406->17408 17409 7ff7a6a2302a GetProcAddress 17407->17409 17410 7ff7a6a2301e 17407->17410 17408->17407 17411 7ff7a6a23052 GetProcAddress 17409->17411 17412 7ff7a6a23046 17409->17412 17410->17409 17413 7ff7a6a2307a GetProcAddress 17411->17413 17414 7ff7a6a2306e 17411->17414 17412->17411 17415 7ff7a6a230a2 GetProcAddress 17413->17415 17416 7ff7a6a23096 17413->17416 17414->17413 17417 7ff7a6a230ca GetProcAddress 17415->17417 17418 7ff7a6a230be 17415->17418 17416->17415 17419 7ff7a6a230f2 GetProcAddress 17417->17419 17420 7ff7a6a230e6 17417->17420 17418->17417 17421 7ff7a6a2311a GetProcAddress 17419->17421 17422 7ff7a6a2310e 17419->17422 17420->17419 17423 7ff7a6a23142 GetProcAddress 17421->17423 17424 7ff7a6a23136 17421->17424 17422->17421 17425 7ff7a6a2316a GetProcAddress 17423->17425 17426 7ff7a6a2315e 17423->17426 17424->17423 17427 7ff7a6a23192 GetProcAddress 17425->17427 17428 7ff7a6a23186 17425->17428 17426->17425 17429 7ff7a6a231ba GetProcAddress 17427->17429 17430 7ff7a6a231ae 17427->17430 17428->17427 17431 7ff7a6a231e2 GetProcAddress 17429->17431 17432 7ff7a6a231d6 17429->17432 17430->17429 17433 7ff7a6a2320a GetProcAddress 17431->17433 17434 7ff7a6a231fe 17431->17434 17432->17431 17435 7ff7a6a23232 GetProcAddress 17433->17435 17436 7ff7a6a23226 17433->17436 17434->17433 17437 7ff7a6a2325a GetProcAddress 17435->17437 17438 7ff7a6a2324e 17435->17438 17436->17435 17438->17437 17506 7ff7a6a23b2a mbstowcs 17500->17506 17501 7ff7a6a23cd6 17502 7ff7a6a29a50 _wfindfirst32i64 8 API calls 17501->17502 17504 7ff7a6a23cf5 17502->17504 17503 7ff7a6a21770 77 API calls 17503->17506 17526 7ff7a6a26af0 17504->17526 17505 7ff7a6a23c38 17505->17501 17507 7ff7a6a34bfc _fread_nolock 30 API calls 17505->17507 17506->17501 17506->17503 17506->17505 17509 7ff7a6a23d0e 17506->17509 17508 7ff7a6a23c4f 17507->17508 17537 7ff7a6a30f00 17508->17537 17511 7ff7a6a21c40 77 API calls 17509->17511 17511->17501 17512 7ff7a6a23c5b 17513 7ff7a6a34bfc _fread_nolock 30 API calls 17512->17513 17514 7ff7a6a23c6d 17513->17514 17515 7ff7a6a30f00 32 API calls 17514->17515 17516 7ff7a6a23c79 17515->17516 17556 7ff7a6a313d0 17516->17556 17528 7ff7a6a26b0f 17526->17528 17527 7ff7a6a26b17 17527->17368 17528->17527 17529 7ff7a6a26b60 MultiByteToWideChar 17528->17529 17531 7ff7a6a26ba8 MultiByteToWideChar 17528->17531 17533 7ff7a6a26bec 17528->17533 17529->17528 17529->17533 17530 7ff7a6a21ca0 77 API calls 17532 7ff7a6a26c18 17530->17532 17531->17528 17531->17533 17534 7ff7a6a26c31 17532->17534 17535 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17532->17535 17533->17530 17536 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 17534->17536 17535->17532 17536->17527 17538 7ff7a6a30f59 17537->17538 17539 7ff7a6a30f29 17537->17539 17540 7ff7a6a30f5e 17538->17540 17541 7ff7a6a30f6b 17538->17541 17539->17538 17548 7ff7a6a30f49 17539->17548 17543 7ff7a6a35a60 _get_daylight 13 API calls 17540->17543 17542 7ff7a6a30fd4 17541->17542 17547 7ff7a6a30f9b 17541->17547 17545 7ff7a6a35a60 _get_daylight 13 API calls 17542->17545 17544 7ff7a6a30f63 17543->17544 17544->17512 17546 7ff7a6a30f4e 17545->17546 17551 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 17546->17551 17562 7ff7a6a32264 EnterCriticalSection 17547->17562 17550 7ff7a6a35a60 _get_daylight 13 API calls 17548->17550 17550->17546 17551->17544 17583 7ff7a6a2fbcf 17582->17583 17591 7ff7a6a39d08 17583->17591 17604 7ff7a6a3af3c EnterCriticalSection 17591->17604 17606 7ff7a6a38598 33 API calls 17605->17606 17607 7ff7a6a34b65 17606->17607 17608 7ff7a6a34c84 33 API calls 17607->17608 17609 7ff7a6a34b7b 17608->17609 17610 7ff7a6a342b4 17611 7ff7a6a3431b 17610->17611 17612 7ff7a6a342d1 GetModuleHandleW 17610->17612 17620 7ff7a6a341ac 17611->17620 17612->17611 17618 7ff7a6a342de 17612->17618 17618->17611 17634 7ff7a6a343bc GetModuleHandleExW 17618->17634 17640 7ff7a6a3af3c EnterCriticalSection 17620->17640 17635 7ff7a6a34401 17634->17635 17636 7ff7a6a343e2 GetProcAddress 17634->17636 17638 7ff7a6a3440b FreeLibrary 17635->17638 17639 7ff7a6a34411 17635->17639 17636->17635 17637 7ff7a6a343f9 17636->17637 17637->17635 17638->17639 17639->17611 18519 7ff7a6a38418 18520 7ff7a6a38432 18519->18520 18521 7ff7a6a3841d 18519->18521 18525 7ff7a6a38438 18521->18525 18526 7ff7a6a3847a 18525->18526 18527 7ff7a6a38482 18525->18527 18528 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18526->18528 18529 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18527->18529 18528->18527 18530 7ff7a6a3848f 18529->18530 18531 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18530->18531 18532 7ff7a6a3849c 18531->18532 18533 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18532->18533 18534 7ff7a6a384a9 18533->18534 18535 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18534->18535 18536 7ff7a6a384b6 18535->18536 18537 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18536->18537 18538 7ff7a6a384c3 18537->18538 18539 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18538->18539 18540 7ff7a6a384d0 18539->18540 18541 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18540->18541 18542 7ff7a6a384dd 18541->18542 18543 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18542->18543 18544 7ff7a6a384ed 18543->18544 18545 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18544->18545 18546 7ff7a6a384fd 18545->18546 18551 7ff7a6a382e8 18546->18551 18565 7ff7a6a3af3c EnterCriticalSection 18551->18565 14572 7ff7a6a28520 14573 7ff7a6a2854e 14572->14573 14574 7ff7a6a28535 14572->14574 14574->14573 14577 7ff7a6a37e44 14574->14577 14578 7ff7a6a37e8f 14577->14578 14582 7ff7a6a37e53 _get_daylight 14577->14582 14580 7ff7a6a35a60 _get_daylight 13 API calls 14578->14580 14579 7ff7a6a37e76 HeapAlloc 14581 7ff7a6a285a8 14579->14581 14579->14582 14580->14581 14582->14578 14582->14579 14583 7ff7a6a3dc2c _get_daylight 2 API calls 14582->14583 14583->14582 18128 7ff7a6a444a6 18131 7ff7a6a2fc2c LeaveCriticalSection 18128->18131 18585 7ff7a6a3be8c 18596 7ff7a6a41950 18585->18596 18597 7ff7a6a4197b 18596->18597 18598 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18597->18598 18599 7ff7a6a41993 18597->18599 18598->18597 18600 7ff7a6a35a80 Concurrency::details::SchedulerProxy::DeleteThis 13 API calls 18599->18600 18601 7ff7a6a3be95 18599->18601 18600->18599 18602 7ff7a6a3af3c EnterCriticalSection 18601->18602 14496 7ff7a6a31d8c 14497 7ff7a6a31dba 14496->14497 14498 7ff7a6a31df3 14496->14498 14500 7ff7a6a35a60 _get_daylight 13 API calls 14497->14500 14498->14497 14499 7ff7a6a31df8 FindFirstFileExW 14498->14499 14501 7ff7a6a31e1a GetLastError 14499->14501 14502 7ff7a6a31e61 14499->14502 14503 7ff7a6a31dbf 14500->14503 14505 7ff7a6a31e25 14501->14505 14506 7ff7a6a31e34 14501->14506 14556 7ff7a6a31ffc 14502->14556 14507 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14503->14507 14510 7ff7a6a31e51 14505->14510 14514 7ff7a6a31e41 14505->14514 14515 7ff7a6a31e2f 14505->14515 14511 7ff7a6a35a60 _get_daylight 13 API calls 14506->14511 14508 7ff7a6a31dca 14507->14508 14516 7ff7a6a29a50 _wfindfirst32i64 8 API calls 14508->14516 14512 7ff7a6a35a60 _get_daylight 13 API calls 14510->14512 14511->14508 14512->14508 14513 7ff7a6a31ffc _wfindfirst32i64 10 API calls 14517 7ff7a6a31e87 14513->14517 14518 7ff7a6a35a60 _get_daylight 13 API calls 14514->14518 14515->14506 14515->14510 14519 7ff7a6a31dde 14516->14519 14520 7ff7a6a31ffc _wfindfirst32i64 10 API calls 14517->14520 14518->14508 14521 7ff7a6a31e95 14520->14521 14563 7ff7a6a3b0cc 14521->14563 14524 7ff7a6a31ebf 14525 7ff7a6a35960 _wfindfirst32i64 17 API calls 14524->14525 14526 7ff7a6a31ed3 14525->14526 14527 7ff7a6a31efd 14526->14527 14530 7ff7a6a31f3c FindNextFileW 14526->14530 14528 7ff7a6a35a60 _get_daylight 13 API calls 14527->14528 14529 7ff7a6a31f02 14528->14529 14531 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14529->14531 14532 7ff7a6a31f4b GetLastError 14530->14532 14533 7ff7a6a31f8c 14530->14533 14534 7ff7a6a31f0d 14531->14534 14536 7ff7a6a31f65 14532->14536 14537 7ff7a6a31f56 14532->14537 14535 7ff7a6a31ffc _wfindfirst32i64 10 API calls 14533->14535 14541 7ff7a6a29a50 _wfindfirst32i64 8 API calls 14534->14541 14539 7ff7a6a31fa4 14535->14539 14538 7ff7a6a35a60 _get_daylight 13 API calls 14536->14538 14540 7ff7a6a31f7f 14537->14540 14544 7ff7a6a31f72 14537->14544 14545 7ff7a6a31f60 14537->14545 14538->14534 14543 7ff7a6a31ffc _wfindfirst32i64 10 API calls 14539->14543 14542 7ff7a6a35a60 _get_daylight 13 API calls 14540->14542 14547 7ff7a6a31f20 14541->14547 14542->14534 14548 7ff7a6a31fb2 14543->14548 14546 7ff7a6a35a60 _get_daylight 13 API calls 14544->14546 14545->14536 14545->14540 14546->14534 14549 7ff7a6a31ffc _wfindfirst32i64 10 API calls 14548->14549 14550 7ff7a6a31fc0 14549->14550 14551 7ff7a6a3b0cc _wfindfirst32i64 30 API calls 14550->14551 14552 7ff7a6a31fde 14551->14552 14552->14534 14553 7ff7a6a31fe6 14552->14553 14554 7ff7a6a35960 _wfindfirst32i64 17 API calls 14553->14554 14555 7ff7a6a31ffa 14554->14555 14557 7ff7a6a3201a FileTimeToSystemTime 14556->14557 14558 7ff7a6a32014 14556->14558 14559 7ff7a6a32029 SystemTimeToTzSpecificLocalTime 14557->14559 14560 7ff7a6a3203f 14557->14560 14558->14557 14558->14560 14559->14560 14561 7ff7a6a29a50 _wfindfirst32i64 8 API calls 14560->14561 14562 7ff7a6a31e79 14561->14562 14562->14513 14564 7ff7a6a3b0d9 14563->14564 14566 7ff7a6a3b0e3 14563->14566 14564->14566 14570 7ff7a6a3b0ff 14564->14570 14565 7ff7a6a35a60 _get_daylight 13 API calls 14567 7ff7a6a3b0eb 14565->14567 14566->14565 14568 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14567->14568 14569 7ff7a6a31eb3 14568->14569 14569->14508 14569->14524 14570->14569 14571 7ff7a6a35a60 _get_daylight 13 API calls 14570->14571 14571->14567 18160 7ff7a6a44310 18161 7ff7a6a44320 18160->18161 18164 7ff7a6a2fc2c LeaveCriticalSection 18161->18164 18165 7ff7a6a34510 18168 7ff7a6a34494 18165->18168 18175 7ff7a6a3af3c EnterCriticalSection 18168->18175 14584 7ff7a6a36a80 14585 7ff7a6a36aa9 14584->14585 14586 7ff7a6a36ac1 14584->14586 14609 7ff7a6a35a40 14585->14609 14588 7ff7a6a36b3b 14586->14588 14593 7ff7a6a36af2 14586->14593 14590 7ff7a6a35a40 _fread_nolock 13 API calls 14588->14590 14592 7ff7a6a36b40 14590->14592 14591 7ff7a6a35a60 _get_daylight 13 API calls 14601 7ff7a6a36ab6 14591->14601 14594 7ff7a6a35a60 _get_daylight 13 API calls 14592->14594 14608 7ff7a6a32264 EnterCriticalSection 14593->14608 14596 7ff7a6a36b48 14594->14596 14598 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 14596->14598 14598->14601 14610 7ff7a6a38714 _get_daylight 13 API calls 14609->14610 14611 7ff7a6a35a49 14610->14611 14611->14591 15321 7ff7a6a3a164 15322 7ff7a6a3a34c 15321->15322 15324 7ff7a6a3a1a7 _isindst 15321->15324 15323 7ff7a6a35a60 _get_daylight 13 API calls 15322->15323 15339 7ff7a6a3a33e 15323->15339 15324->15322 15327 7ff7a6a3a223 _isindst 15324->15327 15325 7ff7a6a29a50 _wfindfirst32i64 8 API calls 15326 7ff7a6a3a367 15325->15326 15342 7ff7a6a405a4 15327->15342 15332 7ff7a6a3a378 15333 7ff7a6a35960 _wfindfirst32i64 17 API calls 15332->15333 15336 7ff7a6a3a38c 15333->15336 15339->15325 15340 7ff7a6a3a280 15340->15339 15366 7ff7a6a405e4 15340->15366 15343 7ff7a6a405b2 15342->15343 15344 7ff7a6a3a241 15342->15344 15373 7ff7a6a3af3c EnterCriticalSection 15343->15373 15348 7ff7a6a3f9a0 15344->15348 15349 7ff7a6a3f9a9 15348->15349 15350 7ff7a6a3a256 15348->15350 15351 7ff7a6a35a60 _get_daylight 13 API calls 15349->15351 15350->15332 15354 7ff7a6a3f9d0 15350->15354 15352 7ff7a6a3f9ae 15351->15352 15353 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15352->15353 15353->15350 15355 7ff7a6a3f9d9 15354->15355 15359 7ff7a6a3a267 15354->15359 15356 7ff7a6a35a60 _get_daylight 13 API calls 15355->15356 15357 7ff7a6a3f9de 15356->15357 15358 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15357->15358 15358->15359 15359->15332 15360 7ff7a6a3fa00 15359->15360 15361 7ff7a6a3fa09 15360->15361 15362 7ff7a6a3a278 15360->15362 15363 7ff7a6a35a60 _get_daylight 13 API calls 15361->15363 15362->15332 15362->15340 15364 7ff7a6a3fa0e 15363->15364 15365 7ff7a6a35940 _invalid_parameter_noinfo 30 API calls 15364->15365 15365->15362 15374 7ff7a6a3af3c EnterCriticalSection 15366->15374

                                                                      Executed Functions

                                                                      Function 00007FF7A6A40000 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 136 7ff7a6a40000-7ff7a6a40040 call 7ff7a6a3f990 call 7ff7a6a3f998 call 7ff7a6a3fa00 143 7ff7a6a4027e-7ff7a6a402c9 call 7ff7a6a35960 call 7ff7a6a3f990 call 7ff7a6a3f998 call 7ff7a6a3fa00 136->143 144 7ff7a6a40046-7ff7a6a40051 call 7ff7a6a3f9a0 136->144 169 7ff7a6a40407-7ff7a6a40475 call 7ff7a6a35960 call 7ff7a6a3bd58 143->169 170 7ff7a6a402cf-7ff7a6a402da call 7ff7a6a3f9a0 143->170 144->143 149 7ff7a6a40057-7ff7a6a40061 144->149 151 7ff7a6a40087-7ff7a6a4008b 149->151 152 7ff7a6a40063-7ff7a6a40066 149->152 155 7ff7a6a4008e-7ff7a6a40096 151->155 154 7ff7a6a40069-7ff7a6a40074 152->154 157 7ff7a6a4007f-7ff7a6a40081 154->157 158 7ff7a6a40076-7ff7a6a4007d 154->158 155->155 159 7ff7a6a40098-7ff7a6a400ab call 7ff7a6a37e44 155->159 157->151 162 7ff7a6a40269-7ff7a6a4027d 157->162 158->154 158->157 167 7ff7a6a40261-7ff7a6a40264 call 7ff7a6a35a80 159->167 168 7ff7a6a400b1-7ff7a6a400c3 call 7ff7a6a35a80 159->168 167->162 178 7ff7a6a400ca-7ff7a6a400d2 168->178 190 7ff7a6a40477-7ff7a6a4047c 169->190 191 7ff7a6a4047e-7ff7a6a40481 169->191 170->169 179 7ff7a6a402e0-7ff7a6a402eb call 7ff7a6a3f9d0 170->179 178->178 181 7ff7a6a400d4-7ff7a6a400e2 call 7ff7a6a3b0cc 178->181 179->169 189 7ff7a6a402f1-7ff7a6a40314 call 7ff7a6a35a80 GetTimeZoneInformation 179->189 181->143 188 7ff7a6a400e8-7ff7a6a40141 call 7ff7a6a2b170 * 4 call 7ff7a6a3ff1c 181->188 249 7ff7a6a40143-7ff7a6a40147 188->249 207 7ff7a6a4031a-7ff7a6a4033b 189->207 208 7ff7a6a403dc-7ff7a6a40406 call 7ff7a6a3f988 call 7ff7a6a3f978 call 7ff7a6a3f980 189->208 196 7ff7a6a404cf-7ff7a6a404e1 190->196 192 7ff7a6a40488-7ff7a6a4049b call 7ff7a6a37e44 191->192 193 7ff7a6a40483-7ff7a6a40486 191->193 212 7ff7a6a4049d 192->212 213 7ff7a6a404a6-7ff7a6a404c1 call 7ff7a6a3bd58 192->213 193->196 200 7ff7a6a404f2 196->200 201 7ff7a6a404e3-7ff7a6a404e6 196->201 204 7ff7a6a404f7-7ff7a6a40523 call 7ff7a6a35a80 call 7ff7a6a29a50 200->204 205 7ff7a6a404f2 call 7ff7a6a40294 200->205 201->200 202 7ff7a6a404e8-7ff7a6a404f0 call 7ff7a6a40000 201->202 202->204 205->204 215 7ff7a6a4033d-7ff7a6a40343 207->215 216 7ff7a6a40346-7ff7a6a4034d 207->216 220 7ff7a6a4049f-7ff7a6a404a4 call 7ff7a6a35a80 212->220 237 7ff7a6a404c8 213->237 238 7ff7a6a404c3-7ff7a6a404c6 213->238 215->216 223 7ff7a6a40361 216->223 224 7ff7a6a4034f-7ff7a6a40357 216->224 220->193 226 7ff7a6a40363-7ff7a6a403d7 call 7ff7a6a2b170 * 4 call 7ff7a6a3d204 call 7ff7a6a40524 * 2 223->226 224->223 225 7ff7a6a40359-7ff7a6a4035f 224->225 225->226 226->208 237->196 242 7ff7a6a404ca call 7ff7a6a35a80 237->242 238->220 242->196 251 7ff7a6a40149 249->251 252 7ff7a6a4014d-7ff7a6a40151 249->252 251->252 252->249 253 7ff7a6a40153-7ff7a6a4017a call 7ff7a6a37ed0 252->253 259 7ff7a6a4017d-7ff7a6a40181 253->259 261 7ff7a6a40190-7ff7a6a40194 259->261 262 7ff7a6a40183-7ff7a6a4018e 259->262 261->259 262->261 264 7ff7a6a40196-7ff7a6a4019a 262->264 266 7ff7a6a4019c-7ff7a6a401c4 call 7ff7a6a37ed0 264->266 267 7ff7a6a4021b-7ff7a6a40220 264->267 276 7ff7a6a401e2-7ff7a6a401e6 266->276 277 7ff7a6a401c6 266->277 269 7ff7a6a40227-7ff7a6a40234 267->269 270 7ff7a6a40222-7ff7a6a40224 267->270 272 7ff7a6a40250-7ff7a6a4025f call 7ff7a6a3f988 call 7ff7a6a3f978 269->272 273 7ff7a6a40236-7ff7a6a4024d call 7ff7a6a3ff1c 269->273 270->269 272->167 273->272 276->267 282 7ff7a6a401e8-7ff7a6a40206 call 7ff7a6a37ed0 276->282 280 7ff7a6a401c9-7ff7a6a401d0 277->280 280->276 283 7ff7a6a401d2-7ff7a6a401e0 280->283 288 7ff7a6a40212-7ff7a6a40219 282->288 283->276 283->280 288->267 289 7ff7a6a40208-7ff7a6a4020c 288->289 289->267 290 7ff7a6a4020e 289->290 290->288
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 435049134-239921721
                                                                      • Opcode ID: 289b7911eccad2a52efd7da51d1f57dfc73dc1ed85fccdbcca32d199a79b90f4
                                                                      • Instruction ID: 2ea6cc6ab07c9b6828deb7238fdb0349c66deacc698492005c2f626bc9295fe7
                                                                      • Opcode Fuzzy Hash: 289b7911eccad2a52efd7da51d1f57dfc73dc1ed85fccdbcca32d199a79b90f4
                                                                      • Instruction Fuzzy Hash: 82B1DE26B1A64286E724FF229C44DBBE751BB84F84F824135EA1D43AB5FF3CE4419760
                                                                      Function 00007FF7A6A25510 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF7A6A254DD), ref: 00007FF7A6A255AA
                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF7A6A254DD), ref: 00007FF7A6A255B0
                                                                        • Part of subcall function 00007FF7A6A25720: GetEnvironmentVariableW.KERNEL32(00007FF7A6A227A9,?,?,?,?,?,?), ref: 00007FF7A6A2575A
                                                                        • Part of subcall function 00007FF7A6A25720: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A25777
                                                                        • Part of subcall function 00007FF7A6A31D2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A31D45
                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7A6A25661
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                      • API String ID: 1556224225-1116378104
                                                                      • Opcode ID: a4143d449f45a2d55185fc0d39921d28cfa390b312b1d4149aeb65c3b8ee1789
                                                                      • Instruction ID: f2181bef5f45847e4ea44a47ed83bf2fd3e77b65540113da88d9445e29118024
                                                                      • Opcode Fuzzy Hash: a4143d449f45a2d55185fc0d39921d28cfa390b312b1d4149aeb65c3b8ee1789
                                                                      • Instruction Fuzzy Hash: 0751D111B8BA4205FA54BB32AD56ABBD2426F49FC0FC65031ED0E577B7FD2CE4018620
                                                                      Function 00007FF7A6A40294 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149timeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 777 7ff7a6a40294-7ff7a6a402c9 call 7ff7a6a3f990 call 7ff7a6a3f998 call 7ff7a6a3fa00 784 7ff7a6a40407-7ff7a6a40475 call 7ff7a6a35960 call 7ff7a6a3bd58 777->784 785 7ff7a6a402cf-7ff7a6a402da call 7ff7a6a3f9a0 777->785 797 7ff7a6a40477-7ff7a6a4047c 784->797 798 7ff7a6a4047e-7ff7a6a40481 784->798 785->784 790 7ff7a6a402e0-7ff7a6a402eb call 7ff7a6a3f9d0 785->790 790->784 796 7ff7a6a402f1-7ff7a6a40314 call 7ff7a6a35a80 GetTimeZoneInformation 790->796 811 7ff7a6a4031a-7ff7a6a4033b 796->811 812 7ff7a6a403dc-7ff7a6a40406 call 7ff7a6a3f988 call 7ff7a6a3f978 call 7ff7a6a3f980 796->812 802 7ff7a6a404cf-7ff7a6a404e1 797->802 799 7ff7a6a40488-7ff7a6a4049b call 7ff7a6a37e44 798->799 800 7ff7a6a40483-7ff7a6a40486 798->800 816 7ff7a6a4049d 799->816 817 7ff7a6a404a6-7ff7a6a404c1 call 7ff7a6a3bd58 799->817 800->802 805 7ff7a6a404f2 802->805 806 7ff7a6a404e3-7ff7a6a404e6 802->806 809 7ff7a6a404f7-7ff7a6a40523 call 7ff7a6a35a80 call 7ff7a6a29a50 805->809 810 7ff7a6a404f2 call 7ff7a6a40294 805->810 806->805 807 7ff7a6a404e8-7ff7a6a404f0 call 7ff7a6a40000 806->807 807->809 810->809 818 7ff7a6a4033d-7ff7a6a40343 811->818 819 7ff7a6a40346-7ff7a6a4034d 811->819 823 7ff7a6a4049f-7ff7a6a404a4 call 7ff7a6a35a80 816->823 837 7ff7a6a404c8 817->837 838 7ff7a6a404c3-7ff7a6a404c6 817->838 818->819 825 7ff7a6a40361 819->825 826 7ff7a6a4034f-7ff7a6a40357 819->826 823->800 828 7ff7a6a40363-7ff7a6a403d7 call 7ff7a6a2b170 * 4 call 7ff7a6a3d204 call 7ff7a6a40524 * 2 825->828 826->825 827 7ff7a6a40359-7ff7a6a4035f 826->827 827->828 828->812 837->802 841 7ff7a6a404ca call 7ff7a6a35a80 837->841 838->823 841->802
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                      • API String ID: 428190724-239921721
                                                                      • Opcode ID: e31d391355a60347e85957ebf629cf85b652fb12ef31f6c8995b07e6d652033a
                                                                      • Instruction ID: 65b4e4adeb237cccbeae1c7d88672b318178c0d710e04043b789d61be2fea7af
                                                                      • Opcode Fuzzy Hash: e31d391355a60347e85957ebf629cf85b652fb12ef31f6c8995b07e6d652033a
                                                                      • Instruction Fuzzy Hash: 65616036A1A64286E720FF31DD84DAAE761BB48F84FC24135EA5D436B5EF3CE4408760
                                                                      Function 00007FF7A6A3B134 Relevance: 1.9, APIs: 1, Instructions: 439COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a334aba6cdbb6ada83db0c6b50709877fa36651390fbe7af09ee35bd31ed791
                                                                      • Instruction ID: 5064d99e4837e7f9c6808c3efe26006857e97e009a09521ea6bc44811b99d95a
                                                                      • Opcode Fuzzy Hash: 5a334aba6cdbb6ada83db0c6b50709877fa36651390fbe7af09ee35bd31ed791
                                                                      • Instruction Fuzzy Hash: B102C16AE0B74641FA58BB159D44A7BE681AF11FA0FCA4635DE2D473F1FE3CA4018321
                                                                      Function 00007FF7A6A217A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                      • API String ID: 3405171723-4158440160
                                                                      • Opcode ID: 94e9ae4d05e3b80ef125e547ae21527a307ad1ee17ce408eb75a1a2d0c5c72d6
                                                                      • Instruction ID: 80f922ac6394733db2ff00f830f87463ea3d0e097dba01f7e94921de5d19e0f8
                                                                      • Opcode Fuzzy Hash: 94e9ae4d05e3b80ef125e547ae21527a307ad1ee17ce408eb75a1a2d0c5c72d6
                                                                      • Instruction Fuzzy Hash: D8519271A4AA0282EB54EF34D85097AA3A1FF48F58B928135DA0D937B5EF3CE850C750
                                                                      Function 00007FF7A6A21440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 53 7ff7a6a21440-7ff7a6a21457 call 7ff7a6a254b0 56 7ff7a6a21459-7ff7a6a21461 53->56 57 7ff7a6a21462-7ff7a6a21485 call 7ff7a6a257d0 53->57 60 7ff7a6a214a7-7ff7a6a214ad 57->60 61 7ff7a6a21487-7ff7a6a214a2 call 7ff7a6a21c00 57->61 62 7ff7a6a214e0-7ff7a6a214f4 call 7ff7a6a2c2d0 60->62 63 7ff7a6a214af-7ff7a6a214ba call 7ff7a6a22d70 60->63 68 7ff7a6a21635-7ff7a6a21647 61->68 72 7ff7a6a21516-7ff7a6a2151a 62->72 73 7ff7a6a214f6-7ff7a6a21511 call 7ff7a6a21c00 62->73 69 7ff7a6a214bf-7ff7a6a214c5 63->69 69->62 71 7ff7a6a214c7-7ff7a6a214db call 7ff7a6a21c40 69->71 84 7ff7a6a21617-7ff7a6a2161d 71->84 76 7ff7a6a2151c-7ff7a6a21528 call 7ff7a6a21050 72->76 77 7ff7a6a21534-7ff7a6a21554 call 7ff7a6a2f9f4 72->77 73->84 82 7ff7a6a2152d-7ff7a6a2152f 76->82 85 7ff7a6a21556-7ff7a6a21570 call 7ff7a6a21c00 77->85 86 7ff7a6a21575-7ff7a6a2157b 77->86 82->84 87 7ff7a6a2162b-7ff7a6a2162e call 7ff7a6a2bce4 84->87 88 7ff7a6a2161f call 7ff7a6a2bce4 84->88 99 7ff7a6a2160d-7ff7a6a21612 85->99 90 7ff7a6a21581-7ff7a6a21586 86->90 91 7ff7a6a21605-7ff7a6a21608 call 7ff7a6a2f9e0 86->91 94 7ff7a6a21633 87->94 98 7ff7a6a21624 88->98 97 7ff7a6a21590-7ff7a6a215b2 call 7ff7a6a2c000 90->97 91->99 94->68 102 7ff7a6a215b4-7ff7a6a215cc call 7ff7a6a2c528 97->102 103 7ff7a6a215e5-7ff7a6a215ec 97->103 98->87 99->84 109 7ff7a6a215ce-7ff7a6a215d1 102->109 110 7ff7a6a215d5-7ff7a6a215e3 102->110 104 7ff7a6a215f3-7ff7a6a215fb call 7ff7a6a21c00 103->104 112 7ff7a6a21600 104->112 109->97 111 7ff7a6a215d3 109->111 110->104 111->112 112->91
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                      • API String ID: 0-666925554
                                                                      • Opcode ID: 567eab59eb8cfd28fa85d8844abf4a434448422a28ccf1ebf7e7345fea355daa
                                                                      • Instruction ID: e6021951a7079e9ced596f80202d2db442a8ee715287317add5965dd6cc8913e
                                                                      • Opcode Fuzzy Hash: 567eab59eb8cfd28fa85d8844abf4a434448422a28ccf1ebf7e7345fea355daa
                                                                      • Instruction Fuzzy Hash: A3516B61A8AA4281EA10AB219C44EBBE352BF45FD4FC64531DF1D176B5FE3CE944C720
                                                                      Function 00007FF7A6A265A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                      • API String ID: 4998090-2855260032
                                                                      • Opcode ID: f200632806bf57d1e373f95f718664a08f6e4520c7bf99548384cd27e76402ad
                                                                      • Instruction ID: 9a4f90df1d50e7e5310f36a24424b25d59c3c1ee92c7e95d1212143f08a48857
                                                                      • Opcode Fuzzy Hash: f200632806bf57d1e373f95f718664a08f6e4520c7bf99548384cd27e76402ad
                                                                      • Instruction Fuzzy Hash: 6941863161AA4286E750AF21EC44AABE362FF84F94F851231EA5E466F9EF3CD444C750
                                                                      Function 00007FF7A6A40F6C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 361 7ff7a6a40f6c-7ff7a6a40fdf call 7ff7a6a40c9c 364 7ff7a6a40ff9-7ff7a6a41003 call 7ff7a6a32374 361->364 365 7ff7a6a40fe1-7ff7a6a40fea call 7ff7a6a35a40 361->365 371 7ff7a6a4101e-7ff7a6a41087 CreateFileW 364->371 372 7ff7a6a41005-7ff7a6a4101c call 7ff7a6a35a40 call 7ff7a6a35a60 364->372 370 7ff7a6a40fed-7ff7a6a40ff4 call 7ff7a6a35a60 365->370 385 7ff7a6a41332-7ff7a6a41352 370->385 373 7ff7a6a41089-7ff7a6a4108f 371->373 374 7ff7a6a41104-7ff7a6a4110f GetFileType 371->374 372->370 377 7ff7a6a410d1-7ff7a6a410ff GetLastError call 7ff7a6a359f0 373->377 378 7ff7a6a41091-7ff7a6a41095 373->378 380 7ff7a6a41162-7ff7a6a41169 374->380 381 7ff7a6a41111-7ff7a6a4114c GetLastError call 7ff7a6a359f0 CloseHandle 374->381 377->370 378->377 383 7ff7a6a41097-7ff7a6a410cf CreateFileW 378->383 388 7ff7a6a4116b-7ff7a6a4116f 380->388 389 7ff7a6a41171-7ff7a6a41174 380->389 381->370 396 7ff7a6a41152-7ff7a6a4115d call 7ff7a6a35a60 381->396 383->374 383->377 390 7ff7a6a4117a-7ff7a6a411cb call 7ff7a6a3228c 388->390 389->390 391 7ff7a6a41176 389->391 399 7ff7a6a411ea-7ff7a6a4121a call 7ff7a6a40a08 390->399 400 7ff7a6a411cd-7ff7a6a411d9 call 7ff7a6a40ea8 390->400 391->390 396->370 407 7ff7a6a411dd-7ff7a6a411e5 call 7ff7a6a35bd8 399->407 408 7ff7a6a4121c-7ff7a6a4125f 399->408 400->399 406 7ff7a6a411db 400->406 406->407 407->385 410 7ff7a6a41281-7ff7a6a4128c 408->410 411 7ff7a6a41261-7ff7a6a41265 408->411 413 7ff7a6a41292-7ff7a6a41296 410->413 414 7ff7a6a41330 410->414 411->410 412 7ff7a6a41267-7ff7a6a4127c 411->412 412->410 413->414 416 7ff7a6a4129c-7ff7a6a412e1 CloseHandle CreateFileW 413->416 414->385 417 7ff7a6a41316-7ff7a6a4132b 416->417 418 7ff7a6a412e3-7ff7a6a41311 GetLastError call 7ff7a6a359f0 call 7ff7a6a324b4 416->418 417->414 418->417
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                      • String ID:
                                                                      • API String ID: 1330151763-0
                                                                      • Opcode ID: ec83095cb1667d9f6de31c98f1b7a8ee4c2046d418af891938abd2368e94f20e
                                                                      • Instruction ID: 4b5d762d2bd6f5fc80969a02ce347df30a771661f426c32372d8bced389ec299
                                                                      • Opcode Fuzzy Hash: ec83095cb1667d9f6de31c98f1b7a8ee4c2046d418af891938abd2368e94f20e
                                                                      • Instruction Fuzzy Hash: 6DC1C336B15A4185EB54DF68C894ABE7760FB48F98B920235DB2E477E4EF38D451C320
                                                                      Function 00007FF7A6A21000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 275COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 423 7ff7a6a21000-7ff7a6a22748 call 7ff7a6a2bc58 call 7ff7a6a2bc50 call 7ff7a6a26390 call 7ff7a6a29a80 call 7ff7a6a2fbb0 call 7ff7a6a3069c call 7ff7a6a21ae0 439 7ff7a6a2285c 423->439 440 7ff7a6a2274e-7ff7a6a2275d call 7ff7a6a22c60 423->440 441 7ff7a6a22861-7ff7a6a22881 call 7ff7a6a29a50 439->441 440->439 446 7ff7a6a22763-7ff7a6a22776 call 7ff7a6a22b30 440->446 446->439 449 7ff7a6a2277c-7ff7a6a2278f call 7ff7a6a22be0 446->449 449->439 452 7ff7a6a22795-7ff7a6a227bc call 7ff7a6a25720 449->452 455 7ff7a6a227fe-7ff7a6a22826 call 7ff7a6a25cc0 call 7ff7a6a219c0 452->455 456 7ff7a6a227be-7ff7a6a227cd call 7ff7a6a25720 452->456 467 7ff7a6a2282c-7ff7a6a22842 call 7ff7a6a219c0 455->467 468 7ff7a6a2290f-7ff7a6a22920 455->468 456->455 461 7ff7a6a227cf-7ff7a6a227d5 456->461 463 7ff7a6a227d7-7ff7a6a227df 461->463 464 7ff7a6a227e1-7ff7a6a227fb call 7ff7a6a2f9e0 call 7ff7a6a25cc0 461->464 463->464 464->455 477 7ff7a6a22882-7ff7a6a22885 467->477 478 7ff7a6a22844-7ff7a6a22857 call 7ff7a6a21c40 467->478 470 7ff7a6a22922-7ff7a6a2292c call 7ff7a6a22690 468->470 471 7ff7a6a22935-7ff7a6a2294d call 7ff7a6a268f0 468->471 484 7ff7a6a2292e 470->484 485 7ff7a6a2296d-7ff7a6a2297a call 7ff7a6a24c10 470->485 486 7ff7a6a22960-7ff7a6a22967 SetDllDirectoryW 471->486 487 7ff7a6a2294f-7ff7a6a2295b call 7ff7a6a21c40 471->487 477->468 483 7ff7a6a2288b-7ff7a6a228a2 call 7ff7a6a22d70 477->483 478->439 496 7ff7a6a228a9-7ff7a6a228d5 call 7ff7a6a25f30 483->496 497 7ff7a6a228a4-7ff7a6a228a7 483->497 484->471 494 7ff7a6a229c8-7ff7a6a229cd call 7ff7a6a24b90 485->494 495 7ff7a6a2297c-7ff7a6a2298c call 7ff7a6a248f0 485->495 486->485 487->439 503 7ff7a6a229d2-7ff7a6a229d5 494->503 495->494 509 7ff7a6a2298e-7ff7a6a2299d call 7ff7a6a244a0 495->509 510 7ff7a6a228d7-7ff7a6a228df call 7ff7a6a2bce4 496->510 511 7ff7a6a228ff-7ff7a6a2290d 496->511 500 7ff7a6a228e4-7ff7a6a228fa call 7ff7a6a21c40 497->500 500->439 507 7ff7a6a229db-7ff7a6a229e8 503->507 508 7ff7a6a22a86-7ff7a6a22a95 call 7ff7a6a22520 503->508 513 7ff7a6a229f0-7ff7a6a229fa 507->513 508->439 525 7ff7a6a22a9b-7ff7a6a22ad2 call 7ff7a6a25c50 call 7ff7a6a25720 call 7ff7a6a24290 508->525 523 7ff7a6a229be-7ff7a6a229c3 call 7ff7a6a24710 509->523 524 7ff7a6a2299f-7ff7a6a229ab call 7ff7a6a24430 509->524 510->500 511->470 517 7ff7a6a229fc-7ff7a6a22a01 513->517 518 7ff7a6a22a03-7ff7a6a22a05 513->518 517->513 517->518 521 7ff7a6a22a07-7ff7a6a22a2a call 7ff7a6a21b20 518->521 522 7ff7a6a22a51-7ff7a6a22a81 call 7ff7a6a22680 call 7ff7a6a222b0 call 7ff7a6a22670 call 7ff7a6a24710 call 7ff7a6a24b90 518->522 521->439 537 7ff7a6a22a30-7ff7a6a22a3b 521->537 522->441 523->494 524->523 538 7ff7a6a229ad-7ff7a6a229bc call 7ff7a6a24aa0 524->538 525->439 548 7ff7a6a22ad8-7ff7a6a22b0d call 7ff7a6a22680 call 7ff7a6a25d00 call 7ff7a6a24710 call 7ff7a6a24b90 525->548 541 7ff7a6a22a40-7ff7a6a22a4f 537->541 538->503 541->522 541->541 561 7ff7a6a22b17-7ff7a6a22b1a call 7ff7a6a21aa0 548->561 562 7ff7a6a22b0f-7ff7a6a22b12 call 7ff7a6a259c0 548->562 565 7ff7a6a22b1f-7ff7a6a22b21 561->565 562->561 565->441
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A22C60: GetModuleFileNameW.KERNEL32(?,00007FF7A6A2275B,?,?,?,?,?,?), ref: 00007FF7A6A22C91
                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7A6A22967
                                                                        • Part of subcall function 00007FF7A6A25720: GetEnvironmentVariableW.KERNEL32(00007FF7A6A227A9,?,?,?,?,?,?), ref: 00007FF7A6A2575A
                                                                        • Part of subcall function 00007FF7A6A25720: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A25777
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                      • API String ID: 2344891160-3602715111
                                                                      • Opcode ID: 0497e8903818094e7f48e37b0bb12b17621dd4fc1e4910c9c703c68c7e59b529
                                                                      • Instruction ID: e20244ef909c4a40af135c77101a53b1962eb94db39c0f4305bc89333932c026
                                                                      • Opcode Fuzzy Hash: 0497e8903818094e7f48e37b0bb12b17621dd4fc1e4910c9c703c68c7e59b529
                                                                      • Instruction Fuzzy Hash: 4EC18621A5E68341EA24BB31DC51AFF9252BF44F84FC24031EA4E676B6FF2CE5158720
                                                                      Function 00007FF7A6A21050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 566 7ff7a6a21050-7ff7a6a210ab call 7ff7a6a287b0 569 7ff7a6a210ad-7ff7a6a210d2 call 7ff7a6a21c40 566->569 570 7ff7a6a210d3-7ff7a6a210eb call 7ff7a6a2f9f4 566->570 575 7ff7a6a21109-7ff7a6a21119 call 7ff7a6a2f9f4 570->575 576 7ff7a6a210ed-7ff7a6a21104 call 7ff7a6a21c00 570->576 581 7ff7a6a21137-7ff7a6a21147 575->581 582 7ff7a6a2111b-7ff7a6a21132 call 7ff7a6a21c00 575->582 583 7ff7a6a2126c-7ff7a6a212a0 call 7ff7a6a284a0 call 7ff7a6a2f9e0 * 2 576->583 585 7ff7a6a21150-7ff7a6a21175 call 7ff7a6a2c000 581->585 582->583 592 7ff7a6a2117b-7ff7a6a21185 call 7ff7a6a2bd74 585->592 593 7ff7a6a2125e 585->593 592->593 600 7ff7a6a2118b-7ff7a6a21197 592->600 595 7ff7a6a21264 593->595 595->583 601 7ff7a6a211a0-7ff7a6a211c8 call 7ff7a6a26c70 600->601 604 7ff7a6a211ca-7ff7a6a211cd 601->604 605 7ff7a6a21241-7ff7a6a2125c call 7ff7a6a21c40 601->605 606 7ff7a6a2123c 604->606 607 7ff7a6a211cf-7ff7a6a211d9 604->607 605->595 606->605 609 7ff7a6a211db-7ff7a6a211e8 call 7ff7a6a2c528 607->609 610 7ff7a6a21203-7ff7a6a21206 607->610 615 7ff7a6a211ed-7ff7a6a211f0 609->615 613 7ff7a6a21208-7ff7a6a21216 call 7ff7a6a2a7c0 610->613 614 7ff7a6a21219-7ff7a6a2121e 610->614 613->614 614->601 617 7ff7a6a21220-7ff7a6a21223 614->617 618 7ff7a6a211fe-7ff7a6a21201 615->618 619 7ff7a6a211f2-7ff7a6a211fc call 7ff7a6a2bd74 615->619 621 7ff7a6a21237-7ff7a6a2123a 617->621 622 7ff7a6a21225-7ff7a6a21228 617->622 618->605 619->614 619->618 621->595 622->605 623 7ff7a6a2122a-7ff7a6a21232 622->623 623->585
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                      • API String ID: 0-1060636955
                                                                      • Opcode ID: efa239e9025173d23259f98722e1c79e72f19e9472cd7fb0ed22f2d1162737aa
                                                                      • Instruction ID: ce66be349519f8286ab1a3678d8d287d589959e855058b4aafbb873b8b03515a
                                                                      • Opcode Fuzzy Hash: efa239e9025173d23259f98722e1c79e72f19e9472cd7fb0ed22f2d1162737aa
                                                                      • Instruction Fuzzy Hash: 7551FA62A4A68241E620BB21DC40BBBA292FB45F94FC64135EF4D577B5FE3CE854C710
                                                                      Function 00007FF7A6A25D00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A268F0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                        • Part of subcall function 00007FF7A6A329BC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A6A34C9C), ref: 00007FF7A6A32A29
                                                                        • Part of subcall function 00007FF7A6A329BC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A6A34C9C), ref: 00007FF7A6A32A44
                                                                      • GetStartupInfoW.KERNEL32 ref: 00007FF7A6A25D87
                                                                        • Part of subcall function 00007FF7A6A34BFC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A34C10
                                                                        • Part of subcall function 00007FF7A6A32570: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A325D7
                                                                      • GetCommandLineW.KERNEL32 ref: 00007FF7A6A25E0F
                                                                      • CreateProcessW.KERNELBASE ref: 00007FF7A6A25E51
                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF7A6A25E65
                                                                      • GetExitCodeProcess.KERNELBASE ref: 00007FF7A6A25E75
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                      • API String ID: 1742298069-3524285272
                                                                      • Opcode ID: 373b3e8cc1eb22f577014b8311e17748376db8fb731b9fc5a1d19a15b41eafec
                                                                      • Instruction ID: 51e9eb4b755bdf8853ab2b52fb8b9b310c14cf89ceaf210a004d751f8475e9e1
                                                                      • Opcode Fuzzy Hash: 373b3e8cc1eb22f577014b8311e17748376db8fb731b9fc5a1d19a15b41eafec
                                                                      • Instruction Fuzzy Hash: 7E418332A0978186D724EB64E8556ABF3A1FF94B50F814139E69E07BB6EF3CD0448B50
                                                                      Function 00007FF7A6A364BC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 664 7ff7a6a364bc-7ff7a6a364e2 665 7ff7a6a364fd-7ff7a6a36501 664->665 666 7ff7a6a364e4-7ff7a6a364f8 call 7ff7a6a35a40 call 7ff7a6a35a60 664->666 668 7ff7a6a36507-7ff7a6a3650e 665->668 669 7ff7a6a368e0-7ff7a6a368ec call 7ff7a6a35a40 call 7ff7a6a35a60 665->669 683 7ff7a6a368f7 666->683 668->669 671 7ff7a6a36514-7ff7a6a36546 668->671 686 7ff7a6a368f2 call 7ff7a6a35940 669->686 671->669 674 7ff7a6a3654c-7ff7a6a36553 671->674 677 7ff7a6a3656c-7ff7a6a3656f 674->677 678 7ff7a6a36555-7ff7a6a36567 call 7ff7a6a35a40 call 7ff7a6a35a60 674->678 681 7ff7a6a368dc-7ff7a6a368de 677->681 682 7ff7a6a36575-7ff7a6a36577 677->682 678->686 687 7ff7a6a368fa-7ff7a6a36911 681->687 682->681 688 7ff7a6a3657d-7ff7a6a36580 682->688 683->687 686->683 688->678 691 7ff7a6a36582-7ff7a6a365a8 688->691 693 7ff7a6a365aa-7ff7a6a365ad 691->693 694 7ff7a6a365e7-7ff7a6a365ef 691->694 697 7ff7a6a365af-7ff7a6a365b7 693->697 698 7ff7a6a365d5-7ff7a6a365e2 693->698 695 7ff7a6a365b9-7ff7a6a365d0 call 7ff7a6a35a40 call 7ff7a6a35a60 call 7ff7a6a35940 694->695 696 7ff7a6a365f1-7ff7a6a36619 call 7ff7a6a37e44 call 7ff7a6a35a80 * 2 694->696 725 7ff7a6a36770 695->725 727 7ff7a6a3661b-7ff7a6a36631 call 7ff7a6a35a60 call 7ff7a6a35a40 696->727 728 7ff7a6a36636-7ff7a6a36667 call 7ff7a6a36c14 696->728 697->695 697->698 699 7ff7a6a3666b-7ff7a6a3667e 698->699 702 7ff7a6a366fa-7ff7a6a36704 call 7ff7a6a3dd98 699->702 703 7ff7a6a36680-7ff7a6a36688 699->703 716 7ff7a6a3670a-7ff7a6a3671f 702->716 717 7ff7a6a3678e 702->717 703->702 706 7ff7a6a3668a-7ff7a6a3668c 703->706 706->702 710 7ff7a6a3668e-7ff7a6a366a5 706->710 710->702 714 7ff7a6a366a7-7ff7a6a366b3 710->714 714->702 719 7ff7a6a366b5-7ff7a6a366b7 714->719 716->717 722 7ff7a6a36721-7ff7a6a36733 GetConsoleMode 716->722 721 7ff7a6a36793-7ff7a6a367b3 ReadFile 717->721 719->702 726 7ff7a6a366b9-7ff7a6a366d1 719->726 729 7ff7a6a367b9-7ff7a6a367c1 721->729 730 7ff7a6a368a6-7ff7a6a368af GetLastError 721->730 722->717 724 7ff7a6a36735-7ff7a6a3673d 722->724 724->721 731 7ff7a6a3673f-7ff7a6a36761 ReadConsoleW 724->731 734 7ff7a6a36773-7ff7a6a3677d call 7ff7a6a35a80 725->734 726->702 735 7ff7a6a366d3-7ff7a6a366df 726->735 727->725 728->699 729->730 737 7ff7a6a367c7 729->737 732 7ff7a6a368cc-7ff7a6a368cf 730->732 733 7ff7a6a368b1-7ff7a6a368c7 call 7ff7a6a35a60 call 7ff7a6a35a40 730->733 740 7ff7a6a36782-7ff7a6a3678c 731->740 741 7ff7a6a36763 GetLastError 731->741 745 7ff7a6a36769-7ff7a6a3676b call 7ff7a6a359f0 732->745 746 7ff7a6a368d5-7ff7a6a368d7 732->746 733->725 734->687 735->702 744 7ff7a6a366e1-7ff7a6a366e3 735->744 748 7ff7a6a367ce-7ff7a6a367e3 737->748 740->748 741->745 744->702 752 7ff7a6a366e5-7ff7a6a366f5 744->752 745->725 746->734 748->734 754 7ff7a6a367e5-7ff7a6a367f0 748->754 752->702 755 7ff7a6a36817-7ff7a6a3681f 754->755 756 7ff7a6a367f2-7ff7a6a3680b call 7ff7a6a36080 754->756 760 7ff7a6a36821-7ff7a6a36833 755->760 761 7ff7a6a36894-7ff7a6a368a1 call 7ff7a6a35e38 755->761 764 7ff7a6a36810-7ff7a6a36812 756->764 765 7ff7a6a36887-7ff7a6a3688f 760->765 766 7ff7a6a36835 760->766 761->764 764->734 765->734 768 7ff7a6a3683a-7ff7a6a36841 766->768 769 7ff7a6a3687d-7ff7a6a36881 768->769 770 7ff7a6a36843-7ff7a6a36847 768->770 769->765 771 7ff7a6a36849-7ff7a6a36850 770->771 772 7ff7a6a36863 770->772 771->772 773 7ff7a6a36852-7ff7a6a36856 771->773 774 7ff7a6a36869-7ff7a6a36879 772->774 773->772 775 7ff7a6a36858-7ff7a6a36861 773->775 774->768 776 7ff7a6a3687b 774->776 775->774 776->765
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 981d71d40f2eaa25e349e7f88eabfe090b2edca283c4b78cc681822f7ba371c0
                                                                      • Instruction ID: fa97b97fb2010acd2a57e1855b10f43e69c11d28585b23d7f30b2ae3c304cd45
                                                                      • Opcode Fuzzy Hash: 981d71d40f2eaa25e349e7f88eabfe090b2edca283c4b78cc681822f7ba371c0
                                                                      • Instruction Fuzzy Hash: A1C1F62AA0EB8281E7686B159C44ABBE760FB45F84FC61131DA4E077B1EF7CE455C360
                                                                      Function 00007FF7A6A377FC Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 854 7ff7a6a377fc-7ff7a6a37821 855 7ff7a6a37827-7ff7a6a3782a 854->855 856 7ff7a6a37ac5 854->856 857 7ff7a6a3784b-7ff7a6a37872 855->857 858 7ff7a6a3782c-7ff7a6a37846 call 7ff7a6a35a40 call 7ff7a6a35a60 call 7ff7a6a35940 855->858 859 7ff7a6a37ac7-7ff7a6a37ade 856->859 861 7ff7a6a3787d-7ff7a6a37883 857->861 862 7ff7a6a37874-7ff7a6a3787b 857->862 858->859 864 7ff7a6a37885-7ff7a6a3788e call 7ff7a6a36c14 861->864 865 7ff7a6a37893-7ff7a6a378a1 call 7ff7a6a3dd98 861->865 862->858 862->861 864->865 872 7ff7a6a378a7-7ff7a6a378b7 865->872 873 7ff7a6a379b2-7ff7a6a379c2 865->873 872->873 877 7ff7a6a378bd-7ff7a6a378d0 call 7ff7a6a38598 872->877 875 7ff7a6a37a11-7ff7a6a37a36 WriteFile 873->875 876 7ff7a6a379c4-7ff7a6a379c9 873->876 879 7ff7a6a37a38-7ff7a6a37a3e GetLastError 875->879 880 7ff7a6a37a41 875->880 881 7ff7a6a379fd-7ff7a6a37a0f call 7ff7a6a37380 876->881 882 7ff7a6a379cb-7ff7a6a379ce 876->882 888 7ff7a6a378e8-7ff7a6a37904 GetConsoleMode 877->888 889 7ff7a6a378d2-7ff7a6a378e2 877->889 879->880 885 7ff7a6a37a44 880->885 895 7ff7a6a379a6-7ff7a6a379ad 881->895 886 7ff7a6a379e9-7ff7a6a379fb call 7ff7a6a375a0 882->886 887 7ff7a6a379d0-7ff7a6a379d3 882->887 891 7ff7a6a37a49 885->891 886->895 892 7ff7a6a37a4e-7ff7a6a37a58 887->892 893 7ff7a6a379d5-7ff7a6a379e7 call 7ff7a6a37484 887->893 888->873 896 7ff7a6a3790a-7ff7a6a3790d 888->896 889->873 889->888 891->892 897 7ff7a6a37a5a-7ff7a6a37a5f 892->897 898 7ff7a6a37abe-7ff7a6a37ac3 892->898 893->895 895->891 901 7ff7a6a37913-7ff7a6a3791a 896->901 902 7ff7a6a37994-7ff7a6a379a1 call 7ff7a6a36e94 896->902 903 7ff7a6a37a8e-7ff7a6a37a9f 897->903 904 7ff7a6a37a61-7ff7a6a37a64 897->904 898->859 901->892 907 7ff7a6a37920-7ff7a6a3792e 901->907 902->895 908 7ff7a6a37aa1-7ff7a6a37aa4 903->908 909 7ff7a6a37aa6-7ff7a6a37ab6 call 7ff7a6a35a60 call 7ff7a6a35a40 903->909 910 7ff7a6a37a81-7ff7a6a37a89 call 7ff7a6a359f0 904->910 911 7ff7a6a37a66-7ff7a6a37a76 call 7ff7a6a35a60 call 7ff7a6a35a40 904->911 907->885 913 7ff7a6a37934 907->913 908->856 908->909 909->898 910->903 911->910 917 7ff7a6a37937-7ff7a6a3794e call 7ff7a6a3de64 913->917 926 7ff7a6a37950-7ff7a6a3795a 917->926 927 7ff7a6a37986-7ff7a6a3798f GetLastError 917->927 928 7ff7a6a37977-7ff7a6a3797e 926->928 929 7ff7a6a3795c-7ff7a6a3796e call 7ff7a6a3de64 926->929 927->885 928->885 930 7ff7a6a37984 928->930 929->927 933 7ff7a6a37970-7ff7a6a37975 929->933 930->917 933->928
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A3783E
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB,?,?,?,00007FF7A6A37BAE), ref: 00007FF7A6A378FC
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB,?,?,?,00007FF7A6A37BAE), ref: 00007FF7A6A37986
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2210144848-0
                                                                      • Opcode ID: ebfacf7f234232937329807152f3a504317d623b91edc3017981ea161f13b768
                                                                      • Instruction ID: 8fd381459aa4cc125d696c30ecd4f669a30b41b5ae518f0964ce2e9bcf9435a9
                                                                      • Opcode Fuzzy Hash: ebfacf7f234232937329807152f3a504317d623b91edc3017981ea161f13b768
                                                                      • Instruction Fuzzy Hash: E781B12AE1A61285F75ABF648C41ABAA660BF44F84FC60135DE0E577B1EE3CE441C334
                                                                      Function 00007FF7A6A3A164 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_isindst
                                                                      • String ID:
                                                                      • API String ID: 4170891091-0
                                                                      • Opcode ID: de942fe982c5fba56272b38e48463b02f24d8f0182388240c09cc8d3f0996e48
                                                                      • Instruction ID: a5614f703f5f6e55691f9442fc7333914aacea2776e223c7baebf07284ddd188
                                                                      • Opcode Fuzzy Hash: de942fe982c5fba56272b38e48463b02f24d8f0182388240c09cc8d3f0996e48
                                                                      • Instruction Fuzzy Hash: E451E77AF0662289EB18EF649D459BEF761EB00B58F920135DE1E13AF5EF38A401C710
                                                                      Function 00007FF7A6A29BB4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 1321466686-0
                                                                      • Opcode ID: 91ed4a23901f49b38d892b78655deed3059dcdf9633e9544a7a7d3b755c62e70
                                                                      • Instruction ID: ca2ee6b96a8dfaf3fc71dbf7d4dfb3e0b462a14065c491b4729596cc0d5c054e
                                                                      • Opcode Fuzzy Hash: 91ed4a23901f49b38d892b78655deed3059dcdf9633e9544a7a7d3b755c62e70
                                                                      • Instruction Fuzzy Hash: 4D313B21A4E60345FA14BB319D15BBBD292AF45F84FC64034EA4E272F7EE6DF4058271
                                                                      Function 00007FF7A6A2FEB8 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2907017715-0
                                                                      • Opcode ID: e5833f752b609c99807019a65a119527bad9e9cb99de857d0c4f2af084ab9fcd
                                                                      • Instruction ID: 871339b03384fd5fe8e403719f185094df34e9a9eb12346045c74bc6e8dea4b6
                                                                      • Opcode Fuzzy Hash: e5833f752b609c99807019a65a119527bad9e9cb99de857d0c4f2af084ab9fcd
                                                                      • Instruction Fuzzy Hash: 5231E672E09B4146E654AF249D0066BB650FF55FA0F554335EB6D03AF2EF3CE1A08B60
                                                                      Function 00007FF7A6A34370 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 604c1ad190159064f8d0d9f17bd79febb7bb51acc42eb22ba23c993cd3b9a3ca
                                                                      • Instruction ID: 5904a7f30b07915eba4145f7e38c454322dab89981b62fc9aefc80f04f7f8908
                                                                      • Opcode Fuzzy Hash: 604c1ad190159064f8d0d9f17bd79febb7bb51acc42eb22ba23c993cd3b9a3ca
                                                                      • Instruction Fuzzy Hash: 5FE01224A1570283E6187B209C99B7AA251EF84F41F914438C50E033B6ED3DE4444230
                                                                      Function 00007FF7A6A3986C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: try_get_function
                                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                                      • API String ID: 2742660187-2031265017
                                                                      • Opcode ID: 4bcc9b3ccb7240cf48817a96642029c3a2284b7926d128bd08fd199ae4dc2826
                                                                      • Instruction ID: 08e127e44e02f331e131e06fa25e1ba07e7821ffc4f302e041f780801068222f
                                                                      • Opcode Fuzzy Hash: 4bcc9b3ccb7240cf48817a96642029c3a2284b7926d128bd08fd199ae4dc2826
                                                                      • Instruction Fuzzy Hash: 84E04F91E0790691FB0867A1AC149B292519F9CBB0EC95331D93D063F0BE2CAA958220
                                                                      Function 00007FF7A6A2BDA0 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 551a24d3dd0432e0cadfa337d9e17c8f920c54420629120b7131c68249c0f4c1
                                                                      • Instruction ID: e8e8c8132704e8ce4654bdaceca7ab9b9398babfbafb9ced80ef3350d87048e6
                                                                      • Opcode Fuzzy Hash: 551a24d3dd0432e0cadfa337d9e17c8f920c54420629120b7131c68249c0f4c1
                                                                      • Instruction Fuzzy Hash: D551F963B4A64147E628BF359800E7BE692BF44F68F964230DE6D277F5EE3CD4418620
                                                                      Function 00007FF7A6A36D0C Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID:
                                                                      • API String ID: 3000768030-0
                                                                      • Opcode ID: 2ca9993425302d11335e1652840a998e65625aa6a18f41d6fdad1bdfd07849ae
                                                                      • Instruction ID: cf08fdb3ecaf4bdefdf5532dbbf9d0f38bbf5b56b9ac7984c225dbf8162ff96f
                                                                      • Opcode Fuzzy Hash: 2ca9993425302d11335e1652840a998e65625aa6a18f41d6fdad1bdfd07849ae
                                                                      • Instruction Fuzzy Hash: 2031D625919F4181D768AB14889057AA690FB45FF0BB92339DB5E073F4DF38E461C350
                                                                      Function 00007FF7A6A36B70 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,00007FF7A6A37893,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB), ref: 00007FF7A6A36BB4
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A37893,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB), ref: 00007FF7A6A36BBE
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 41cc6d5bdf9a5dc440c86a1a687a0af25ce893ca5a364656609af41169203595
                                                                      • Instruction ID: e06361fcb7c6486fef855c88c465b40cf1e0dddd2804b9310880a108d291668f
                                                                      • Opcode Fuzzy Hash: 41cc6d5bdf9a5dc440c86a1a687a0af25ce893ca5a364656609af41169203595
                                                                      • Instruction Fuzzy Hash: A901E565A19A4241DE14AF29EC5447AA250AF80FF0FD55332EA3E0B7F5EE3CD0518710
                                                                      Function 00007FF7A6A31FFC Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A31E79), ref: 00007FF7A6A3201F
                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A31E79), ref: 00007FF7A6A32035
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Time$System$FileLocalSpecific
                                                                      • String ID:
                                                                      • API String ID: 1707611234-0
                                                                      • Opcode ID: b18125e20a1e2ba925058f83071bc2487be3eabcc88ef42b81c8011cb6cdde60
                                                                      • Instruction ID: 2d8773cfdcfafa1dab440fd8065d683ff66850eea27a894ab06f2e7b50fbc834
                                                                      • Opcode Fuzzy Hash: b18125e20a1e2ba925058f83071bc2487be3eabcc88ef42b81c8011cb6cdde60
                                                                      • Instruction Fuzzy Hash: 4F01822190D65182E754AF15A81167BF7A1FB45F61F910235EBAA019E8EF3DD504CB20
                                                                      Function 00007FF7A6A32B98 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 2018770650-0
                                                                      • Opcode ID: 3d5f388094d554e5b907e340325ba5e4d3dfc10fe9410171b82905a9f964b27c
                                                                      • Instruction ID: 4665cfaea642ac8f1b11aae94825192c1c0dd239ea5c619802dcca1074fe811e
                                                                      • Opcode Fuzzy Hash: 3d5f388094d554e5b907e340325ba5e4d3dfc10fe9410171b82905a9f964b27c
                                                                      • Instruction Fuzzy Hash: 32D0C918E1A90382E6583FB62C4997A95902F84F25FE20671D12B812F1FD1CA0450131
                                                                      Function 00007FF7A6A31D64 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastRemove
                                                                      • String ID:
                                                                      • API String ID: 377330604-0
                                                                      • Opcode ID: 77c683b4d68b45f4be7a2c4bac88b4a7fdb006305fcdfb478ed2cf995d574903
                                                                      • Instruction ID: 043d52c43bb291826ff25e5aa11ce7591cef6c97689a111a5be322409c1409f0
                                                                      • Opcode Fuzzy Hash: 77c683b4d68b45f4be7a2c4bac88b4a7fdb006305fcdfb478ed2cf995d574903
                                                                      • Instruction Fuzzy Hash: F8D01218F1F90381E6583BF55C4997BA1D4AF45F75FE30631C12A811F0FE2CA4450131
                                                                      Function 00007FF7A6A35BD8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7A6A35B0B,?,?,00000000,00007FF7A6A35BB3,?,?,?,?,?,?,00007FF7A6A2BCB2), ref: 00007FF7A6A35C3E
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A35B0B,?,?,00000000,00007FF7A6A35BB3,?,?,?,?,?,?,00007FF7A6A2BCB2), ref: 00007FF7A6A35C48
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 2c590a4e6f3ae4dbfeb2fe714c046f3b22d8df01d646a30b40b750db35e5ac70
                                                                      • Instruction ID: c7ae6ca3dd08207581636b1de89bd5d65c8822168e73eb547bb0e3939bcd92e0
                                                                      • Opcode Fuzzy Hash: 2c590a4e6f3ae4dbfeb2fe714c046f3b22d8df01d646a30b40b750db35e5ac70
                                                                      • Instruction Fuzzy Hash: 8011DA19F0A94201EE9C77699D98A7F92815F40FA8FD60235DB2E463F2FD6CF4444321
                                                                      Function 00007FF7A6A259C0 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide_findclose
                                                                      • String ID:
                                                                      • API String ID: 2772937645-0
                                                                      • Opcode ID: e40058849c3030b66bb1182060c9903a54835247b34d9d3b3a9b1a6aee2fdf25
                                                                      • Instruction ID: d38b1ef19fa98b4b8b1323736f8cdf115d57675f4c8fc9391a5196b43ea0f5a4
                                                                      • Opcode Fuzzy Hash: e40058849c3030b66bb1182060c9903a54835247b34d9d3b3a9b1a6aee2fdf25
                                                                      • Instruction Fuzzy Hash: 3771A452E19BC581E611DB2CC9452FDA360F7A9B4CF95E321DB9D125A2FF28E2C9C310
                                                                      Function 00007FF7A6A2C37C Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: c73f8249d46806a36ad4cc07e11e811cbbba760782073ef8dbc71cec61508e0f
                                                                      • Instruction ID: b4366ebeb2d0ed4ba07d021d895b39d72d1dc1ed8a7506c3728ac63f8505084d
                                                                      • Opcode Fuzzy Hash: c73f8249d46806a36ad4cc07e11e811cbbba760782073ef8dbc71cec61508e0f
                                                                      • Instruction Fuzzy Hash: 7E41F761B4A25546EB98BE365D08A3BF282AF04FE0F854530DD2E577F5EE3CE8414360
                                                                      Function 00007FF7A6A36914 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8a938a14db64c120b990eaa2697fbedf78ea3316998f0bec7bf6d09eaf4bf6d3
                                                                      • Instruction ID: 7e7d81acc2142d000e88b653b0a32f35d6b3a4df3024ff1f3af24de228adcab6
                                                                      • Opcode Fuzzy Hash: 8a938a14db64c120b990eaa2697fbedf78ea3316998f0bec7bf6d09eaf4bf6d3
                                                                      • Instruction Fuzzy Hash: 0D41E536D0A21147EA5CAB18CA41A7EB3B0FB01F54F855131DA4D877A1EF3CE462C761
                                                                      Function 00007FF7A6A3307C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: af202a245decdf49febda4a7e224a183fe1c410a05a19f6e6f3cb4efe9ae17e3
                                                                      • Instruction ID: cb227ca8dd35f1df7a2be4efce2e6fcf2f510a68003e85005ade569a86ae789a
                                                                      • Opcode Fuzzy Hash: af202a245decdf49febda4a7e224a183fe1c410a05a19f6e6f3cb4efe9ae17e3
                                                                      • Instruction Fuzzy Hash: 2F31C53AA0EA8681EE58AB25DD4477AA750AF41FD4F865131D90E073E5EF3CE4418370
                                                                      Function 00007FF7A6A25F30 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 840049012-0
                                                                      • Opcode ID: fc81cfe3308d0dad9ee5a7d4d910dbe304e52616f1996491b9f56eec05bc3451
                                                                      • Instruction ID: fc33a734533c9f90a5915d929691eece5d5502b80e46c763c904bb7b15d624d7
                                                                      • Opcode Fuzzy Hash: fc81cfe3308d0dad9ee5a7d4d910dbe304e52616f1996491b9f56eec05bc3451
                                                                      • Instruction Fuzzy Hash: 2D21B121B8F29142EA14AB225D04BBBD642BB55FC4FC96031DE0D2BBA5EE3CE112C310
                                                                      Function 00007FF7A6A363A0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: f7b1018d95059be5f2472aeab238b1d50f2d05f474b142899e98b1aa8551e0f9
                                                                      • Instruction ID: e1f8f9530c573bcf572b8713621529107b2b1cd6011b6cc93a7c6341574ff849
                                                                      • Opcode Fuzzy Hash: f7b1018d95059be5f2472aeab238b1d50f2d05f474b142899e98b1aa8551e0f9
                                                                      • Instruction Fuzzy Hash: B431D226E0A60185E3587B548D85B7EA650AF80FA4FD60135EA2D033F2EF7CA4409331
                                                                      Function 00007FF7A6A37710 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a823532ccca3d227c5edd3d8410f9d75198228907886328e198eeacd7f4cfbb4
                                                                      • Instruction ID: 2f8daef99f244764bc15de3dbd913159a53a08be34d18271d483fc993a0fa3b0
                                                                      • Opcode Fuzzy Hash: a823532ccca3d227c5edd3d8410f9d75198228907886328e198eeacd7f4cfbb4
                                                                      • Instruction Fuzzy Hash: 1021E22AE0A64245E64A7F159C45B3EA650FF40FA0FD60534EA1D073E2EF7CE4419735
                                                                      Function 00007FF7A6A36A80 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5ba0a5105dcadc94e8368fa138fe4039e798ae2bbd3ceeeb6a5f08dce0d6a88e
                                                                      • Instruction ID: 1dddbd2203eb14a4b40fb183341209371b9f2c53104ac8957cf01d3e58b7a24c
                                                                      • Opcode Fuzzy Hash: 5ba0a5105dcadc94e8368fa138fe4039e798ae2bbd3ceeeb6a5f08dce0d6a88e
                                                                      • Instruction Fuzzy Hash: A321F366E0A64145E6497F159C85B7AA650BF40FB0FD61234FA2E0B3E3EE3CE4419730
                                                                      Function 00007FF7A6A30C68 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 71762e15dc803462ab9d729bb723aa1cf0c5538ee3f3f81ab0fb9a79e79d0e25
                                                                      • Instruction ID: 9b0cb55343dca1364df5ae8188e64a1eca1dfb8fd69606b278d66b423d0048e5
                                                                      • Opcode Fuzzy Hash: 71762e15dc803462ab9d729bb723aa1cf0c5538ee3f3f81ab0fb9a79e79d0e25
                                                                      • Instruction Fuzzy Hash: AB116226B0E64181EA68BF55980097BE264FF44F84FC64431EB8D5B6A6EF3CE5409760
                                                                      Function 00007FF7A6A40944 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 0f15acf2641b5d781a49305b0aeed29c104034390bdf68f53405848f399878a0
                                                                      • Instruction ID: 98ab8892bf0f5599d38dcf4a958bccbe1a103a99e5445a28c3deeebdb4711125
                                                                      • Opcode Fuzzy Hash: 0f15acf2641b5d781a49305b0aeed29c104034390bdf68f53405848f399878a0
                                                                      • Instruction Fuzzy Hash: B421D733709A4286E760AF18DC44B7AB6A0FB84F54F950234E6AD476EAEF3DD4008B10
                                                                      Function 00007FF7A6A342B4 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 450686711e36774b74e495128d3cbab4811d3647f709a350abe0e0b63df198b2
                                                                      • Instruction ID: 676428fd030bddfca5b5974258c61fbb1e2270011c9d89cbd998d92dcf3ae3c0
                                                                      • Opcode Fuzzy Hash: 450686711e36774b74e495128d3cbab4811d3647f709a350abe0e0b63df198b2
                                                                      • Instruction Fuzzy Hash: DA218335E06B018AEB58AF64C8446EDB7A0EB44B08F854539D60D03AD5EF38D445CBA0
                                                                      Function 00007FF7A6A2C020 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: dfbebf30cb48f738f0eabcbc411d10d919f2fa8ec73a96adcb798d315a66a38a
                                                                      • Instruction ID: 3d1b5d44610264c3c7f0a15ce0dfe71d5407338c8522e3534f253851a9837514
                                                                      • Opcode Fuzzy Hash: dfbebf30cb48f738f0eabcbc411d10d919f2fa8ec73a96adcb798d315a66a38a
                                                                      • Instruction Fuzzy Hash: 040108A2A8974141E648FB729D0047BE692BF85FE0F894631DE5C23BF6EE3CE4018310
                                                                      Function 00007FF7A6A319E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 51b7852ad6d3e1ea18aa602e2ac8dbf8fb480dd8518760ac015e68afcba4b6d8
                                                                      • Instruction ID: 65d317418f1ef48d00c66c67606cacecb8ec2de61ea391d1e7e5f94a924edef1
                                                                      • Opcode Fuzzy Hash: 51b7852ad6d3e1ea18aa602e2ac8dbf8fb480dd8518760ac015e68afcba4b6d8
                                                                      • Instruction Fuzzy Hash: B9119E29E0FA0240FA58BB126D4097BF2A0AF50F91FC64131E95D477E6FE2CE8418271
                                                                      Function 00007FF7A6A35B34 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 921391608e5ef47ff655efd2ab22c4f7aa06a97ebf2cc33185167e344bcbb9ec
                                                                      • Instruction ID: 533a75e4508bd07e960a67a1c89d273a923659cd6a4b2e9998d64dffb17b8133
                                                                      • Opcode Fuzzy Hash: 921391608e5ef47ff655efd2ab22c4f7aa06a97ebf2cc33185167e344bcbb9ec
                                                                      • Instruction Fuzzy Hash: 7111936AD0AA4685D608BF58C8486AEB760FF80B60FD24132E74D0A2F6FF7CD000D761
                                                                      Function 00007FF7A6A2BC60 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 06be05231f76c935d65af9bebe0bc1abd47ed3feba87a28fd483aff14bb5c5d4
                                                                      • Instruction ID: ce45dd3f71b3b350db45fd34c8bb620cb89e1ae45c059720cabcf5e6a48ad0b4
                                                                      • Opcode Fuzzy Hash: 06be05231f76c935d65af9bebe0bc1abd47ed3feba87a28fd483aff14bb5c5d4
                                                                      • Instruction Fuzzy Hash: 75017566E0B90242F9187B799C59B7B91519F45F68FD60230E91A562F3EE2CF4408320
                                                                      Function 00007FF7A6A2C528 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 39fe1003d176ee4d48b29ad3b5301aa0bb59fbdabfb0c8353a40247dfa2a15d6
                                                                      • Instruction ID: 9a302b016bc095b9b34075b38df531cbfee81218a1a52dc54946f2d25d8e22cf
                                                                      • Opcode Fuzzy Hash: 39fe1003d176ee4d48b29ad3b5301aa0bb59fbdabfb0c8353a40247dfa2a15d6
                                                                      • Instruction Fuzzy Hash: F3015E72E41B0598EB40EFB0D8418ED77B8FB14B58B950135DA4E13768EF34D5A5C390
                                                                      Function 00007FF7A6A2C0C8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: a4415b3269173f7f4f0bd62eee521d4367db5f901a5c1b6d994fb41293a57904
                                                                      • Instruction ID: 277d8c96aa0c322b0c0d24c1f4e7798217fdc16c8ba914252f042466ebf500ea
                                                                      • Opcode Fuzzy Hash: a4415b3269173f7f4f0bd62eee521d4367db5f901a5c1b6d994fb41293a57904
                                                                      • Instruction Fuzzy Hash: FDF0F661A8964140EB44BB76AC0142FE1529F85FE0F9A5530FA4A57BB6EE2CD4414720
                                                                      Function 00007FF7A6A2BCE4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: eb292ca8be196a59f928dbf214a93a74faa9c0c465ca53e9979e54a34e0e1708
                                                                      • Instruction ID: 5409bf3bb36cc0e4b03d4e922b36b1673e8a4ecb69a3b67f24e7c779cc156479
                                                                      • Opcode Fuzzy Hash: eb292ca8be196a59f928dbf214a93a74faa9c0c465ca53e9979e54a34e0e1708
                                                                      • Instruction Fuzzy Hash: 5AF0B462D8E50642E944BB78AC419BBA2819F40F68FEA1530EA19572F3FE2CE4418630
                                                                      Function 00007FF7A6A33028 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: fd7fdfe1bc42991355dbe33c27bd56e413128a1f4742185d729afad5f4142b2a
                                                                      • Instruction ID: 56590bdbb2c4b8a0b2ab33e02f35b65ea0da9b3ce87d6894dda7027768378849
                                                                      • Opcode Fuzzy Hash: fd7fdfe1bc42991355dbe33c27bd56e413128a1f4742185d729afad5f4142b2a
                                                                      • Instruction Fuzzy Hash: 2FE0E521A4F68240ED08BB75AC0157BA1109F45FF0F862730EA3E073F2FE2CE0404620
                                                                      Function 00007FF7A6A2FBC4 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalDeleteSection
                                                                      • String ID:
                                                                      • API String ID: 166494926-0
                                                                      • Opcode ID: 4fea0be15588f116d92a5dbeed7428abfbaf27576476f5b70882a86c28e36712
                                                                      • Instruction ID: 2e625a0ae041c1fa07a6c7851744ffd84e09139b63ec40f9a3da820d973ff83a
                                                                      • Opcode Fuzzy Hash: 4fea0be15588f116d92a5dbeed7428abfbaf27576476f5b70882a86c28e36712
                                                                      • Instruction Fuzzy Hash: 20F06558E0AD0281FF08BB69DC99B76D390EF94F44FC22031CA5E06272BE1CA4904233
                                                                      Function 00007FF7A6A31D2C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: e8c2cb6c7469af1ecb2381884d6423c7d4419c4711ca1e7c79af63e59482b421
                                                                      • Instruction ID: f402d3b997507ad7c89834b5ec6e6c13bf1febbd5ebfaf46efffdaa8b7800d99
                                                                      • Opcode Fuzzy Hash: e8c2cb6c7469af1ecb2381884d6423c7d4419c4711ca1e7c79af63e59482b421
                                                                      • Instruction Fuzzy Hash: 7CE0ECADE0A60643FB5C3AA44DCA97BA1649F15F90FC64034DA090A2B3FE1C6D886631
                                                                      Function 00007FF7A6A35A80 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 66960a070f14a194df4a92390411d70647c43af3b7a0c854f344bb937d68e411
                                                                      • Instruction ID: ea6b9024ed46e93c83be81a591f312f55bbf9e983263c0950b152020d2b5d403
                                                                      • Opcode Fuzzy Hash: 66960a070f14a194df4a92390411d70647c43af3b7a0c854f344bb937d68e411
                                                                      • Instruction Fuzzy Hash: 94D0A748E2B80743FA1CB3A65C8CC3382411F94F40FC90030CA0D41271BE1C54C01170
                                                                      Function 00007FF7A6A26060 Relevance: 1.3, APIs: 1, Instructions: 88sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A32B98: DeleteFileW.KERNELBASE ref: 00007FF7A6A32B9C
                                                                        • Part of subcall function 00007FF7A6A32B98: GetLastError.KERNEL32 ref: 00007FF7A6A32BA6
                                                                      • Sleep.KERNEL32(0000000100000000,00007FF7A6A25B4E,00000000,00007FF7A6A22B17), ref: 00007FF7A6A261AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteErrorFileLastSleep
                                                                      • String ID:
                                                                      • API String ID: 3792865491-0
                                                                      • Opcode ID: b78d09544a1c2360c197933b6e1784e06c7489f5d60d64a615ec18582603d111
                                                                      • Instruction ID: d4778432aa38a8dafb0f76fe3260916b3472bf1892cfea13ad330737f10f4f11
                                                                      • Opcode Fuzzy Hash: b78d09544a1c2360c197933b6e1784e06c7489f5d60d64a615ec18582603d111
                                                                      • Instruction Fuzzy Hash: 64418A16D1A7C582E651AB34D9017FD6361FBA5B44F86A231DB8D13263FF28B2C8C320
                                                                      Function 00007FF7A6A3961C Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF7A6A38771,?,?,00000000,00007FF7A6A35A69,?,?,?,?,00007FF7A6A35AA5), ref: 00007FF7A6A39671
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 57a5e57798029515ac976c20952ae9e0f14fe23b53065d1b827d9c5dd8c90519
                                                                      • Instruction ID: d6e45c5ff5aa03784cc886f5f3d5ecd1aa009c08ccf391062093ce6afd41296e
                                                                      • Opcode Fuzzy Hash: 57a5e57798029515ac976c20952ae9e0f14fe23b53065d1b827d9c5dd8c90519
                                                                      • Instruction Fuzzy Hash: BCF04F58F1B60381FE5D76A55D55AB782855F44F80F8E8434C90E866F6FF2CE4844270
                                                                      Function 00007FF7A6A37E44 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7A6A37DB2,?,?,?,00007FF7A6A2CFD7), ref: 00007FF7A6A37E82
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: cbacf42f6c434606945c3d8b81b52a6b030c9802bb7949b29a9da8bb99df4a57
                                                                      • Instruction ID: 4d3c60bde72be18a5d14870c17bea9d38f7010ba7d2c666b903b2ec022fee736
                                                                      • Opcode Fuzzy Hash: cbacf42f6c434606945c3d8b81b52a6b030c9802bb7949b29a9da8bb99df4a57
                                                                      • Instruction Fuzzy Hash: 78F05E09E1B30281FA6E36B15C40EB792815F46FA0F9A4630D92E452E2FE2CE8804134

                                                                      Non-executed Functions

                                                                      Function 00007FF7A6A24430 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                      • API String ID: 2238633743-1453502826
                                                                      • Opcode ID: 81945ac4d1c9dbb95268bd03c2f097683d94fe26ce32e0f9a3cc361da9eba93b
                                                                      • Instruction ID: 36a1eff4e65bc80383d27c3c449089d1d096028183c4eb4756165450a05a27f4
                                                                      • Opcode Fuzzy Hash: 81945ac4d1c9dbb95268bd03c2f097683d94fe26ce32e0f9a3cc361da9eba93b
                                                                      • Instruction Fuzzy Hash: BBE1C568A5FB4391EA1AEB14FC589B6A3A6EF46F44BC65431C90D062B4FF7CE544C230
                                                                      Function 00007FF7A6A3E4DC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                      • API String ID: 808467561-2761157908
                                                                      • Opcode ID: 5135e5703d37c5865472e7b2a2e93ec89a3dddd2b8ad30d1fe392de7e7542cd9
                                                                      • Instruction ID: 2c1c5c8ae528cb2d414ca767b24bbdcb7e551a639d7f09352c6ceaa836ba5bab
                                                                      • Opcode Fuzzy Hash: 5135e5703d37c5865472e7b2a2e93ec89a3dddd2b8ad30d1fe392de7e7542cd9
                                                                      • Instruction Fuzzy Hash: F1B20A76E192828BE7689F24D840FFEB7A1FB44B44F915136DA0D57AA4EF38E500CB50
                                                                      Function 00007FF7A6A26240 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(WideCharToMultiByte,00007FF7A6A21CD4,?,?,00000000,00007FF7A6A264D3), ref: 00007FF7A6A26267
                                                                      • FormatMessageW.KERNEL32 ref: 00007FF7A6A26296
                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF7A6A262EC
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                      • API String ID: 2383786077-2573406579
                                                                      • Opcode ID: dc4727422a37a02894a74cd336e2ee312bb4ca75c354a3049dbd56d3962054dc
                                                                      • Instruction ID: 4cf7bed591538f6943428486733e34ca6edf76d2193218053454d142851d0781
                                                                      • Opcode Fuzzy Hash: dc4727422a37a02894a74cd336e2ee312bb4ca75c354a3049dbd56d3962054dc
                                                                      • Instruction Fuzzy Hash: A0217171A0AA8282E721AB21EC54A7BA261FF98B84FC15135D64E526B4FF3CE505C720
                                                                      Function 00007FF7A6A27738 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                      • API String ID: 0-2665694366
                                                                      • Opcode ID: 66869773a93ff39642b1fe0734a5cc665f034a69a33067740397195052c0e900
                                                                      • Instruction ID: 89b0072e811b1afa57276ce7503d0aef65490ac507fea601f063387a117bcbb0
                                                                      • Opcode Fuzzy Hash: 66869773a93ff39642b1fe0734a5cc665f034a69a33067740397195052c0e900
                                                                      • Instruction Fuzzy Hash: EE523772A192A687D7959F24D848E7FB7AEFB84700F424139E649537E0EB3CD944CB10
                                                                      Function 00007FF7A6A2A348 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: d94639060063afa1d899b94e8cd31f04fef57491b3cbb55aa90edf4c43d56219
                                                                      • Instruction ID: aa92f14a75a441ddb129e7da736c20560db0214b96596e3d11da6554d145d41c
                                                                      • Opcode Fuzzy Hash: d94639060063afa1d899b94e8cd31f04fef57491b3cbb55aa90edf4c43d56219
                                                                      • Instruction Fuzzy Hash: D4316476605B818AE760AF64EC447EEB361FB84B48F854039DB4E57AA4EF3CD548C720
                                                                      Function 00007FF7A6A3C064 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 26269e3056d1f925b7a7667a3443d8932a568aa52e05f6313a22960a7162fdfa
                                                                      • Instruction ID: ce848e067501738393c6080bfd54355861ef0aa4dc479ed12094e8b80a3a533f
                                                                      • Opcode Fuzzy Hash: 26269e3056d1f925b7a7667a3443d8932a568aa52e05f6313a22960a7162fdfa
                                                                      • Instruction Fuzzy Hash: E1A1F766B1A68141EB54EB629C049BBE390FB44FD4F825132DE5E07BA4EF3CD4459320
                                                                      Function 00007FF7A6A3572C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: 89dd4c727fdbf041b383a489a74d35900f035f9cda0a6efefbf374b83f5cf37e
                                                                      • Instruction ID: 2f1b84cda14d49dd09717fe6da6d77ec35ba086fdafa812819b508d4f25cf47c
                                                                      • Opcode Fuzzy Hash: 89dd4c727fdbf041b383a489a74d35900f035f9cda0a6efefbf374b83f5cf37e
                                                                      • Instruction Fuzzy Hash: B7315E36619F8186D760DF25EC446AEB3A4FB84B58F950136EB9D43B64EF38C1458B10
                                                                      Function 00007FF7A6A36E94 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                      • String ID:
                                                                      • API String ID: 1443284424-0
                                                                      • Opcode ID: 8fcc9bebde8f2a519f1877469d9fdba70d2c88efaa41e7a30dba45e7d82c7fde
                                                                      • Instruction ID: 4c73db70f5c3db43ab62c9ff210502d7600e28adc3b71d70e3d94b7f45c41076
                                                                      • Opcode Fuzzy Hash: 8fcc9bebde8f2a519f1877469d9fdba70d2c88efaa41e7a30dba45e7d82c7fde
                                                                      • Instruction Fuzzy Hash: 88E13376B097818AE705DF64D8409AEBBB1FB45BC8F914132DE4E57BA8EE38D416C310
                                                                      Function 00007FF7A6A3FF1C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID: ?
                                                                      • API String ID: 1286766494-1684325040
                                                                      • Opcode ID: f5eb6d684dffabd74ec42e139fd823b653bef6b6df43b219e8c3657c0195292b
                                                                      • Instruction ID: b10c85d2fda3a54cfcb8413dfdb3d179227f7c85463850f6b8d9b15b9ed1c752
                                                                      • Opcode Fuzzy Hash: f5eb6d684dffabd74ec42e139fd823b653bef6b6df43b219e8c3657c0195292b
                                                                      • Instruction Fuzzy Hash: 76911426F1A65286EB24BF258C04A7BA651EF91FD4F964031EE5C07AE5EF3CD841C360
                                                                      Function 00007FF7A6A26F04 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                      • API String ID: 0-4074041902
                                                                      • Opcode ID: 3d8862f2d5b2443b23b128d21148e46018ccd4da962be764f44416533516f136
                                                                      • Instruction ID: 6825f50ed5f5094ed7b93be02576a4f76012a388d7ebd60dc4f2738fc9eb2294
                                                                      • Opcode Fuzzy Hash: 3d8862f2d5b2443b23b128d21148e46018ccd4da962be764f44416533516f136
                                                                      • Instruction Fuzzy Hash: 74F1D6B264938547E796AB25C888E3FBBAAFF44B40F464538EA4D173B0EB38D544C750
                                                                      Function 00007FF7A6A3E0B0 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1502251526-0
                                                                      • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                      • Instruction ID: 19d1b5d258711e842fc609a9eb7bbcddcddba0eef678f968108373cc6dde90a1
                                                                      • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                      • Instruction Fuzzy Hash: F9C13876B1928687DB28DF59E544A6BF791F788B84F858136DB4E43794EE3DE800CB00
                                                                      Function 00007FF7A6A294C0 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                      • API String ID: 0-3255898291
                                                                      • Opcode ID: d53abae9d5fbfeca9595b1b696d8b6dfc7085172eeed188670124711799d60a9
                                                                      • Instruction ID: 220bc4bd8e01f06f90d3d66dd680364d111a5ec27e4940c74483dbf847e4dbb3
                                                                      • Opcode Fuzzy Hash: d53abae9d5fbfeca9595b1b696d8b6dfc7085172eeed188670124711799d60a9
                                                                      • Instruction Fuzzy Hash: 26D18833A0D1C18BD3199F3AD844A7EBBE2E790B50F458139EA9A537E1EA3CD509C710
                                                                      Function 00007FF7A6A26D6D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: incorrect header check$invalid window size$unknown compression method
                                                                      • API String ID: 0-1186847913
                                                                      • Opcode ID: 61d1fc7ad880a7107d569ffd0a15ad3637e1b83e02328f62483173dd0baa07b2
                                                                      • Instruction ID: 316359a92b9acb2d9cee8ce780d4bf2ae1e6a18f42e220fedc567ab2523da6c2
                                                                      • Opcode Fuzzy Hash: 61d1fc7ad880a7107d569ffd0a15ad3637e1b83e02328f62483173dd0baa07b2
                                                                      • Instruction Fuzzy Hash: 2B910A72A5928587E7A5AF24CC88F3FB69EFB40740F524135EA49567B0EB38E544CB10
                                                                      Function 00007FF7A6A2742C Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $ $invalid block type
                                                                      • API String ID: 0-2056396358
                                                                      • Opcode ID: e59edf87a87379f740b5f140f6d0c5dd0e87f2c331ab9e96dce94e5c9633038d
                                                                      • Instruction ID: 20edb7578582e6096a0624df8134f0d17d53bc0082939f19543a1602556baa9a
                                                                      • Opcode Fuzzy Hash: e59edf87a87379f740b5f140f6d0c5dd0e87f2c331ab9e96dce94e5c9633038d
                                                                      • Instruction Fuzzy Hash: E361E5B294579A87E361AF29DC8CA3FBAADFB00740F924135D658527B0EF38D544CB10
                                                                      Function 00007FF7A6A388A8 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: gfffffff
                                                                      • API String ID: 3215553584-1523873471
                                                                      • Opcode ID: 8d90d700b4a1b45807e446e5a670b16c0da3c3e83a2a83c9e4e8ea986f9ab384
                                                                      • Instruction ID: a15464b303bcc99b191125c31be67fccd09cbe61c89b45b51d23879b37238760
                                                                      • Opcode Fuzzy Hash: 8d90d700b4a1b45807e446e5a670b16c0da3c3e83a2a83c9e4e8ea986f9ab384
                                                                      • Instruction Fuzzy Hash: C0913A6BF0A3C686EB19DF299810BAEA791EB51F84F468031CE4D57795EE3CE5018311
                                                                      Function 00007FF7A6A392B4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A392EA
                                                                        • Part of subcall function 00007FF7A6A35960: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7A6A3593D), ref: 00007FF7A6A35969
                                                                        • Part of subcall function 00007FF7A6A35960: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7A6A3593D), ref: 00007FF7A6A3598E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                      • String ID: -
                                                                      • API String ID: 4036615347-2547889144
                                                                      • Opcode ID: 83f3385a6ef3ed60ce5ca732621fdd2362f626efe79b400e66203910bb46e053
                                                                      • Instruction ID: f426bf22d37708d65e45f56cef643143a407ed7785b44d610395a888030448cb
                                                                      • Opcode Fuzzy Hash: 83f3385a6ef3ed60ce5ca732621fdd2362f626efe79b400e66203910bb46e053
                                                                      • Instruction Fuzzy Hash: 5C911566A0D78546E668EB259900B6BF791FB45F90F868235DA9D43BE8FF3CE4408700
                                                                      Function 00007FF7A6A43C08 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: 0f11ff126ad41615bc0d69963d610b27d96b95113ead3009a97e929908139c20
                                                                      • Instruction ID: d28fb3118e73ca0cd699ecf02e8ed7191df736c2d5d2edab078b473f13fa89cf
                                                                      • Opcode Fuzzy Hash: 0f11ff126ad41615bc0d69963d610b27d96b95113ead3009a97e929908139c20
                                                                      • Instruction Fuzzy Hash: 0EB16873612B848BEB15DF2ACC8A66977E0F784F48F558821DA6D837B8DB39D811C710
                                                                      Function 00007FF7A6A40A08 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 474895018-0
                                                                      • Opcode ID: 4f71b0fbb9d8eb909931bc0ec1c88114582a6e57bd33787b8b388d4e4dcd9af9
                                                                      • Instruction ID: c5673de59fbe525291db81b1e832ceb1196623c0065201426077c4d08cec886a
                                                                      • Opcode Fuzzy Hash: 4f71b0fbb9d8eb909931bc0ec1c88114582a6e57bd33787b8b388d4e4dcd9af9
                                                                      • Instruction Fuzzy Hash: 1F712C22B0A14285F7746B699C88A3BE281EF40B24F960635D67D476F1FE7DF841A630
                                                                      Function 00007FF7A6A2E548 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0
                                                                      • API String ID: 3215553584-4108050209
                                                                      • Opcode ID: 35e36023023a89cd1f003b4f8d839922e9be3bfe88826ffff255fa621aff65fe
                                                                      • Instruction ID: 51b0ac3396630fd35dc18b6c0446a987ca916f86959b65fcc3c13327b1bf121c
                                                                      • Opcode Fuzzy Hash: 35e36023023a89cd1f003b4f8d839922e9be3bfe88826ffff255fa621aff65fe
                                                                      • Instruction Fuzzy Hash: A4711915A9A24342EA64BB354850D7BA29BFF40F44FC65031DE4D276B5FF2DE8C38624
                                                                      Function 00007FF7A6A32BC0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: TMP
                                                                      • API String ID: 3215553584-3125297090
                                                                      • Opcode ID: 937a0f413824f5611abe788472caacdd40b03354494352834c9db2d82bc04b48
                                                                      • Instruction ID: c2b56bfe0c5331943a01e680d494777feb32743e50eacf1949ebfdd31fe3ccc9
                                                                      • Opcode Fuzzy Hash: 937a0f413824f5611abe788472caacdd40b03354494352834c9db2d82bc04b48
                                                                      • Instruction Fuzzy Hash: D661C019B0A64641FA6CBB266D1597BE291AF44FC4FDA8031DE1E477B5FE3CE4028220
                                                                      Function 00007FF7A6A2E05C Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0
                                                                      • API String ID: 3215553584-4108050209
                                                                      • Opcode ID: 6ec9706547c0233a292a55d5a5e35e43099abbb581ef8936d7683e49364c614e
                                                                      • Instruction ID: 4d551d4294ff30fa40e69a3cd3d60467d75d81438f25edb6996a0fd474c20a20
                                                                      • Opcode Fuzzy Hash: 6ec9706547c0233a292a55d5a5e35e43099abbb581ef8936d7683e49364c614e
                                                                      • Instruction Fuzzy Hash: 5971D921A8D24642FA68AB359800BBBD797BB51F44FC51131DD49273F9EE2DE8C28731
                                                                      Function 00007FF7A6A2E2E0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: 0
                                                                      • API String ID: 3215553584-4108050209
                                                                      • Opcode ID: cda445cf21e931d4b2dfedb9137467a87e22bea701e9e3cb8b3c137ae715e95c
                                                                      • Instruction ID: 4e18ea165dae9c01bc9969b7624989f5aa3492f853df581858eadf8124af51fd
                                                                      • Opcode Fuzzy Hash: cda445cf21e931d4b2dfedb9137467a87e22bea701e9e3cb8b3c137ae715e95c
                                                                      • Instruction Fuzzy Hash: 1E612911A8E14246FA746B395800BBBD78BBF41F44FC91031DD49772BAEE2DE8C68761
                                                                      Function 00007FF7A6A3DB40 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID:
                                                                      • API String ID: 54951025-0
                                                                      • Opcode ID: df20e70c5684a7ca3fadd5a9259bd3758c5f8cbe93e6c4961e3ccacd28762b85
                                                                      • Instruction ID: d7c0e9481aaded31f48f62197dcbb3253950cae15c8eabfb7536555a7a733ad2
                                                                      • Opcode Fuzzy Hash: df20e70c5684a7ca3fadd5a9259bd3758c5f8cbe93e6c4961e3ccacd28762b85
                                                                      • Instruction Fuzzy Hash: A4B09224E27A02C2EA093B616C8661562AA7F48B10FC640B9C60D41330EF3C20A55B61
                                                                      Function 00007FF7A6A28BC0 Relevance: .2, Instructions: 197COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64ac795dce2e0d822d75ba3a82e662bd5b09bac69418b8bc28ed5f77f309344b
                                                                      • Instruction ID: 753f0cb672d6578c7f74bb3be1003cc93e8aded0137f287c92483738b3254e69
                                                                      • Opcode Fuzzy Hash: 64ac795dce2e0d822d75ba3a82e662bd5b09bac69418b8bc28ed5f77f309344b
                                                                      • Instruction Fuzzy Hash: 2771A2B37301749BEB648B2E9514EA93390F36A749FC16115EB8457B81CF3EB921CB50
                                                                      Function 00007FF7A6A306E0 Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                      • Instruction ID: 8c610869f41d90deaa70131b0e30bb5ceaa60345b14abe1f4555b3902ab07107
                                                                      • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                      • Instruction Fuzzy Hash: 8741CD5AE0BA4E45ED9D591C0D00E77AA80EF62FA0DD653B0DDB9137F7FD0C65468120
                                                                      Function 00007FF7A6A34660 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 76f9e63168e0e5765979036a08b7c7e7cd3c9fe956c9585d440730273ae7f839
                                                                      • Instruction ID: dda8fb620fdaa35a53bab5c68977d38fee8a1a4985bf994552a33442a13443fb
                                                                      • Opcode Fuzzy Hash: 76f9e63168e0e5765979036a08b7c7e7cd3c9fe956c9585d440730273ae7f839
                                                                      • Instruction Fuzzy Hash: 2641D526715A5482EF48DF2ADE1456AB391F748FD4B8A9033DE4D97BA8EE3CD1458300
                                                                      Function 00007FF7A6A43A50 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e445b5f0b7a1e8a8362f794c682a42be9a5a1af74d248adbc764078cc7d0ac66
                                                                      • Instruction ID: 3a5cbbe4e3116473b66e66c678dc7dfc4ca0d5d6b8286ce21aaacdd2e1e38d9c
                                                                      • Opcode Fuzzy Hash: e445b5f0b7a1e8a8362f794c682a42be9a5a1af74d248adbc764078cc7d0ac66
                                                                      • Instruction Fuzzy Hash: 60F06871B292558ADB959F29AC02E2AB7D1F708780FC08139D69D83B14D63CD0518F14
                                                                      Function 00007FF7A6A2A4F0 Relevance: .0, Instructions: 2COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4e662a724950175ddba0b83013d5e025ef84742ef17065b50b6c881308f0b8a
                                                                      • Instruction ID: 0593396537e0eb0a9fe5f0cae68c2a80a32054e23ecbe9b79ce4bf8f910c83c6
                                                                      • Opcode Fuzzy Hash: b4e662a724950175ddba0b83013d5e025ef84742ef17065b50b6c881308f0b8a
                                                                      • Instruction Fuzzy Hash: 1EA00121A8EC02E0E644AB14AC54822A261EB64B00B820031D20D918B0BF2CA4808220
                                                                      Function 00007FF7A6A22EB0 Relevance: 285.7, APIs: 54, Strings: 109, Instructions: 443libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                      • API String ID: 190572456-139387903
                                                                      • Opcode ID: dc93eb56afa1ac3eb55b6619f8089903c8935a60c7c129769dc6452b81d921f1
                                                                      • Instruction ID: f6fcc6b228cdf7d2d45dd9745567bde3e705a2f8e2bb02cea290e509160170e8
                                                                      • Opcode Fuzzy Hash: dc93eb56afa1ac3eb55b6619f8089903c8935a60c7c129769dc6452b81d921f1
                                                                      • Instruction Fuzzy Hash: 3F32CB6494FF0390EA5AEB24AC58976A3A66F56F44FC66035C80E16378FF7CF548D220
                                                                      Function 00007FF7A6A26730 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF7A6A2676C
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                      • API String ID: 203985260-1562484376
                                                                      • Opcode ID: ed3d7a31ad5a3a4abe10b63b9dd01ca8b3c3f3f9781ecb920d9e271af2c7e101
                                                                      • Instruction ID: db891ef61726a1e290e17db2c10475612085124f746c21b750ab7a8edd6843be
                                                                      • Opcode Fuzzy Hash: ed3d7a31ad5a3a4abe10b63b9dd01ca8b3c3f3f9781ecb920d9e271af2c7e101
                                                                      • Instruction Fuzzy Hash: A341B121A4FA4282E624FF21AC5087BE292AF94FD4FC24535D94E53AB5FF3CE5058720
                                                                      Function 00007FF7A6A212B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                      • API String ID: 0-3659356012
                                                                      • Opcode ID: 191c4d1286c2d507cbdea68ce74e05e9822d8713982e38ae6987b4727cb1b373
                                                                      • Instruction ID: 5d82745733668cfb1ed8a6575eb492bf2ab1e82680c5a3de545c7337bcb6b8d3
                                                                      • Opcode Fuzzy Hash: 191c4d1286c2d507cbdea68ce74e05e9822d8713982e38ae6987b4727cb1b373
                                                                      • Instruction Fuzzy Hash: A5416261A8AA4281EA14EB21AC40ABBE362BB44FD4FD64431DB4D17A75FE3CE941C710
                                                                      Function 00007FF7A6A26390 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A2642F
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A2647F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 626452242-27947307
                                                                      • Opcode ID: 631eb9eda379c7e2f9d466f2ba3bf09115a1a687e3f8b83c70b561f7d9cad026
                                                                      • Instruction ID: 18fa7283f09f22a400db301dbfa04fe16602ec9617d6a6d692ab8cd915f182bb
                                                                      • Opcode Fuzzy Hash: 631eb9eda379c7e2f9d466f2ba3bf09115a1a687e3f8b83c70b561f7d9cad026
                                                                      • Instruction Fuzzy Hash: 0341B13260AB8282D620EF21AC5096BF6A6FB94F94F955135DE8D53BB4EF3CE011C710
                                                                      Function 00007FF7A6A26A00 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A6A22CC5,?,?,?,?,?,?), ref: 00007FF7A6A26A41
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00007FF7A6A22CC5,?,?,?,?,?,?), ref: 00007FF7A6A26AB5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 1717984340-27947307
                                                                      • Opcode ID: 42b3635f9ea750405011b02fa525a1c7483e27d9b36f0c0a5d852ab252900748
                                                                      • Instruction ID: 20522780336ab7f2af7a88a0c6b50b2addc046417ce7df7f7a2a469b1efab9ec
                                                                      • Opcode Fuzzy Hash: 42b3635f9ea750405011b02fa525a1c7483e27d9b36f0c0a5d852ab252900748
                                                                      • Instruction Fuzzy Hash: 4721AD24A0BB8285EB11EF66AC4447AB262FB94FD0BD58135CA4E537B5FF3CE5018320
                                                                      Function 00007FF7A6A26AF0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 626452242-876015163
                                                                      • Opcode ID: 76142344d5112d33f35ea5bd96bf1fd8e7733e90fa03dc8b5632f1c8fa359c7c
                                                                      • Instruction ID: 329722a6bdffb876f19eb4f1c89321d9e227386c82472471bed26e3aa1537ec7
                                                                      • Opcode Fuzzy Hash: 76142344d5112d33f35ea5bd96bf1fd8e7733e90fa03dc8b5632f1c8fa359c7c
                                                                      • Instruction Fuzzy Hash: 2041C632A4BA4282EA10EF25AC4093BB6A2FB54F90F911135DE4D57BB4EF3CE4118710
                                                                      Function 00007FF7A6A2B840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8C5
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8D3
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8FD
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B943
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B94F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: 48b67a74d85e31ea8ec5d20d3c27ddec44294363bcc338e396e2b3cfbbcdd5fe
                                                                      • Instruction ID: 44475ae4e06f8e82f66c96dd16599941b15907c6e4f2694c4f06bde8f87c3c87
                                                                      • Opcode Fuzzy Hash: 48b67a74d85e31ea8ec5d20d3c27ddec44294363bcc338e396e2b3cfbbcdd5fe
                                                                      • Instruction Fuzzy Hash: E531C562B0BA4286EE11AB22AC00D76A295BF55FA8FDB0535DE1D17770FF3CE0508320
                                                                      Function 00007FF7A6A25210 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A268F0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7A6A2555F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7A6A2526F
                                                                      Strings
                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7A6A25246
                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7A6A25283
                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7A6A252CA
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                      • API String ID: 2001182103-3498232454
                                                                      • Opcode ID: a915d47029cd163dbb838478700ec880293b1b813550357f57697966ae71f22b
                                                                      • Instruction ID: 5ec2c70517d5273e7b525bc4ea612b0ab951668572ad1d915433a2425b6d5bd8
                                                                      • Opcode Fuzzy Hash: a915d47029cd163dbb838478700ec880293b1b813550357f57697966ae71f22b
                                                                      • Instruction Fuzzy Hash: 0D31D951B5BB8241FA25B7319D15ABBD192BF88F80FC60431DB0E526F6FE2CE1048720
                                                                      Function 00007FF7A6A268F0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A269B0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 1717984340-876015163
                                                                      • Opcode ID: 0870da9e4951e7fa38aa5ce430741f419adac88641d4e744ac880e3cad0a5975
                                                                      • Instruction ID: 62d7794163218d92b918af89f13480e92f08b12a6850726365a8708f8226f61b
                                                                      • Opcode Fuzzy Hash: 0870da9e4951e7fa38aa5ce430741f419adac88641d4e744ac880e3cad0a5975
                                                                      • Instruction Fuzzy Hash: 2C219325B0AA8281EB11EB29FC0046BE761EB88FD4B994531DB4C53B79FF2CE5518710
                                                                      Function 00007FF7A6A42270 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: fc392f1567531fa86754e541b5fcc04d2ff0fad43ebd2cc75bddb2e1eaad764e
                                                                      • Instruction ID: a031df2e46fa0ce2279cf05c481417f25e2756a6103d013ba3e8bec34ac36694
                                                                      • Opcode Fuzzy Hash: fc392f1567531fa86754e541b5fcc04d2ff0fad43ebd2cc75bddb2e1eaad764e
                                                                      • Instruction Fuzzy Hash: 6A119A21B15B4186E750EB12EC54B26F2A0FB88FE4F854234EA1E477A4EF7CD4048750
                                                                      Function 00007FF7A6A343BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: e93266dcea166d612d818a2edff697e83dd5ae4dc9f6bd616123d7cc6ba02ee9
                                                                      • Instruction ID: 2c3d3e09389676bc68506dff892852a78868e7028192c3aedfd478136d4676be
                                                                      • Opcode Fuzzy Hash: e93266dcea166d612d818a2edff697e83dd5ae4dc9f6bd616123d7cc6ba02ee9
                                                                      • Instruction Fuzzy Hash: 78F03065A1AA0282EB586F20EC98B76D350EF84F44FC51035D60F465B0EF2CE449C360
                                                                      Function 00007FF7A6A43844 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                      • Instruction ID: 3d77bbef826ce88f34598f582180e1c4b27f678f33a39fe4be3490279779d84f
                                                                      • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                      • Instruction Fuzzy Hash: 1011E723E3EA0341F794312ADC4EF77D1516F54B70FD60634E67E8A2F6AE1CA8409120
                                                                      Function 00007FF7A6A3A938 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                      • API String ID: 3215553584-1196891531
                                                                      • Opcode ID: c60e05274d3109d8fd3f9b3f686c63b75af6245fcdfb98a794533f2570cef41d
                                                                      • Instruction ID: 720c6b57191a5351abab92c437ec7080d40b171b79bbcd156c3b29056721d34a
                                                                      • Opcode Fuzzy Hash: c60e05274d3109d8fd3f9b3f686c63b75af6245fcdfb98a794533f2570cef41d
                                                                      • Instruction Fuzzy Hash: 6081C67AE0E22285F66CAF158E14A3AF691EB01F44FD78031CB09572A5FF2DE8419321
                                                                      Function 00007FF7A6A22C60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7A6A2275B,?,?,?,?,?,?), ref: 00007FF7A6A22C91
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastModuleName
                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                      • API String ID: 2776309574-1977442011
                                                                      • Opcode ID: 87a8705a71be8bac1c58a54735afe9ab2fe4102df686a5b3afbc03ee6a31a1d9
                                                                      • Instruction ID: 075fd2c6e540535d615a18cb3fb56d03c9fb02ea70c22a3de2efedf8bc13ab97
                                                                      • Opcode Fuzzy Hash: 87a8705a71be8bac1c58a54735afe9ab2fe4102df686a5b3afbc03ee6a31a1d9
                                                                      • Instruction Fuzzy Hash: 8F019E20F5A64280FA61B731DC06BB79292BF48FC4FC20031D94E966B6FE1CF5458620
                                                                      Function 00007FF7A6A40C9C Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                      • String ID:
                                                                      • API String ID: 72036449-0
                                                                      • Opcode ID: d9c2c809c88bc492fb083569f0100690a84594dd7041139d92feabbe1811d0c6
                                                                      • Instruction ID: 66a60b86618b2cf777d0592809b114de0253663d5b248ba4426695bdf0c8f599
                                                                      • Opcode Fuzzy Hash: d9c2c809c88bc492fb083569f0100690a84594dd7041139d92feabbe1811d0c6
                                                                      • Instruction Fuzzy Hash: B451B436F0A60286F7697B288C4DB7BE580DF41F14F9B4434CA29472F5EE2CB844A661
                                                                      Function 00007FF7A6A30004 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 2780335769-0
                                                                      • Opcode ID: 90fdda550965b32b3b7c957f91a0516d48632c54475047bf9b5b79af1da324ef
                                                                      • Instruction ID: a26bc6217ae7c369a5b8cfeaff9e4c274c926a224ba886674348f48600a6a829
                                                                      • Opcode Fuzzy Hash: 90fdda550965b32b3b7c957f91a0516d48632c54475047bf9b5b79af1da324ef
                                                                      • Instruction Fuzzy Hash: 5E518E36F156418AFB18EFB1DC407BEA3A1AB48F58F964035DE1D476A8EF38D4808720
                                                                      Function 00007FF7A6A2D544 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-3916222277
                                                                      • Opcode ID: 1e1894c4c3544f461e59bbb75904bac24adf1519518dc8a0871db6d9d3103edf
                                                                      • Instruction ID: c19ba9192702d056a55f08c288f655311e329a15ed5380055c366678eec6a609
                                                                      • Opcode Fuzzy Hash: 1e1894c4c3544f461e59bbb75904bac24adf1519518dc8a0871db6d9d3103edf
                                                                      • Instruction Fuzzy Hash: 48519C7295A7428AE754BF388888B7E77A2FB05F08F961135C64E651F6EF2CD441C620
                                                                      Function 00007FF7A6A38D18 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: e+000$gfff
                                                                      • API String ID: 3215553584-3030954782
                                                                      • Opcode ID: f2ef97ede86aa8eee10bf5478062767104e26b14947423ac8017f2fab54ddb4b
                                                                      • Instruction ID: dbccecc948f906376fc15ec3be571c3c9e6bbcfdcbf600bdcf3297b491649178
                                                                      • Opcode Fuzzy Hash: f2ef97ede86aa8eee10bf5478062767104e26b14947423ac8017f2fab54ddb4b
                                                                      • Instruction Fuzzy Hash: 5A51696AB097C186E7299F399C4076AAB91EB51F90F898231C79C47BE5EF3CD444C710
                                                                      Function 00007FF7A6A23B10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: mbstowcs
                                                                      • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                      • API String ID: 103190477-3625900369
                                                                      • Opcode ID: bcd61dd821da803962b1f1ba9e065e8049a65d674304a6f13a37fcec16c87603
                                                                      • Instruction ID: b6557e780a5a0e99dab5a915a349e357914305c5d306316892ee6abbb608a75c
                                                                      • Opcode Fuzzy Hash: bcd61dd821da803962b1f1ba9e065e8049a65d674304a6f13a37fcec16c87603
                                                                      • Instruction Fuzzy Hash: CD518E21A4A60241EB18BB35DC15ABBA392AF85F90FC24131DA4D573F7EE7DE8408760
                                                                      Function 00007FF7A6A33988 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
                                                                      • String ID: C:\Users\user\Desktop\X4KSeQkYJT.exe
                                                                      • API String ID: 13503096-2953279689
                                                                      • Opcode ID: 752ce648645f7722b784940400a52af70b67ee63b6819138c0067cd9ff4e394d
                                                                      • Instruction ID: 94625245f53c91a612db219a2a8857b6f7a12a945baaa3c11a35cf46ed8df4a0
                                                                      • Opcode Fuzzy Hash: 752ce648645f7722b784940400a52af70b67ee63b6819138c0067cd9ff4e394d
                                                                      • Instruction Fuzzy Hash: C641C539A0EB5286EB1CFF15AC418BEA794EF44F80BC65035EA0E43765EE3DD4418360
                                                                      Function 00007FF7A6A375A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 10171db44824e7aed66aadb47685b839cf68eb4b5ed4ffdec3fa763084f2c821
                                                                      • Instruction ID: 526f12ef3ad16fd8a79d49a1d207ec2c2bb462ad46256b8d05b8cc83cc5083a8
                                                                      • Opcode Fuzzy Hash: 10171db44824e7aed66aadb47685b839cf68eb4b5ed4ffdec3fa763084f2c821
                                                                      • Instruction Fuzzy Hash: EC41B432B1AB4182D7119F25E8547AAA761FB84B94FC14031EE4D877A4EF3CD441C754
                                                                      Function 00007FF7A6A39DCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID: :
                                                                      • API String ID: 1611563598-336475711
                                                                      • Opcode ID: d2de1e348a014b5bd4205875b34cf791d758c1a6e89a378d35769e779a0e5cef
                                                                      • Instruction ID: 49124165707eccda3e0ad5fac3595e0faa89910109b2efda3295e337e03184e0
                                                                      • Opcode Fuzzy Hash: d2de1e348a014b5bd4205875b34cf791d758c1a6e89a378d35769e779a0e5cef
                                                                      • Instruction Fuzzy Hash: 0321E476A0974181EB28AB15D84866FB3A2FB88F44FD68035D68D032A4FF7CE945C760
                                                                      Function 00007FF7A6A39B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Stringtry_get_function
                                                                      • String ID: LCMapStringEx
                                                                      • API String ID: 2588686239-3893581201
                                                                      • Opcode ID: 3f234b750bb92135ac9219f32761e9075403fa9e411f89d648a1ab2314d2fb3a
                                                                      • Instruction ID: e1219de0bf5c6cfc9da3da482b35e50c67b23d3bd5f4fc8ffe9bb9f00772e213
                                                                      • Opcode Fuzzy Hash: 3f234b750bb92135ac9219f32761e9075403fa9e411f89d648a1ab2314d2fb3a
                                                                      • Instruction Fuzzy Hash: 74113E35608B8186D764DB06F8406AAB7A0FBC9B90F544136EE8D43B29EF3CD4408B40
                                                                      Function 00007FF7A6A398F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CompareStringtry_get_function
                                                                      • String ID: CompareStringEx
                                                                      • API String ID: 3328479835-2590796910
                                                                      • Opcode ID: a838e128e0648ed7ac64152a332a0c27ddcf91e5e1ecd772518943caff99cc0e
                                                                      • Instruction ID: e95aa8d02e8ff17d32db7d7379bc9e0fa861e030212fcd4283f852f30f51ede8
                                                                      • Opcode Fuzzy Hash: a838e128e0648ed7ac64152a332a0c27ddcf91e5e1ecd772518943caff99cc0e
                                                                      • Instruction Fuzzy Hash: E2113E36A09B8086D764DB05F8406AAF7A0FBC8B80F544136EE8D43B29EF3CD4408B40
                                                                      Function 00007FF7A6A3A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: :
                                                                      • API String ID: 3215553584-336475711
                                                                      • Opcode ID: a7a626b1d5751b2d450cbbf5567bd50dec9d39dc7df76c83fe3caaf000a3f2e8
                                                                      • Instruction ID: 6e6d292b507fd2e3e4dcb0a8e0af0bb71e58f329fab0ddcf1ca2ff125208cd94
                                                                      • Opcode Fuzzy Hash: a7a626b1d5751b2d450cbbf5567bd50dec9d39dc7df76c83fe3caaf000a3f2e8
                                                                      • Instruction Fuzzy Hash: 5801FD6690960282F725BF60A856A7FB3A0EF48B08FC20035D60E462A1EF3CE1058A30
                                                                      Function 00007FF7A6A39B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7A6A39B31
                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7A6A35DC2,?,?,?,00007FF7A6A35CBA,?,?,?,00007FF7A6A30C12,?,?,00000000,00007FF7A6A22DC9), ref: 00007FF7A6A39B4B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                      • String ID: InitializeCriticalSectionEx
                                                                      • API String ID: 539475747-3084827643
                                                                      • Opcode ID: b929dc42092f35f016c8f057b941594f84494b0272d52cf8ffd568bc45711183
                                                                      • Instruction ID: 2e7d27a3ca3d5f910b04e7c0c8dba746f34f2f9f57d50aeb62fdf3423cabee95
                                                                      • Opcode Fuzzy Hash: b929dc42092f35f016c8f057b941594f84494b0272d52cf8ffd568bc45711183
                                                                      • Instruction Fuzzy Hash: 5DF05425A1AB5582EB18AF45EC44866E660AF48F80FC69035EA0E07B75EE3CE445C760
                                                                      Function 00007FF7A6A39AAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • try_get_function.LIBVCRUNTIME ref: 00007FF7A6A39AD5
                                                                      • TlsSetValue.KERNEL32(?,?,00000000,00007FF7A6A3875E,?,?,00000000,00007FF7A6A35A69,?,?,?,?,00007FF7A6A35AA5), ref: 00007FF7A6A39AEC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000002.00000002.1931816753.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000002.00000002.1931801330.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931839235.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931857309.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000002.00000002.1931889180.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_2_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Valuetry_get_function
                                                                      • String ID: FlsSetValue
                                                                      • API String ID: 738293619-3750699315
                                                                      • Opcode ID: 5dde6b23c2d2b7f7722d2134d32b485084670fcb74384cd5928eaa7145abe1a3
                                                                      • Instruction ID: 8444d2af742a5a8ec33a6a4f17c913907b9b0783c7748345eade4fdfe66fb28d
                                                                      • Opcode Fuzzy Hash: 5dde6b23c2d2b7f7722d2134d32b485084670fcb74384cd5928eaa7145abe1a3
                                                                      • Instruction Fuzzy Hash: 5BE06565E0A54291EB087B55EC448B7A261AF48F80FDA8036DA0E0A275FE3CE445C220

                                                                      Execution Graph

                                                                      Execution Coverage:4.5%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:839
                                                                      Total number of Limit Nodes:24
                                                                      execution_graph 28312 7ffe13331000 WSAStartup 28313 7ffe13331050 Py_AtExit 28312->28313 28317 7ffe13333158 28312->28317 28314 7ffe133310f4 PyModule_Create2 28313->28314 28319 7ffe13331070 28313->28319 28315 7ffe13331120 PyModule_AddObject PyErr_NewException 28314->28315 28316 7ffe13332177 28314->28316 28315->28316 28321 7ffe1333116a PyModule_AddObject PyErr_NewException 28315->28321 28349 7ffe133322e0 8 API calls 2 library calls 28316->28349 28318 7ffe1333318c PyErr_SetString 28317->28318 28322 7ffe1333316c PyErr_Format 28317->28322 28324 7ffe133331b2 PyErr_NoMemory 28318->28324 28323 7ffe1333108f VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 28319->28323 28321->28316 28325 7ffe133311aa PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 28321->28325 28322->28318 28323->28314 28324->28316 28337 7ffe133331c1 28324->28337 28325->28316 28327 7ffe13331203 PyModule_AddObject 28325->28327 28327->28316 28330 7ffe13331225 PyModule_AddObject PyMem_Malloc 28327->28330 28328 7ffe13332189 28329 7ffe13333208 _Py_Dealloc 28329->28316 28330->28324 28331 7ffe13331256 PyCapsule_New 28330->28331 28332 7ffe133312a5 PyModule_AddObject 28331->28332 28333 7ffe133331c3 28331->28333 28335 7ffe133312c0 150 API calls 28332->28335 28336 7ffe133331d6 28332->28336 28350 7ffe13334b60 _Py_Dealloc _Py_Dealloc _Py_Dealloc PyMem_Free 28333->28350 28338 7ffe13331fd2 PyLong_FromUnsignedLong 28335->28338 28336->28337 28339 7ffe133331db _Py_Dealloc 28336->28339 28337->28316 28337->28329 28338->28316 28340 7ffe13331fe3 PyModule_AddObject 28338->28340 28339->28337 28340->28338 28341 7ffe13332003 PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_AddIntConstant PyModule_GetDict 28340->28341 28341->28337 28342 7ffe1333206a VerSetConditionMask VerSetConditionMask VerSetConditionMask 28341->28342 28343 7ffe133320e7 VerifyVersionInfoA 28342->28343 28343->28316 28344 7ffe13332104 PyUnicode_FromString 28343->28344 28344->28337 28345 7ffe13332128 _PyDict_Pop 28344->28345 28346 7ffe13332144 _Py_Dealloc 28345->28346 28347 7ffe1333214d 28345->28347 28346->28347 28347->28316 28347->28337 28347->28343 28348 7ffe133331ef _Py_Dealloc 28347->28348 28348->28337 28349->28328 28351 7ff7a6a2c0c8 28352 7ff7a6a2c0ea 28351->28352 28353 7ff7a6a2c10d 28351->28353 28365 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28352->28365 28353->28352 28354 7ff7a6a2c112 28353->28354 28364 7ff7a6a2fc20 EnterCriticalSection 28354->28364 28357 7ff7a6a2c0ef 28366 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28357->28366 28358 7ff7a6a2c117 28360 7ff7a6a2c218 59 API calls 28358->28360 28362 7ff7a6a2c126 28360->28362 28361 7ff7a6a2c0fa 28363 7ff7a6a2fc2c _fread_nolock LeaveCriticalSection 28362->28363 28363->28361 28365->28357 28366->28361 28367 7ff7a6a33028 28368 7ff7a6a3305e 28367->28368 28369 7ff7a6a3303f 28367->28369 28379 7ff7a6a2fc20 EnterCriticalSection 28368->28379 28380 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28369->28380 28372 7ff7a6a33044 28381 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28372->28381 28373 7ff7a6a33063 28375 7ff7a6a3307c 31 API calls 28373->28375 28377 7ff7a6a3306c 28375->28377 28376 7ff7a6a3304f 28378 7ff7a6a2fc2c _fread_nolock LeaveCriticalSection 28377->28378 28378->28376 28380->28372 28381->28376 28382 7ff7a6a28268 28383 7ff7a6a275a7 28382->28383 28385 7ff7a6a27623 28383->28385 28386 7ff7a6a287c0 28383->28386 28387 7ff7a6a287fb memcpy_s 28386->28387 28388 7ff7a6a287e5 28386->28388 28387->28385 28390 7ff7a6a37e44 28388->28390 28391 7ff7a6a37e8f 28390->28391 28395 7ff7a6a37e53 _invalid_parameter_noinfo 28390->28395 28398 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28391->28398 28392 7ff7a6a37e76 HeapAlloc 28394 7ff7a6a37e8d 28392->28394 28392->28395 28394->28387 28395->28391 28395->28392 28397 7ff7a6a3dc2c EnterCriticalSection LeaveCriticalSection _invalid_parameter_noinfo 28395->28397 28397->28395 28398->28394 28399 7ffe1a46164c 28400 7ffe1a46167e 28399->28400 28401 7ffe1a4669eb 28400->28401 28402 7ffe1a46168a _PyObject_LookupAttrId 28400->28402 28402->28401 28403 7ffe1a4616aa 28402->28403 28404 7ffe1a4668fa PyErr_SetString 28403->28404 28406 7ffe1a4616cf PyUnicode_AsUTF8AndSize 28403->28406 28407 7ffe1a4669c3 28404->28407 28406->28407 28408 7ffe1a4616e6 28406->28408 28410 7ffe1a4669d6 _Py_Dealloc 28407->28410 28435 7ffe1a461912 28407->28435 28408->28404 28409 7ffe1a4616f2 strchr 28408->28409 28411 7ffe1a466920 PyErr_Format 28409->28411 28412 7ffe1a46170b 28409->28412 28410->28435 28411->28407 28412->28411 28415 7ffe1a46171f 28412->28415 28413 7ffe1a4669e5 _Py_Dealloc 28413->28401 28441 7ffe1a461cf8 PyThreadState_Get _PyObject_MakeTpCall _Py_CheckFunctionResult 28415->28441 28417 7ffe1a46172b 28417->28407 28442 7ffe1a46198c PyMem_Malloc PyErr_NoMemory 28417->28442 28419 7ffe1a46177f 28420 7ffe1a466953 28419->28420 28421 7ffe1a46178f PyDict_Update 28419->28421 28423 7ffe1a466962 28420->28423 28424 7ffe1a466959 _Py_Dealloc 28420->28424 28422 7ffe1a4617bf 28421->28422 28421->28423 28426 7ffe1a4617d3 _Py_Dealloc 28422->28426 28427 7ffe1a4617d9 28422->28427 28425 7ffe1a466975 _Py_Dealloc 28423->28425 28423->28435 28424->28423 28425->28435 28426->28427 28429 7ffe1a461822 28427->28429 28430 7ffe1a46191e PyDescr_NewClassMethod 28427->28430 28428 7ffe1a461835 28429->28428 28429->28435 28443 7ffe1a461420 11 API calls 28429->28443 28431 7ffe1a46193e PyDict_SetItemString 28430->28431 28430->28435 28431->28429 28433 7ffe1a46698e _Py_Dealloc 28431->28433 28436 7ffe1a46699d _Py_Dealloc 28433->28436 28434 7ffe1a461878 28434->28435 28437 7ffe1a46188c PyObject_SetAttrString PyObject_SetAttrString PyObject_SetAttrString PyObject_SetAttrString 28434->28437 28435->28401 28435->28413 28436->28404 28444 7ffe1a463930 PyMem_Malloc PyErr_NoMemory 28437->28444 28439 7ffe1a4618f1 28439->28436 28440 7ffe1a461903 PyErr_Occurred 28439->28440 28440->28428 28440->28435 28441->28417 28442->28419 28443->28434 28444->28439 28445 7ff7a6a36a80 28446 7ff7a6a36aa9 28445->28446 28447 7ff7a6a36ac1 28445->28447 28470 7ff7a6a35a40 13 API calls _invalid_parameter_noinfo 28446->28470 28448 7ff7a6a36b3b 28447->28448 28453 7ff7a6a36af2 28447->28453 28472 7ff7a6a35a40 13 API calls _invalid_parameter_noinfo 28448->28472 28451 7ff7a6a36aae 28471 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28451->28471 28452 7ff7a6a36b40 28473 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28452->28473 28469 7ff7a6a32264 EnterCriticalSection 28453->28469 28457 7ff7a6a36ab6 28458 7ff7a6a36b48 28474 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28458->28474 28459 7ff7a6a36af9 28461 7ff7a6a36b0a 28459->28461 28462 7ff7a6a36b1f 28459->28462 28463 7ff7a6a35a60 _set_fmode 13 API calls 28461->28463 28464 7ff7a6a36b70 32 API calls 28462->28464 28465 7ff7a6a36b0f 28463->28465 28467 7ff7a6a36b1a 28464->28467 28466 7ff7a6a35a40 _fread_nolock 13 API calls 28465->28466 28466->28467 28468 7ff7a6a3234c _fread_nolock LeaveCriticalSection 28467->28468 28468->28457 28470->28451 28471->28457 28472->28452 28473->28458 28474->28457 28475 7ff7a6a29bb4 28496 7ff7a6a2a01c 28475->28496 28478 7ff7a6a29d0b 28601 7ff7a6a2a348 7 API calls 2 library calls 28478->28601 28479 7ff7a6a29bd5 __scrt_acquire_startup_lock 28481 7ff7a6a29d15 28479->28481 28486 7ff7a6a29bf3 __scrt_release_startup_lock 28479->28486 28602 7ff7a6a2a348 7 API calls 2 library calls 28481->28602 28483 7ff7a6a29c18 28484 7ff7a6a29d20 28485 7ff7a6a29c9e 28504 7ff7a6a340b0 28485->28504 28486->28483 28486->28485 28598 7ff7a6a3444c 33 API calls 28486->28598 28489 7ff7a6a29ca3 28510 7ff7a6a21000 28489->28510 28493 7ff7a6a29cc7 28493->28484 28600 7ff7a6a2a1b0 7 API calls __scrt_initialize_crt 28493->28600 28495 7ff7a6a29cde 28495->28483 28603 7ff7a6a2a5d4 28496->28603 28499 7ff7a6a2a04b 28605 7ff7a6a34b10 28499->28605 28502 7ff7a6a29bcd 28502->28478 28502->28479 28505 7ff7a6a340d5 28504->28505 28506 7ff7a6a340c0 28504->28506 28505->28489 28506->28505 28622 7ff7a6a33b78 33 API calls __free_lconv_mon 28506->28622 28508 7ff7a6a340de 28508->28505 28623 7ff7a6a33f14 14 API calls 3 library calls 28508->28623 28511 7ff7a6a21011 28510->28511 28624 7ff7a6a26390 28511->28624 28513 7ff7a6a21023 28635 7ff7a6a3069c 28513->28635 28521 7ff7a6a2275b 28587 7ff7a6a2285c 28521->28587 28660 7ff7a6a25720 28521->28660 28523 7ff7a6a227a9 28524 7ff7a6a227f5 28523->28524 28526 7ff7a6a25720 83 API calls 28523->28526 28675 7ff7a6a25cc0 28524->28675 28528 7ff7a6a227ca 28526->28528 28528->28524 28728 7ff7a6a2f9e0 28528->28728 28532 7ff7a6a219c0 106 API calls 28537 7ff7a6a22840 28532->28537 28534 7ff7a6a2292a 28542 7ff7a6a2296d 28534->28542 28778 7ff7a6a268f0 28534->28778 28540 7ff7a6a22882 28537->28540 28541 7ff7a6a22844 28537->28541 28538 7ff7a6a25cc0 80 API calls 28538->28524 28539 7ff7a6a2294a 28543 7ff7a6a22960 SetDllDirectoryW 28539->28543 28544 7ff7a6a2294f 28539->28544 28561 7ff7a6a228ff 28540->28561 28749 7ff7a6a22d70 28540->28749 28734 7ff7a6a21c40 28541->28734 28686 7ff7a6a24c10 28542->28686 28543->28542 28547 7ff7a6a21c40 77 API calls 28544->28547 28547->28587 28550 7ff7a6a229c8 28797 7ff7a6a24b90 14 API calls __vcrt_freefls 28550->28797 28552 7ff7a6a228a4 28557 7ff7a6a21c40 77 API calls 28552->28557 28557->28587 28558 7ff7a6a229d2 28562 7ff7a6a22a86 28558->28562 28572 7ff7a6a229db 28558->28572 28559 7ff7a6a2298a 28559->28550 28793 7ff7a6a244a0 144 API calls 3 library calls 28559->28793 28560 7ff7a6a228d7 28765 7ff7a6a2bce4 28560->28765 28561->28534 28777 7ff7a6a22690 77 API calls 28561->28777 28718 7ff7a6a22520 28562->28718 28566 7ff7a6a2299b 28568 7ff7a6a229be 28566->28568 28569 7ff7a6a2299f 28566->28569 28796 7ff7a6a24710 FreeLibrary 28568->28796 28794 7ff7a6a24430 111 API calls 28569->28794 28572->28587 28690 7ff7a6a222b0 28572->28690 28574 7ff7a6a229a9 28574->28568 28576 7ff7a6a229ad 28574->28576 28575 7ff7a6a22abb 28577 7ff7a6a25720 83 API calls 28575->28577 28795 7ff7a6a24aa0 78 API calls 28576->28795 28580 7ff7a6a22ac7 28577->28580 28583 7ff7a6a22ad8 28580->28583 28580->28587 28581 7ff7a6a22a61 28798 7ff7a6a24710 FreeLibrary 28581->28798 28582 7ff7a6a229bc 28582->28558 28801 7ff7a6a25d00 86 API calls 2 library calls 28583->28801 28585 7ff7a6a22a75 28799 7ff7a6a24b90 14 API calls __vcrt_freefls 28585->28799 28740 7ff7a6a29a50 28587->28740 28589 7ff7a6a22af0 28802 7ff7a6a24710 FreeLibrary 28589->28802 28591 7ff7a6a22afc 28803 7ff7a6a24b90 14 API calls __vcrt_freefls 28591->28803 28593 7ff7a6a22b06 28594 7ff7a6a22b17 28593->28594 28804 7ff7a6a259c0 87 API calls 2 library calls 28593->28804 28805 7ff7a6a21aa0 65 API calls __vcrt_freefls 28594->28805 28597 7ff7a6a22b1f 28597->28587 28598->28485 28599 7ff7a6a2a49c GetModuleHandleW 28599->28493 28600->28495 28601->28481 28602->28484 28604 7ff7a6a2a03e __scrt_dllmain_crt_thread_attach 28603->28604 28604->28499 28604->28502 28606 7ff7a6a3db68 28605->28606 28607 7ff7a6a2a050 28606->28607 28610 7ff7a6a36e18 28606->28610 28607->28502 28609 7ff7a6a2b534 7 API calls 2 library calls 28607->28609 28609->28502 28621 7ff7a6a3af3c EnterCriticalSection 28610->28621 28612 7ff7a6a36e28 28613 7ff7a6a321bc 31 API calls 28612->28613 28614 7ff7a6a36e31 28613->28614 28615 7ff7a6a36e3f 28614->28615 28616 7ff7a6a36c1c 33 API calls 28614->28616 28617 7ff7a6a3af90 _isindst LeaveCriticalSection 28615->28617 28619 7ff7a6a36e3a 28616->28619 28618 7ff7a6a36e4b 28617->28618 28618->28606 28620 7ff7a6a36d0c GetStdHandle GetFileType 28619->28620 28620->28615 28622->28508 28623->28505 28627 7ff7a6a263af 28624->28627 28625 7ff7a6a263b7 28625->28513 28626 7ff7a6a26400 WideCharToMultiByte 28626->28627 28629 7ff7a6a264a7 28626->28629 28627->28625 28627->28626 28627->28629 28630 7ff7a6a26456 WideCharToMultiByte 28627->28630 28806 7ff7a6a21ca0 77 API calls 28629->28806 28630->28627 28630->28629 28631 7ff7a6a264f1 28633 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28631->28633 28632 7ff7a6a264d3 28632->28631 28634 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28632->28634 28633->28625 28634->28632 28640 7ff7a6a3a4bc 28635->28640 28636 7ff7a6a3a53f 28808 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28636->28808 28638 7ff7a6a3a544 28809 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28638->28809 28639 7ff7a6a3a500 28807 7ff7a6a3a398 61 API calls _fread_nolock 28639->28807 28640->28636 28640->28639 28643 7ff7a6a2273b 28644 7ff7a6a21ae0 28643->28644 28645 7ff7a6a21af5 28644->28645 28646 7ff7a6a21b10 28645->28646 28810 7ff7a6a21c00 77 API calls 28645->28810 28646->28587 28648 7ff7a6a22c60 28646->28648 28811 7ff7a6a29a80 28648->28811 28651 7ff7a6a22c9b 28813 7ff7a6a21ca0 77 API calls 28651->28813 28652 7ff7a6a22cb2 28814 7ff7a6a26a00 79 API calls 28652->28814 28655 7ff7a6a22cae 28658 7ff7a6a29a50 _handle_error 8 API calls 28655->28658 28656 7ff7a6a22cc5 28656->28655 28657 7ff7a6a21c40 77 API calls 28656->28657 28657->28655 28659 7ff7a6a22cef 28658->28659 28659->28521 28661 7ff7a6a2572a 28660->28661 28662 7ff7a6a268f0 79 API calls 28661->28662 28663 7ff7a6a2574c GetEnvironmentVariableW 28662->28663 28664 7ff7a6a25764 ExpandEnvironmentStringsW 28663->28664 28665 7ff7a6a257b6 28663->28665 28815 7ff7a6a26a00 79 API calls 28664->28815 28667 7ff7a6a29a50 _handle_error 8 API calls 28665->28667 28668 7ff7a6a257c8 28667->28668 28668->28523 28669 7ff7a6a2578c 28669->28665 28670 7ff7a6a25796 28669->28670 28816 7ff7a6a34b84 30 API calls _wfindfirst32i64 28670->28816 28672 7ff7a6a2579e 28673 7ff7a6a29a50 _handle_error 8 API calls 28672->28673 28674 7ff7a6a257ae 28673->28674 28674->28523 28676 7ff7a6a268f0 79 API calls 28675->28676 28677 7ff7a6a25cd7 SetEnvironmentVariableW 28676->28677 28678 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28677->28678 28679 7ff7a6a2280a 28678->28679 28680 7ff7a6a219c0 28679->28680 28681 7ff7a6a219f0 28680->28681 28685 7ff7a6a21a6a 28681->28685 28817 7ff7a6a217a0 28681->28817 28684 7ff7a6a2bce4 64 API calls 28684->28685 28685->28532 28685->28561 28687 7ff7a6a24c25 28686->28687 28689 7ff7a6a22972 28687->28689 28877 7ff7a6a21c00 77 API calls 28687->28877 28689->28550 28792 7ff7a6a248f0 106 API calls 2 library calls 28689->28792 28691 7ff7a6a222bd 28690->28691 28878 7ff7a6a239b0 28691->28878 28695 7ff7a6a222f5 28707 7ff7a6a22352 28695->28707 28926 7ff7a6a23780 28695->28926 28696 7ff7a6a29a50 _handle_error 8 API calls 28697 7ff7a6a22509 28696->28697 28697->28581 28699 7ff7a6a22305 28699->28707 28937 7ff7a6a238b0 28699->28937 28702 7ff7a6a2235b 28705 7ff7a6a22374 28702->28705 28714 7ff7a6a2238a 28702->28714 28703 7ff7a6a22346 28704 7ff7a6a21c40 77 API calls 28703->28704 28704->28707 28706 7ff7a6a21c40 77 API calls 28705->28706 28706->28707 28707->28696 28710 7ff7a6a224e1 28711 7ff7a6a21c40 77 API calls 28710->28711 28711->28707 28712 7ff7a6a224c4 28713 7ff7a6a21c40 77 API calls 28712->28713 28713->28707 28714->28707 28714->28710 28714->28712 28715 7ff7a6a224ac 28714->28715 28716 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28714->28716 28942 7ff7a6a212b0 28714->28942 28968 7ff7a6a21770 77 API calls 28714->28968 28717 7ff7a6a21c40 77 API calls 28715->28717 28716->28714 28717->28707 28719 7ff7a6a225d4 28718->28719 28725 7ff7a6a22593 28718->28725 28720 7ff7a6a22613 28719->28720 29097 7ff7a6a21aa0 65 API calls __vcrt_freefls 28719->29097 28722 7ff7a6a29a50 _handle_error 8 API calls 28720->28722 28723 7ff7a6a22625 28722->28723 28723->28587 28800 7ff7a6a25c50 79 API calls __vcrt_freefls 28723->28800 28725->28719 29052 7ff7a6a21dc0 28725->29052 29096 7ff7a6a21440 144 API calls 2 library calls 28725->29096 29098 7ff7a6a21770 77 API calls 28725->29098 28729 7ff7a6a35a80 28728->28729 28730 7ff7a6a227e9 28729->28730 28731 7ff7a6a35a85 RtlFreeHeap 28729->28731 28730->28538 28731->28730 28732 7ff7a6a35aa0 28731->28732 29181 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28732->29181 28735 7ff7a6a21c5e 28734->28735 29182 7ff7a6a21b80 28735->29182 28741 7ff7a6a29a59 28740->28741 28742 7ff7a6a29d78 IsProcessorFeaturePresent 28741->28742 28743 7ff7a6a22870 28741->28743 28744 7ff7a6a29d90 28742->28744 28743->28599 29238 7ff7a6a29f6c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 28744->29238 28746 7ff7a6a29da3 29239 7ff7a6a29d44 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 28746->29239 28750 7ff7a6a22d7c 28749->28750 28751 7ff7a6a268f0 79 API calls 28750->28751 28752 7ff7a6a22da7 28751->28752 28753 7ff7a6a268f0 79 API calls 28752->28753 28754 7ff7a6a22dba 28753->28754 29240 7ff7a6a30c68 28754->29240 28757 7ff7a6a29a50 _handle_error 8 API calls 28758 7ff7a6a2289c 28757->28758 28758->28552 28759 7ff7a6a25f30 28758->28759 28764 7ff7a6a25f54 28759->28764 28760 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28761 7ff7a6a228d2 28760->28761 28761->28560 28761->28561 28762 7ff7a6a2c000 _fread_nolock 46 API calls 28762->28764 28763 7ff7a6a2602b 28763->28760 28764->28762 28764->28763 28766 7ff7a6a2bd19 28765->28766 28767 7ff7a6a2bcfb 28765->28767 28776 7ff7a6a2bd0b 28766->28776 29441 7ff7a6a2fc20 EnterCriticalSection 28766->29441 29442 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28767->29442 28769 7ff7a6a2bd00 29443 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28769->29443 28771 7ff7a6a2bd2f 28773 7ff7a6a2bc60 62 API calls 28771->28773 28774 7ff7a6a2bd38 28773->28774 28775 7ff7a6a2fc2c _fread_nolock LeaveCriticalSection 28774->28775 28775->28776 28776->28552 28777->28534 28779 7ff7a6a26997 MultiByteToWideChar 28778->28779 28780 7ff7a6a26911 MultiByteToWideChar 28778->28780 28783 7ff7a6a269ba 28779->28783 28784 7ff7a6a269df 28779->28784 28781 7ff7a6a26937 28780->28781 28782 7ff7a6a2695c 28780->28782 29444 7ff7a6a21ca0 77 API calls 28781->29444 28782->28779 28789 7ff7a6a26972 28782->28789 29446 7ff7a6a21ca0 77 API calls 28783->29446 28784->28539 28787 7ff7a6a269cd 28787->28539 28788 7ff7a6a2694a 28788->28539 29445 7ff7a6a21ca0 77 API calls 28789->29445 28791 7ff7a6a26985 28791->28539 28792->28559 28793->28566 28794->28574 28795->28582 28796->28550 28797->28558 28798->28585 28799->28587 28800->28575 28801->28589 28802->28591 28803->28593 28804->28594 28805->28597 28806->28632 28807->28643 28808->28638 28809->28643 28810->28646 28812 7ff7a6a22c6c GetModuleFileNameW 28811->28812 28812->28651 28812->28652 28813->28655 28814->28656 28815->28669 28816->28672 28818 7ff7a6a217d4 28817->28818 28819 7ff7a6a217c4 28817->28819 28820 7ff7a6a25f30 47 API calls 28818->28820 28846 7ff7a6a21832 28818->28846 28821 7ff7a6a22d70 106 API calls 28819->28821 28823 7ff7a6a21805 28820->28823 28821->28818 28822 7ff7a6a29a50 _handle_error 8 API calls 28824 7ff7a6a219b0 28822->28824 28825 7ff7a6a2183c 28823->28825 28826 7ff7a6a2181f 28823->28826 28823->28846 28824->28684 28824->28685 28847 7ff7a6a2c000 28825->28847 28856 7ff7a6a21c00 77 API calls 28826->28856 28829 7ff7a6a21857 28857 7ff7a6a21c00 77 API calls 28829->28857 28831 7ff7a6a21851 28831->28829 28832 7ff7a6a218ee 28831->28832 28833 7ff7a6a218d3 28831->28833 28835 7ff7a6a2c000 _fread_nolock 46 API calls 28832->28835 28858 7ff7a6a21c00 77 API calls 28833->28858 28836 7ff7a6a21903 28835->28836 28836->28829 28837 7ff7a6a21915 28836->28837 28850 7ff7a6a2bd74 28837->28850 28840 7ff7a6a2192d 28841 7ff7a6a21c40 77 API calls 28840->28841 28841->28846 28842 7ff7a6a21983 28844 7ff7a6a2bce4 64 API calls 28842->28844 28842->28846 28843 7ff7a6a21940 28843->28842 28845 7ff7a6a21c40 77 API calls 28843->28845 28844->28846 28845->28842 28846->28822 28859 7ff7a6a2c020 28847->28859 28851 7ff7a6a2bd7d 28850->28851 28855 7ff7a6a21929 28850->28855 28875 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28851->28875 28853 7ff7a6a2bd82 28876 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28853->28876 28855->28840 28855->28843 28856->28846 28857->28846 28858->28846 28860 7ff7a6a2c04a 28859->28860 28871 7ff7a6a2c018 28859->28871 28861 7ff7a6a2c059 memcpy_s 28860->28861 28862 7ff7a6a2c096 28860->28862 28860->28871 28873 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 28861->28873 28872 7ff7a6a2fc20 EnterCriticalSection 28862->28872 28864 7ff7a6a2c09e 28867 7ff7a6a2bda0 _fread_nolock 44 API calls 28864->28867 28866 7ff7a6a2c06e 28874 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 28866->28874 28869 7ff7a6a2c0b5 28867->28869 28870 7ff7a6a2fc2c _fread_nolock LeaveCriticalSection 28869->28870 28870->28871 28871->28831 28873->28866 28874->28871 28875->28853 28876->28855 28877->28689 28879 7ff7a6a239c0 28878->28879 28880 7ff7a6a239fb 28879->28880 28882 7ff7a6a23a1b 28879->28882 28881 7ff7a6a21c40 77 API calls 28880->28881 28899 7ff7a6a23a11 28881->28899 28883 7ff7a6a23a5a 28882->28883 28886 7ff7a6a23a72 28882->28886 28888 7ff7a6a21c40 77 API calls 28882->28888 28969 7ff7a6a22d00 28883->28969 28884 7ff7a6a29a50 _handle_error 8 API calls 28890 7ff7a6a222da 28884->28890 28885 7ff7a6a23aa9 28975 7ff7a6a25ee0 28885->28975 28886->28885 28891 7ff7a6a21c40 77 API calls 28886->28891 28888->28883 28890->28707 28900 7ff7a6a23d30 28890->28900 28891->28885 28894 7ff7a6a23abb 28980 7ff7a6a21ca0 77 API calls 28894->28980 28895 7ff7a6a23add 28981 7ff7a6a22eb0 131 API calls 28895->28981 28898 7ff7a6a25ee0 80 API calls 28898->28886 28899->28884 28901 7ff7a6a268f0 79 API calls 28900->28901 28902 7ff7a6a23d52 28901->28902 28903 7ff7a6a23d57 28902->28903 28904 7ff7a6a23d6e 28902->28904 28905 7ff7a6a21c40 77 API calls 28903->28905 28907 7ff7a6a268f0 79 API calls 28904->28907 28906 7ff7a6a23d63 28905->28906 28906->28695 28910 7ff7a6a23d9c 28907->28910 28908 7ff7a6a21c40 77 API calls 28909 7ff7a6a23f17 28908->28909 28909->28695 28911 7ff7a6a23e1e 28910->28911 28912 7ff7a6a23e43 28910->28912 28924 7ff7a6a23da1 28910->28924 28913 7ff7a6a21c40 77 API calls 28911->28913 28914 7ff7a6a268f0 79 API calls 28912->28914 28915 7ff7a6a23e33 28913->28915 28916 7ff7a6a23e5c 28914->28916 28915->28695 28916->28924 28982 7ff7a6a23b10 28916->28982 28920 7ff7a6a23ead 28921 7ff7a6a23ee4 28920->28921 28922 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28920->28922 28920->28924 28923 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28921->28923 28922->28920 28923->28924 28924->28908 28925 7ff7a6a23f00 28924->28925 28925->28695 28927 7ff7a6a23797 28926->28927 28927->28927 28928 7ff7a6a237b9 28927->28928 28936 7ff7a6a237d0 28927->28936 28929 7ff7a6a21c40 77 API calls 28928->28929 28930 7ff7a6a237c5 28929->28930 28930->28699 28931 7ff7a6a2389d 28931->28699 28933 7ff7a6a212b0 106 API calls 28933->28936 28934 7ff7a6a21c40 77 API calls 28934->28936 28935 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28935->28936 28936->28931 28936->28933 28936->28934 28936->28935 29022 7ff7a6a21770 77 API calls 28936->29022 28938 7ff7a6a22315 28937->28938 28940 7ff7a6a238cb 28937->28940 28938->28702 28938->28703 28938->28707 28940->28938 28941 7ff7a6a21c40 77 API calls 28940->28941 29023 7ff7a6a21770 77 API calls 28940->29023 28941->28940 28943 7ff7a6a212f8 28942->28943 28944 7ff7a6a212c6 28942->28944 28948 7ff7a6a2130e 28943->28948 28949 7ff7a6a2132f 28943->28949 28945 7ff7a6a22d70 106 API calls 28944->28945 28946 7ff7a6a212d6 28945->28946 28946->28943 28947 7ff7a6a212de 28946->28947 28950 7ff7a6a21c40 77 API calls 28947->28950 29046 7ff7a6a21c00 77 API calls 28948->29046 28954 7ff7a6a21364 28949->28954 28955 7ff7a6a21344 28949->28955 28952 7ff7a6a212ee 28950->28952 28952->28714 28953 7ff7a6a21325 28953->28714 28956 7ff7a6a2137e 28954->28956 28963 7ff7a6a21395 28954->28963 29047 7ff7a6a21c00 77 API calls 28955->29047 29024 7ff7a6a21050 28956->29024 28959 7ff7a6a2138f 28964 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28959->28964 28966 7ff7a6a2135f 28959->28966 28960 7ff7a6a21421 28960->28714 28961 7ff7a6a2c000 _fread_nolock 46 API calls 28961->28963 28962 7ff7a6a2bce4 64 API calls 28962->28960 28963->28961 28965 7ff7a6a213de 28963->28965 28963->28966 28964->28966 29048 7ff7a6a21c00 77 API calls 28965->29048 28966->28960 28966->28962 28968->28714 28970 7ff7a6a22d0a 28969->28970 28971 7ff7a6a268f0 79 API calls 28970->28971 28972 7ff7a6a22d32 28971->28972 28973 7ff7a6a29a50 _handle_error 8 API calls 28972->28973 28974 7ff7a6a22d5a 28973->28974 28974->28886 28974->28898 28976 7ff7a6a268f0 79 API calls 28975->28976 28977 7ff7a6a25ef7 LoadLibraryExW 28976->28977 28978 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 28977->28978 28979 7ff7a6a23ab6 28978->28979 28979->28894 28979->28895 28980->28899 28981->28899 28987 7ff7a6a23b2a mbstowcs 28982->28987 28983 7ff7a6a29a50 _handle_error 8 API calls 28985 7ff7a6a23cf5 28983->28985 29008 7ff7a6a26af0 79 API calls __vcrt_freefls 28985->29008 28986 7ff7a6a23c38 28994 7ff7a6a23cd6 28986->28994 29010 7ff7a6a34bfc 28986->29010 28987->28986 28990 7ff7a6a23d0e 28987->28990 28987->28994 29009 7ff7a6a21770 77 API calls 28987->29009 28992 7ff7a6a21c40 77 API calls 28990->28992 28992->28994 28993 7ff7a6a23c5b 28995 7ff7a6a34bfc _fread_nolock 30 API calls 28993->28995 28994->28983 28996 7ff7a6a23c6d 28995->28996 29017 7ff7a6a30f00 32 API calls 3 library calls 28996->29017 28998 7ff7a6a23c79 29018 7ff7a6a313d0 63 API calls 28998->29018 29000 7ff7a6a23c8b 29019 7ff7a6a313d0 63 API calls 29000->29019 29002 7ff7a6a23c9d 29003 7ff7a6a3069c 61 API calls 29002->29003 29004 7ff7a6a23cae 29003->29004 29005 7ff7a6a3069c 61 API calls 29004->29005 29006 7ff7a6a23cc2 29005->29006 29007 7ff7a6a3069c 61 API calls 29006->29007 29007->28994 29008->28920 29009->28987 29011 7ff7a6a23c4f 29010->29011 29012 7ff7a6a34c05 29010->29012 29016 7ff7a6a30f00 32 API calls 3 library calls 29011->29016 29020 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29012->29020 29014 7ff7a6a34c0a 29021 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29014->29021 29016->28993 29017->28998 29018->29000 29019->29002 29020->29014 29021->29011 29022->28936 29023->28940 29025 7ff7a6a210a6 29024->29025 29026 7ff7a6a210ad 29025->29026 29027 7ff7a6a210d3 29025->29027 29028 7ff7a6a21c40 77 API calls 29026->29028 29030 7ff7a6a21109 29027->29030 29031 7ff7a6a210ed 29027->29031 29029 7ff7a6a210c0 29028->29029 29029->28959 29033 7ff7a6a2111b 29030->29033 29044 7ff7a6a21137 memcpy_s 29030->29044 29049 7ff7a6a21c00 77 API calls 29031->29049 29050 7ff7a6a21c00 77 API calls 29033->29050 29035 7ff7a6a2c000 _fread_nolock 46 API calls 29035->29044 29036 7ff7a6a21104 29037 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 29036->29037 29038 7ff7a6a2127e 29037->29038 29039 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 29038->29039 29040 7ff7a6a21286 29039->29040 29040->28959 29041 7ff7a6a211fe 29042 7ff7a6a21c40 77 API calls 29041->29042 29042->29036 29044->29035 29044->29036 29044->29041 29045 7ff7a6a2bd74 30 API calls 29044->29045 29051 7ff7a6a2c528 64 API calls 2 library calls 29044->29051 29045->29044 29046->28953 29047->28966 29048->28959 29049->29036 29050->29036 29051->29044 29054 7ff7a6a21dd6 29052->29054 29053 7ff7a6a221f9 29054->29053 29099 7ff7a6a22210 29054->29099 29057 7ff7a6a21f17 29105 7ff7a6a254b0 113 API calls 29057->29105 29058 7ff7a6a22210 55 API calls 29060 7ff7a6a21f13 29058->29060 29060->29057 29062 7ff7a6a21f85 29060->29062 29061 7ff7a6a21f1f 29065 7ff7a6a21f3c 29061->29065 29106 7ff7a6a25390 120 API calls 2 library calls 29061->29106 29063 7ff7a6a22210 55 API calls 29062->29063 29067 7ff7a6a21fae 29063->29067 29066 7ff7a6a21c40 77 API calls 29065->29066 29068 7ff7a6a21f56 29065->29068 29066->29068 29069 7ff7a6a22008 29067->29069 29070 7ff7a6a22210 55 API calls 29067->29070 29072 7ff7a6a29a50 _handle_error 8 API calls 29068->29072 29069->29065 29107 7ff7a6a254b0 113 API calls 29069->29107 29073 7ff7a6a21fdb 29070->29073 29074 7ff7a6a21f7a 29072->29074 29073->29069 29075 7ff7a6a22210 55 API calls 29073->29075 29074->28725 29075->29069 29076 7ff7a6a22018 29076->29065 29077 7ff7a6a21ae0 77 API calls 29076->29077 29078 7ff7a6a22136 29076->29078 29082 7ff7a6a2206f 29077->29082 29078->29065 29087 7ff7a6a2214e 29078->29087 29079 7ff7a6a221d2 29080 7ff7a6a21c40 77 API calls 29079->29080 29081 7ff7a6a22131 29080->29081 29112 7ff7a6a21aa0 65 API calls __vcrt_freefls 29081->29112 29082->29065 29082->29079 29086 7ff7a6a220fc 29082->29086 29088 7ff7a6a217a0 106 API calls 29086->29088 29087->29068 29089 7ff7a6a221b4 29087->29089 29109 7ff7a6a21440 144 API calls 2 library calls 29087->29109 29110 7ff7a6a21770 77 API calls 29087->29110 29090 7ff7a6a22113 29088->29090 29091 7ff7a6a21c40 77 API calls 29089->29091 29090->29087 29092 7ff7a6a22117 29090->29092 29093 7ff7a6a221c5 29091->29093 29108 7ff7a6a21c00 77 API calls 29092->29108 29111 7ff7a6a21aa0 65 API calls __vcrt_freefls 29093->29111 29096->28725 29097->28719 29098->28725 29100 7ff7a6a22244 29099->29100 29101 7ff7a6a2227b 29100->29101 29113 7ff7a6a30594 29100->29113 29103 7ff7a6a29a50 _handle_error 8 API calls 29101->29103 29104 7ff7a6a21ec6 29103->29104 29104->29057 29104->29058 29105->29061 29106->29065 29107->29076 29108->29081 29109->29087 29110->29087 29111->29068 29112->29065 29114 7ff7a6a305bd 29113->29114 29115 7ff7a6a305b1 29113->29115 29154 7ff7a6a2cefc 29114->29154 29130 7ff7a6a2feb8 29115->29130 29121 7ff7a6a30649 29123 7ff7a6a3064d 29121->29123 29124 7ff7a6a30661 29121->29124 29122 7ff7a6a305f5 29163 7ff7a6a2fd40 16 API calls 3 library calls 29122->29163 29125 7ff7a6a305b6 29123->29125 29164 7ff7a6a35a80 29123->29164 29126 7ff7a6a2feb8 52 API calls 29124->29126 29125->29101 29128 7ff7a6a3066d 29126->29128 29128->29125 29129 7ff7a6a35a80 __free_lconv_mon 13 API calls 29128->29129 29129->29125 29131 7ff7a6a2fed7 29130->29131 29132 7ff7a6a2fef3 29130->29132 29169 7ff7a6a35a40 13 API calls _invalid_parameter_noinfo 29131->29169 29132->29131 29133 7ff7a6a2ff06 CreateFileW 29132->29133 29135 7ff7a6a2ff39 29133->29135 29136 7ff7a6a2ff80 29133->29136 29172 7ff7a6a30004 42 API calls 3 library calls 29135->29172 29173 7ff7a6a30488 40 API calls 3 library calls 29136->29173 29137 7ff7a6a2fedc 29170 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29137->29170 29141 7ff7a6a2ff85 29144 7ff7a6a2ff89 29141->29144 29145 7ff7a6a2ff95 29141->29145 29142 7ff7a6a2fee3 29171 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29142->29171 29143 7ff7a6a2ff47 29148 7ff7a6a2feee 29143->29148 29149 7ff7a6a2ff62 CloseHandle 29143->29149 29174 7ff7a6a359f0 13 API calls 2 library calls 29144->29174 29175 7ff7a6a30244 34 API calls 29145->29175 29148->29125 29149->29148 29151 7ff7a6a2ffa2 29176 7ff7a6a30380 23 API calls _fread_nolock 29151->29176 29153 7ff7a6a2ff93 29153->29143 29155 7ff7a6a2cf20 29154->29155 29156 7ff7a6a2cf1b 29154->29156 29155->29156 29177 7ff7a6a38598 33 API calls 2 library calls 29155->29177 29156->29122 29162 7ff7a6a398bc 5 API calls try_get_function 29156->29162 29158 7ff7a6a2cf3b 29178 7ff7a6a38840 33 API calls 29158->29178 29160 7ff7a6a2cf5e 29179 7ff7a6a38874 33 API calls 29160->29179 29162->29122 29163->29121 29165 7ff7a6a35ab7 29164->29165 29166 7ff7a6a35a85 RtlFreeHeap 29164->29166 29165->29125 29166->29165 29167 7ff7a6a35aa0 29166->29167 29180 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29167->29180 29169->29137 29170->29142 29171->29148 29172->29143 29173->29141 29174->29153 29175->29151 29176->29153 29177->29158 29178->29160 29179->29156 29180->29165 29181->28730 29183 7ff7a6a21ba6 29182->29183 29194 7ff7a6a2f93c 29183->29194 29186 7ff7a6a21cf0 29187 7ff7a6a21d00 29186->29187 29213 7ff7a6a26730 MultiByteToWideChar 29187->29213 29189 7ff7a6a21d60 29190 7ff7a6a21b80 68 API calls 29189->29190 29191 7ff7a6a21d90 29190->29191 29192 7ff7a6a29a50 _handle_error 8 API calls 29191->29192 29193 7ff7a6a21c8b 29192->29193 29193->28587 29195 7ff7a6a2f977 29194->29195 29196 7ff7a6a2f962 29194->29196 29195->29196 29198 7ff7a6a2f97c 29195->29198 29210 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29196->29210 29203 7ff7a6a2c5ac 29198->29203 29199 7ff7a6a2f967 29211 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29199->29211 29202 7ff7a6a21bbc 29202->29186 29212 7ff7a6a2fc20 EnterCriticalSection 29203->29212 29205 7ff7a6a2c5c9 29206 7ff7a6a2cf98 66 API calls 29205->29206 29207 7ff7a6a2c5d2 29206->29207 29208 7ff7a6a2fc2c _fread_nolock LeaveCriticalSection 29207->29208 29209 7ff7a6a2c5dc 29208->29209 29209->29202 29210->29199 29211->29202 29214 7ff7a6a26779 29213->29214 29215 7ff7a6a26793 29213->29215 29234 7ff7a6a21ca0 77 API calls 29214->29234 29218 7ff7a6a267a9 29215->29218 29219 7ff7a6a267c3 MultiByteToWideChar 29215->29219 29217 7ff7a6a2678c 29217->29189 29235 7ff7a6a21ca0 77 API calls 29218->29235 29220 7ff7a6a26800 WideCharToMultiByte 29219->29220 29221 7ff7a6a267e6 29219->29221 29224 7ff7a6a26836 29220->29224 29226 7ff7a6a2682d 29220->29226 29236 7ff7a6a21ca0 77 API calls 29221->29236 29225 7ff7a6a2685b WideCharToMultiByte 29224->29225 29224->29226 29225->29226 29228 7ff7a6a268a4 29225->29228 29237 7ff7a6a21ca0 77 API calls 29226->29237 29230 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 29228->29230 29229 7ff7a6a26898 29231 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 29229->29231 29232 7ff7a6a268ac 29230->29232 29231->29217 29232->29217 29233 7ff7a6a2f9e0 __vcrt_freefls 14 API calls 29232->29233 29233->29217 29234->29217 29235->29217 29236->29217 29237->29229 29238->28746 29241 7ff7a6a30b9c 29240->29241 29242 7ff7a6a30bc2 29241->29242 29245 7ff7a6a30bf5 29241->29245 29271 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29242->29271 29244 7ff7a6a30bc7 29272 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29244->29272 29247 7ff7a6a30c08 29245->29247 29248 7ff7a6a30bfb 29245->29248 29259 7ff7a6a35c98 29247->29259 29273 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29248->29273 29250 7ff7a6a22dc9 29250->28757 29253 7ff7a6a30c29 29266 7ff7a6a3ac3c 29253->29266 29254 7ff7a6a30c1c 29274 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29254->29274 29257 7ff7a6a30c3c 29275 7ff7a6a2fc2c LeaveCriticalSection 29257->29275 29276 7ff7a6a3af3c EnterCriticalSection 29259->29276 29261 7ff7a6a35caf 29262 7ff7a6a35d0c 16 API calls 29261->29262 29263 7ff7a6a35cba 29262->29263 29264 7ff7a6a3af90 _isindst LeaveCriticalSection 29263->29264 29265 7ff7a6a30c12 29264->29265 29265->29253 29265->29254 29277 7ff7a6a3a938 29266->29277 29269 7ff7a6a3ac96 29269->29257 29271->29244 29272->29250 29273->29250 29274->29250 29278 7ff7a6a3a973 try_get_function 29277->29278 29279 7ff7a6a3ab3a 29278->29279 29292 7ff7a6a40660 34 API calls 3 library calls 29278->29292 29283 7ff7a6a3ab43 29279->29283 29295 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29279->29295 29281 7ff7a6a3ac11 29296 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29281->29296 29283->29269 29289 7ff7a6a41354 29283->29289 29285 7ff7a6a3aba5 29285->29279 29293 7ff7a6a40660 34 API calls 3 library calls 29285->29293 29287 7ff7a6a3abc4 29287->29279 29294 7ff7a6a40660 34 API calls 3 library calls 29287->29294 29297 7ff7a6a40944 29289->29297 29292->29285 29293->29287 29294->29279 29295->29281 29296->29283 29298 7ff7a6a40979 29297->29298 29299 7ff7a6a4095b 29297->29299 29298->29299 29301 7ff7a6a40995 29298->29301 29351 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29299->29351 29308 7ff7a6a40f6c 29301->29308 29302 7ff7a6a40960 29352 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29302->29352 29305 7ff7a6a4096c 29305->29269 29354 7ff7a6a40c9c 29308->29354 29311 7ff7a6a40ff9 29374 7ff7a6a32374 29311->29374 29312 7ff7a6a40fe1 29386 7ff7a6a35a40 13 API calls _invalid_parameter_noinfo 29312->29386 29316 7ff7a6a40fe6 29387 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29316->29387 29325 7ff7a6a409c0 29325->29305 29353 7ff7a6a3234c LeaveCriticalSection 29325->29353 29351->29302 29352->29305 29355 7ff7a6a40cc8 29354->29355 29363 7ff7a6a40ce2 29354->29363 29355->29363 29413 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29355->29413 29357 7ff7a6a40cd7 29414 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29357->29414 29359 7ff7a6a40d62 29360 7ff7a6a40db6 29359->29360 29417 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29359->29417 29373 7ff7a6a40e12 29360->29373 29419 7ff7a6a30e90 30 API calls 2 library calls 29360->29419 29363->29359 29415 7ff7a6a35a60 13 API calls _invalid_parameter_noinfo 29363->29415 29364 7ff7a6a40e0e 29369 7ff7a6a40e90 29364->29369 29364->29373 29365 7ff7a6a40dab 29418 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29365->29418 29368 7ff7a6a40d57 29416 7ff7a6a35940 30 API calls _invalid_parameter_noinfo 29368->29416 29420 7ff7a6a35960 17 API calls _wfindfirst32i64 29369->29420 29373->29311 29373->29312 29421 7ff7a6a3af3c EnterCriticalSection 29374->29421 29386->29316 29387->29325 29413->29357 29414->29363 29415->29368 29416->29359 29417->29365 29418->29360 29419->29364 29442->28769 29443->28776 29444->28788 29445->28791 29446->28787 29447 7ff7a6a342b4 29448 7ff7a6a3431b 29447->29448 29449 7ff7a6a342d1 GetModuleHandleW 29447->29449 29457 7ff7a6a341ac 29448->29457 29449->29448 29455 7ff7a6a342de 29449->29455 29452 7ff7a6a3435d 29454 7ff7a6a3436f 29455->29448 29471 7ff7a6a343bc GetModuleHandleExW 29455->29471 29477 7ff7a6a3af3c EnterCriticalSection 29457->29477 29459 7ff7a6a341c8 29460 7ff7a6a341e4 13 API calls 29459->29460 29461 7ff7a6a341d1 29460->29461 29462 7ff7a6a3af90 _isindst LeaveCriticalSection 29461->29462 29463 7ff7a6a341d9 29462->29463 29463->29452 29464 7ff7a6a34370 29463->29464 29478 7ff7a6a3d1c8 29464->29478 29467 7ff7a6a343aa 29469 7ff7a6a343bc 3 API calls 29467->29469 29468 7ff7a6a34399 GetCurrentProcess TerminateProcess 29468->29467 29470 7ff7a6a343b1 ExitProcess 29469->29470 29472 7ff7a6a34401 29471->29472 29473 7ff7a6a343e2 GetProcAddress 29471->29473 29475 7ff7a6a3440b FreeLibrary 29472->29475 29476 7ff7a6a34411 29472->29476 29473->29472 29474 7ff7a6a343f9 29473->29474 29474->29472 29475->29476 29476->29448 29479 7ff7a6a3d1e6 29478->29479 29481 7ff7a6a3437d 29478->29481 29482 7ff7a6a3986c 29479->29482 29481->29467 29481->29468 29485 7ff7a6a39694 29482->29485 29486 7ff7a6a396f5 29485->29486 29490 7ff7a6a396f0 try_get_function 29485->29490 29486->29481 29487 7ff7a6a39724 LoadLibraryExW 29489 7ff7a6a39745 GetLastError 29487->29489 29487->29490 29488 7ff7a6a397e6 GetProcAddress 29491 7ff7a6a397f7 29488->29491 29489->29490 29490->29486 29490->29487 29492 7ff7a6a397d8 29490->29492 29493 7ff7a6a397bd FreeLibrary 29490->29493 29494 7ff7a6a3977f LoadLibraryExW 29490->29494 29491->29486 29492->29486 29492->29488 29493->29490 29494->29490

                                                                      Executed Functions

                                                                      Function 00007FFE13331000 Relevance: 632.7, APIs: 189, Strings: 172, Instructions: 924networkCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 7ffe13331000-7ffe1333104a WSAStartup 1 7ffe13331050-7ffe1333106a Py_AtExit 0->1 2 7ffe13333158-7ffe13333160 0->2 5 7ffe13331070-7ffe133310ee call 7ffe13332fac VerSetConditionMask * 3 VerifyVersionInfoW 1->5 6 7ffe133310f4-7ffe1333111a PyModule_Create2 1->6 3 7ffe13333195 2->3 4 7ffe13333162-7ffe13333165 2->4 12 7ffe1333319c-7ffe133331ac PyErr_SetString 3->12 9 7ffe13333167-7ffe1333316a 4->9 10 7ffe1333318c-7ffe13333193 4->10 5->6 7 7ffe13331120-7ffe13331164 PyModule_AddObject PyErr_NewException 6->7 8 7ffe133321aa-7ffe133321ac 6->8 7->8 13 7ffe1333116a-7ffe133311a4 PyModule_AddObject PyErr_NewException 7->13 14 7ffe1333217a-7ffe133321a9 call 7ffe133322e0 8->14 9->3 15 7ffe1333316c-7ffe13333186 PyErr_Format 9->15 10->12 17 7ffe133331b2-7ffe133331bb PyErr_NoMemory 12->17 13->8 18 7ffe133311aa-7ffe133311fd PyModule_AddObject PyModule_AddObjectRef PyModule_AddObject 13->18 15->10 17->8 20 7ffe133331c1 17->20 18->8 21 7ffe13331203-7ffe1333121f PyModule_AddObject 18->21 23 7ffe13333208-7ffe13333212 _Py_Dealloc 20->23 21->8 24 7ffe13331225-7ffe13331250 PyModule_AddObject PyMem_Malloc 21->24 23->8 24->17 25 7ffe13331256-7ffe1333129f PyCapsule_New 24->25 26 7ffe133312a5-7ffe133312ba PyModule_AddObject 25->26 27 7ffe133331c3-7ffe133331ce call 7ffe13334b60 25->27 29 7ffe133312c0-7ffe13331fcf PyModule_AddIntConstant * 11 PyModule_AddStringConstant * 2 PyModule_AddIntConstant * 137 26->29 30 7ffe133331d6-7ffe133331d9 26->30 27->8 35 7ffe133331d4 27->35 32 7ffe13331fd2-7ffe13331fdd PyLong_FromUnsignedLong 29->32 33 7ffe133331e4-7ffe133331e7 30->33 34 7ffe133331db-7ffe133331de _Py_Dealloc 30->34 32->8 36 7ffe13331fe3-7ffe13332001 PyModule_AddObject 32->36 33->8 37 7ffe133331ed 33->37 34->33 35->23 36->32 38 7ffe13332003-7ffe13332064 PyModule_AddIntConstant * 4 PyModule_GetDict 36->38 37->23 39 7ffe133331fe-7ffe13333202 38->39 40 7ffe1333206a-7ffe133320e4 VerSetConditionMask * 3 38->40 39->8 39->23 41 7ffe133320e7-7ffe13332102 VerifyVersionInfoA 40->41 42 7ffe13332104-7ffe13332122 PyUnicode_FromString 41->42 43 7ffe13332177 41->43 42->39 44 7ffe13332128-7ffe13332142 _PyDict_Pop 42->44 43->14 45 7ffe13332144-7ffe13332147 _Py_Dealloc 44->45 46 7ffe1333214d-7ffe13332150 44->46 45->46 46->39 47 7ffe13332156-7ffe1333215b 46->47 48 7ffe13332161-7ffe13332171 47->48 49 7ffe133331ef-7ffe133331f8 _Py_Dealloc 47->49 48->41 48->43 49->39
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Module_$Constant$Object$ConditionMask$Err_String$ExceptionFromInfoVerifyVersion$Capsule_Create2DeallocDictDict_ExitFormatLongLong_MallocMem_StartupUnicode_Unsigned
                                                                      • String ID: 00:00:00:00:00:00$00:00:00:FF:FF:FF$AF_APPLETALK$AF_BLUETOOTH$AF_DECnet$AF_INET$AF_INET6$AF_IPX$AF_IRDA$AF_LINK$AF_SNA$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_NUMERICHOST$AI_NUMERICSERV$AI_PASSIVE$AI_V4MAPPED$BDADDR_ANY$BDADDR_LOCAL$BTPROTO_RFCOMM$CAPI$EAI_AGAIN$EAI_BADFLAGS$EAI_FAIL$EAI_FAMILY$EAI_MEMORY$EAI_NODATA$EAI_NONAME$EAI_SERVICE$EAI_SOCKTYPE$INADDR_ALLHOSTS_GROUP$INADDR_ANY$INADDR_BROADCAST$INADDR_LOOPBACK$INADDR_MAX_LOCAL_GROUP$INADDR_NONE$INADDR_UNSPEC_GROUP$IPPORT_RESERVED$IPPORT_USERRESERVED$IPPROTO_AH$IPPROTO_CBT$IPPROTO_DSTOPTS$IPPROTO_EGP$IPPROTO_ESP$IPPROTO_FRAGMENT$IPPROTO_GGP$IPPROTO_HOPOPTS$IPPROTO_ICLFXBM$IPPROTO_ICMP$IPPROTO_ICMPV6$IPPROTO_IDP$IPPROTO_IGMP$IPPROTO_IGP$IPPROTO_IP$IPPROTO_IPV4$IPPROTO_IPV6$IPPROTO_L2TP$IPPROTO_MAX$IPPROTO_ND$IPPROTO_NONE$IPPROTO_PGM$IPPROTO_PIM$IPPROTO_PUP$IPPROTO_RAW$IPPROTO_RDP$IPPROTO_ROUTING$IPPROTO_SCTP$IPPROTO_ST$IPPROTO_TCP$IPPROTO_UDP$IPV6_CHECKSUM$IPV6_DONTFRAG$IPV6_HOPLIMIT$IPV6_HOPOPTS$IPV6_JOIN_GROUP$IPV6_LEAVE_GROUP$IPV6_MULTICAST_HOPS$IPV6_MULTICAST_IF$IPV6_MULTICAST_LOOP$IPV6_PKTINFO$IPV6_RECVRTHDR$IPV6_RECVTCLASS$IPV6_RTHDR$IPV6_TCLASS$IPV6_UNICAST_HOPS$IPV6_V6ONLY$IP_ADD_MEMBERSHIP$IP_DROP_MEMBERSHIP$IP_HDRINCL$IP_MULTICAST_IF$IP_MULTICAST_LOOP$IP_MULTICAST_TTL$IP_OPTIONS$IP_RECVDSTADDR$IP_RECVTOS$IP_TOS$IP_TTL$MSG_BCAST$MSG_CTRUNC$MSG_DONTROUTE$MSG_ERRQUEUE$MSG_MCAST$MSG_OOB$MSG_PEEK$MSG_TRUNC$MSG_WAITALL$NI_DGRAM$NI_MAXHOST$NI_MAXSERV$NI_NAMEREQD$NI_NOFQDN$NI_NUMERICHOST$NI_NUMERICSERV$RCVALL_MAX$RCVALL_OFF$RCVALL_ON$RCVALL_SOCKETLEVELONLY$SHUT_RD$SHUT_RDWR$SHUT_WR$SIO_KEEPALIVE_VALS$SIO_LOOPBACK_FAST_PATH$SIO_RCVALL$SOCK_DGRAM$SOCK_RAW$SOCK_RDM$SOCK_SEQPACKET$SOCK_STREAM$SOL_IP$SOL_SOCKET$SOL_TCP$SOL_UDP$SOMAXCONN$SO_ACCEPTCONN$SO_BROADCAST$SO_DEBUG$SO_DONTROUTE$SO_ERROR$SO_EXCLUSIVEADDRUSE$SO_KEEPALIVE$SO_LINGER$SO_OOBINLINE$SO_RCVBUF$SO_RCVLOWAT$SO_RCVTIMEO$SO_REUSEADDR$SO_SNDBUF$SO_SNDLOWAT$SO_SNDTIMEO$SO_TYPE$SO_USELOOPBACK$SocketType$TCP_FASTOPEN$TCP_KEEPCNT$TCP_KEEPIDLE$TCP_KEEPINTVL$TCP_MAXSEG$TCP_NODELAY$WSAStartup failed: error code %d$WSAStartup failed: network not ready$WSAStartup failed: requested version not supported$_socket.CAPI$error$gaierror$has_ipv6$herror$socket$socket.gaierror$socket.herror$timeout
                                                                      • API String ID: 2552996968-1299366327
                                                                      • Opcode ID: dfca0bf0feb90cd89eb3b1bf1cb1fa2419f52fe1e3a7a52d52d49622c46198c5
                                                                      • Instruction ID: 10e758f22b4cc45ee5dee9e3fb278a744a7ca551334d7b8d5775d829d0f28c3b
                                                                      • Opcode Fuzzy Hash: dfca0bf0feb90cd89eb3b1bf1cb1fa2419f52fe1e3a7a52d52d49622c46198c5
                                                                      • Instruction Fuzzy Hash: D3A21864B19F4689FA109B1BE814275AB21AF69FA1F4094B5CC2F2A774DE7CE14CC708
                                                                      Function 00007FFE1A46164C Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 241stringCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 50 7ffe1a46164c-7ffe1a461675 51 7ffe1a46167e-7ffe1a461684 50->51 52 7ffe1a4669eb 51->52 53 7ffe1a46168a-7ffe1a4616a4 _PyObject_LookupAttrId 51->53 53->52 54 7ffe1a4616aa-7ffe1a4616b5 53->54 55 7ffe1a4616bb-7ffe1a4616c9 54->55 56 7ffe1a4668fa-7ffe1a466908 54->56 58 7ffe1a4616cf-7ffe1a4616e0 PyUnicode_AsUTF8AndSize 55->58 59 7ffe1a4669ac-7ffe1a4669b3 55->59 57 7ffe1a4669ba-7ffe1a4669bd PyErr_SetString 56->57 60 7ffe1a4669c3-7ffe1a4669ce 57->60 58->60 61 7ffe1a4616e6-7ffe1a4616ec 58->61 59->57 62 7ffe1a4669d0-7ffe1a4669d4 60->62 63 7ffe1a4669dc-7ffe1a4669e0 60->63 64 7ffe1a4616f2-7ffe1a461705 strchr 61->64 65 7ffe1a46690d-7ffe1a46691b 61->65 62->63 66 7ffe1a4669d6 _Py_Dealloc 62->66 63->52 69 7ffe1a4669e2 63->69 67 7ffe1a466920-7ffe1a466935 64->67 68 7ffe1a46170b-7ffe1a461719 call 7ffe1a4639e0 64->68 65->57 66->63 72 7ffe1a466948-7ffe1a466951 PyErr_Format 67->72 74 7ffe1a46171f-7ffe1a461731 call 7ffe1a461cf8 68->74 75 7ffe1a466937-7ffe1a466945 68->75 71 7ffe1a4669e5 _Py_Dealloc 69->71 71->52 72->60 74->60 78 7ffe1a461737-7ffe1a461789 call 7ffe1a46198c 74->78 75->72 81 7ffe1a466953-7ffe1a466957 78->81 82 7ffe1a46178f-7ffe1a4617b9 PyDict_Update 78->82 85 7ffe1a466962-7ffe1a46696e 81->85 86 7ffe1a466959-7ffe1a46695c _Py_Dealloc 81->86 83 7ffe1a4617bf-7ffe1a4617d1 82->83 84 7ffe1a466986-7ffe1a46698a 82->84 91 7ffe1a4617d3 _Py_Dealloc 83->91 92 7ffe1a4617d9-7ffe1a4617e7 83->92 89 7ffe1a46697b-7ffe1a46697f 84->89 90 7ffe1a46698c 84->90 87 7ffe1a466975 _Py_Dealloc 85->87 88 7ffe1a466970 85->88 86->85 87->89 88->89 89->52 93 7ffe1a466981-7ffe1a466984 89->93 90->87 91->92 95 7ffe1a461822-7ffe1a46182c 92->95 96 7ffe1a4617e9-7ffe1a4617ef 92->96 93->71 97 7ffe1a461835-7ffe1a461855 95->97 98 7ffe1a46182e-7ffe1a461833 95->98 99 7ffe1a4617f5-7ffe1a4617f8 96->99 100 7ffe1a46197f-7ffe1a461987 96->100 98->97 101 7ffe1a461856-7ffe1a46185b 98->101 102 7ffe1a4617fe-7ffe1a461801 99->102 103 7ffe1a461976-7ffe1a46197d 99->103 100->95 101->97 105 7ffe1a46185d-7ffe1a46187e call 7ffe1a461420 101->105 102->100 104 7ffe1a461807-7ffe1a46180a 102->104 106 7ffe1a46191e-7ffe1a461938 PyDescr_NewClassMethod 103->106 107 7ffe1a461810-7ffe1a461813 104->107 108 7ffe1a46196d-7ffe1a461974 104->108 105->63 117 7ffe1a461884-7ffe1a4618fd call 7ffe1a4635b0 PyObject_SetAttrString * 4 call 7ffe1a463930 105->117 106->63 109 7ffe1a46193e-7ffe1a461958 PyDict_SetItemString 106->109 107->100 111 7ffe1a461819-7ffe1a46181c 107->111 108->106 112 7ffe1a46698e-7ffe1a466997 _Py_Dealloc 109->112 113 7ffe1a46195e-7ffe1a461962 109->113 111->95 115 7ffe1a461917 111->115 118 7ffe1a46699d-7ffe1a4669a6 _Py_Dealloc 112->118 113->95 116 7ffe1a461968 113->116 115->106 116->63 117->118 123 7ffe1a461903-7ffe1a46190c PyErr_Occurred 117->123 118->59 123->97 124 7ffe1a461912 123->124 124->63
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Object_String$Attr$Err_$Dict_$CallClassDescr_FormatItemLookupMakeMallocMem_MethodOccurredSizeState_ThreadUnicode_Updatestrchr
                                                                      • String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
                                                                      • API String ID: 2585113000-917751260
                                                                      • Opcode ID: d0060f9298833e26698be45dc542c1b060cc439cfca535f18d9034c83a8abb56
                                                                      • Instruction ID: 2c3c61c484a1143dc7f1144dd9427742d6379ded5c44869d5decbdcf9751c62c
                                                                      • Opcode Fuzzy Hash: d0060f9298833e26698be45dc542c1b060cc439cfca535f18d9034c83a8abb56
                                                                      • Instruction Fuzzy Hash: FAB12825B09F8285EA588B6BA85427963B0FF85FB4F0440F7CA6E47674DF2CE569C340
                                                                      Function 00007FF7A6A217A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock$_invalid_parameter_noinfo
                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                      • API String ID: 3405171723-4158440160
                                                                      • Opcode ID: d6110a8b7a577efdf6910155f2d5d7a54168b54d02c3ca2bfc945a4ec0d9434c
                                                                      • Instruction ID: 80f922ac6394733db2ff00f830f87463ea3d0e097dba01f7e94921de5d19e0f8
                                                                      • Opcode Fuzzy Hash: d6110a8b7a577efdf6910155f2d5d7a54168b54d02c3ca2bfc945a4ec0d9434c
                                                                      • Instruction Fuzzy Hash: D8519271A4AA0282EB54EF34D85097AA3A1FF48F58B928135DA0D937B5EF3CE850C750
                                                                      Function 00007FF7A6A212B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                      • API String ID: 0-3659356012
                                                                      • Opcode ID: 57acac8f6d080eb1024dc678324964b59ebcb928510c70a6b7e43e380f754f98
                                                                      • Instruction ID: 5d82745733668cfb1ed8a6575eb492bf2ab1e82680c5a3de545c7337bcb6b8d3
                                                                      • Opcode Fuzzy Hash: 57acac8f6d080eb1024dc678324964b59ebcb928510c70a6b7e43e380f754f98
                                                                      • Instruction Fuzzy Hash: A5416261A8AA4281EA14EB21AC40ABBE362BB44FD4FD64431DB4D17A75FE3CE941C710
                                                                      Function 00007FF7A6A40F6C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 266 7ff7a6a40f6c-7ff7a6a40fdf call 7ff7a6a40c9c 269 7ff7a6a40ff9-7ff7a6a41003 call 7ff7a6a32374 266->269 270 7ff7a6a40fe1-7ff7a6a40fea call 7ff7a6a35a40 266->270 275 7ff7a6a4101e-7ff7a6a41087 CreateFileW 269->275 276 7ff7a6a41005-7ff7a6a4101c call 7ff7a6a35a40 call 7ff7a6a35a60 269->276 277 7ff7a6a40fed-7ff7a6a40ff4 call 7ff7a6a35a60 270->277 279 7ff7a6a41089-7ff7a6a4108f 275->279 280 7ff7a6a41104-7ff7a6a4110f GetFileType 275->280 276->277 294 7ff7a6a41332-7ff7a6a41352 277->294 283 7ff7a6a410d1-7ff7a6a410ff GetLastError call 7ff7a6a359f0 279->283 284 7ff7a6a41091-7ff7a6a41095 279->284 286 7ff7a6a41162-7ff7a6a41169 280->286 287 7ff7a6a41111-7ff7a6a4114c GetLastError call 7ff7a6a359f0 CloseHandle 280->287 283->277 284->283 292 7ff7a6a41097-7ff7a6a410cf CreateFileW 284->292 290 7ff7a6a4116b-7ff7a6a4116f 286->290 291 7ff7a6a41171-7ff7a6a41174 286->291 287->277 300 7ff7a6a41152-7ff7a6a4115d call 7ff7a6a35a60 287->300 297 7ff7a6a4117a-7ff7a6a411cb call 7ff7a6a3228c 290->297 291->297 298 7ff7a6a41176 291->298 292->280 292->283 305 7ff7a6a411ea-7ff7a6a4121a call 7ff7a6a40a08 297->305 306 7ff7a6a411cd-7ff7a6a411d9 call 7ff7a6a40ea8 297->306 298->297 300->277 311 7ff7a6a411dd-7ff7a6a411e5 call 7ff7a6a35bd8 305->311 312 7ff7a6a4121c-7ff7a6a4125f 305->312 306->305 313 7ff7a6a411db 306->313 311->294 315 7ff7a6a41281-7ff7a6a4128c 312->315 316 7ff7a6a41261-7ff7a6a41265 312->316 313->311 319 7ff7a6a41292-7ff7a6a41296 315->319 320 7ff7a6a41330 315->320 316->315 318 7ff7a6a41267-7ff7a6a4127c 316->318 318->315 319->320 321 7ff7a6a4129c-7ff7a6a412e1 CloseHandle CreateFileW 319->321 320->294 322 7ff7a6a41316-7ff7a6a4132b 321->322 323 7ff7a6a412e3-7ff7a6a41311 GetLastError call 7ff7a6a359f0 call 7ff7a6a324b4 321->323 322->320 323->322
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                      • String ID:
                                                                      • API String ID: 1330151763-0
                                                                      • Opcode ID: ec83095cb1667d9f6de31c98f1b7a8ee4c2046d418af891938abd2368e94f20e
                                                                      • Instruction ID: 4b5d762d2bd6f5fc80969a02ce347df30a771661f426c32372d8bced389ec299
                                                                      • Opcode Fuzzy Hash: ec83095cb1667d9f6de31c98f1b7a8ee4c2046d418af891938abd2368e94f20e
                                                                      • Instruction Fuzzy Hash: 6DC1C336B15A4185EB54DF68C894ABE7760FB48F98B920235DB2E477E4EF38D451C320
                                                                      Function 00007FF7A6A21000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 275COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 391 7ff7a6a21000-7ff7a6a22748 call 7ff7a6a2bc58 call 7ff7a6a2bc50 call 7ff7a6a26390 call 7ff7a6a29a80 call 7ff7a6a2fbb0 call 7ff7a6a3069c call 7ff7a6a21ae0 407 7ff7a6a2285c 391->407 408 7ff7a6a2274e-7ff7a6a2275d call 7ff7a6a22c60 391->408 409 7ff7a6a22861-7ff7a6a22881 call 7ff7a6a29a50 407->409 408->407 414 7ff7a6a22763-7ff7a6a22776 call 7ff7a6a22b30 408->414 414->407 417 7ff7a6a2277c-7ff7a6a2278f call 7ff7a6a22be0 414->417 417->407 420 7ff7a6a22795-7ff7a6a227bc call 7ff7a6a25720 417->420 423 7ff7a6a227fe-7ff7a6a22826 call 7ff7a6a25cc0 call 7ff7a6a219c0 420->423 424 7ff7a6a227be-7ff7a6a227cd call 7ff7a6a25720 420->424 434 7ff7a6a2282c-7ff7a6a22842 call 7ff7a6a219c0 423->434 435 7ff7a6a2290f-7ff7a6a22920 423->435 424->423 430 7ff7a6a227cf-7ff7a6a227d5 424->430 432 7ff7a6a227d7-7ff7a6a227df 430->432 433 7ff7a6a227e1-7ff7a6a227fb call 7ff7a6a2f9e0 call 7ff7a6a25cc0 430->433 432->433 433->423 448 7ff7a6a22882-7ff7a6a22885 434->448 449 7ff7a6a22844-7ff7a6a22857 call 7ff7a6a21c40 434->449 439 7ff7a6a22922-7ff7a6a2292c call 7ff7a6a22690 435->439 440 7ff7a6a22935-7ff7a6a2294d call 7ff7a6a268f0 435->440 451 7ff7a6a2292e 439->451 452 7ff7a6a2296d-7ff7a6a2297a call 7ff7a6a24c10 439->452 453 7ff7a6a22960-7ff7a6a22967 SetDllDirectoryW 440->453 454 7ff7a6a2294f-7ff7a6a2295b call 7ff7a6a21c40 440->454 448->435 450 7ff7a6a2288b-7ff7a6a228a2 call 7ff7a6a22d70 448->450 449->407 462 7ff7a6a228a9-7ff7a6a228d5 call 7ff7a6a25f30 450->462 463 7ff7a6a228a4-7ff7a6a228a7 450->463 451->440 464 7ff7a6a229c8-7ff7a6a229cd call 7ff7a6a24b90 452->464 465 7ff7a6a2297c-7ff7a6a2298c call 7ff7a6a248f0 452->465 453->452 454->407 475 7ff7a6a228d7-7ff7a6a228df call 7ff7a6a2bce4 462->475 476 7ff7a6a228ff-7ff7a6a2290d 462->476 466 7ff7a6a228e4-7ff7a6a228fa call 7ff7a6a21c40 463->466 472 7ff7a6a229d2-7ff7a6a229d5 464->472 465->464 474 7ff7a6a2298e-7ff7a6a2299d call 7ff7a6a244a0 465->474 466->407 478 7ff7a6a229db-7ff7a6a229e8 472->478 479 7ff7a6a22a86-7ff7a6a22a8e call 7ff7a6a22520 472->479 491 7ff7a6a229be-7ff7a6a229c3 call 7ff7a6a24710 474->491 492 7ff7a6a2299f-7ff7a6a229ab call 7ff7a6a24430 474->492 475->466 476->439 483 7ff7a6a229f0-7ff7a6a229fa 478->483 487 7ff7a6a22a93-7ff7a6a22a95 479->487 484 7ff7a6a229fc-7ff7a6a22a01 483->484 485 7ff7a6a22a03-7ff7a6a22a05 483->485 484->483 484->485 489 7ff7a6a22a07-7ff7a6a22a2a call 7ff7a6a21b20 485->489 490 7ff7a6a22a51-7ff7a6a22a66 call 7ff7a6a22680 call 7ff7a6a222b0 call 7ff7a6a22670 485->490 487->407 493 7ff7a6a22a9b-7ff7a6a22ad2 call 7ff7a6a25c50 call 7ff7a6a25720 call 7ff7a6a24290 487->493 489->407 503 7ff7a6a22a30-7ff7a6a22a3b 489->503 515 7ff7a6a22a6b-7ff7a6a22a81 call 7ff7a6a24710 call 7ff7a6a24b90 490->515 491->464 492->491 504 7ff7a6a229ad-7ff7a6a229bc call 7ff7a6a24aa0 492->504 493->407 516 7ff7a6a22ad8-7ff7a6a22b0d call 7ff7a6a22680 call 7ff7a6a25d00 call 7ff7a6a24710 call 7ff7a6a24b90 493->516 507 7ff7a6a22a40-7ff7a6a22a4f 503->507 504->472 507->490 507->507 515->409 529 7ff7a6a22b17-7ff7a6a22b21 call 7ff7a6a21aa0 516->529 530 7ff7a6a22b0f-7ff7a6a22b12 call 7ff7a6a259c0 516->530 529->409 530->529
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A22C60: GetModuleFileNameW.KERNEL32(?,00007FF7A6A2275B,?,?,?,?,?,?), ref: 00007FF7A6A22C91
                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7A6A22967
                                                                        • Part of subcall function 00007FF7A6A25720: GetEnvironmentVariableW.KERNEL32(00007FF7A6A227A9,?,?,?,?,?,?), ref: 00007FF7A6A2575A
                                                                        • Part of subcall function 00007FF7A6A25720: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A25777
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                      • API String ID: 2344891160-3602715111
                                                                      • Opcode ID: ad9ad0cd7dc5a0ead2ba4fbdbf14395e99d23ab3ea79810b68b2d4f0c244518d
                                                                      • Instruction ID: e20244ef909c4a40af135c77101a53b1962eb94db39c0f4305bc89333932c026
                                                                      • Opcode Fuzzy Hash: ad9ad0cd7dc5a0ead2ba4fbdbf14395e99d23ab3ea79810b68b2d4f0c244518d
                                                                      • Instruction Fuzzy Hash: 4EC18621A5E68341EA24BB31DC51AFF9252BF44F84FC24031EA4E676B6FF2CE5158720
                                                                      Function 00007FF7A6A21050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 534 7ff7a6a21050-7ff7a6a210ab call 7ff7a6a287b0 537 7ff7a6a210ad-7ff7a6a210d2 call 7ff7a6a21c40 534->537 538 7ff7a6a210d3-7ff7a6a210eb call 7ff7a6a2f9f4 534->538 543 7ff7a6a21109-7ff7a6a21119 call 7ff7a6a2f9f4 538->543 544 7ff7a6a210ed-7ff7a6a21104 call 7ff7a6a21c00 538->544 549 7ff7a6a21137-7ff7a6a21147 543->549 550 7ff7a6a2111b-7ff7a6a21132 call 7ff7a6a21c00 543->550 551 7ff7a6a2126c-7ff7a6a21281 call 7ff7a6a284a0 call 7ff7a6a2f9e0 * 2 544->551 553 7ff7a6a21150-7ff7a6a21175 call 7ff7a6a2c000 549->553 550->551 567 7ff7a6a21286-7ff7a6a212a0 551->567 560 7ff7a6a2117b-7ff7a6a21185 call 7ff7a6a2bd74 553->560 561 7ff7a6a2125e 553->561 560->561 568 7ff7a6a2118b-7ff7a6a21197 560->568 563 7ff7a6a21264 561->563 563->551 569 7ff7a6a211a0-7ff7a6a211b5 call 7ff7a6a26c70 568->569 571 7ff7a6a211ba-7ff7a6a211c8 569->571 572 7ff7a6a211ca-7ff7a6a211cd 571->572 573 7ff7a6a21241-7ff7a6a2125c call 7ff7a6a21c40 571->573 574 7ff7a6a2123c 572->574 575 7ff7a6a211cf-7ff7a6a211d9 572->575 573->563 574->573 577 7ff7a6a211db-7ff7a6a211f0 call 7ff7a6a2c528 575->577 578 7ff7a6a21203-7ff7a6a21206 575->578 586 7ff7a6a211fe-7ff7a6a21201 577->586 587 7ff7a6a211f2-7ff7a6a211fc call 7ff7a6a2bd74 577->587 581 7ff7a6a21208-7ff7a6a21216 call 7ff7a6a2a7c0 578->581 582 7ff7a6a21219-7ff7a6a2121e 578->582 581->582 582->569 585 7ff7a6a21220-7ff7a6a21223 582->585 589 7ff7a6a21237-7ff7a6a2123a 585->589 590 7ff7a6a21225-7ff7a6a21228 585->590 586->573 587->582 587->586 589->563 590->573 592 7ff7a6a2122a-7ff7a6a21232 590->592 592->553
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                      • API String ID: 0-1060636955
                                                                      • Opcode ID: 3c689af3ba0f84549a81a09e31f4ac7ebda90b3e42747bc2f4208514cb32a652
                                                                      • Instruction ID: ce66be349519f8286ab1a3678d8d287d589959e855058b4aafbb873b8b03515a
                                                                      • Opcode Fuzzy Hash: 3c689af3ba0f84549a81a09e31f4ac7ebda90b3e42747bc2f4208514cb32a652
                                                                      • Instruction Fuzzy Hash: 7551FA62A4A68241E620BB21DC40BBBA292FB45F94FC64135EF4D577B5FE3CE854C710
                                                                      Function 00007FF7A6A364BC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 747 7ff7a6a364bc-7ff7a6a364e2 748 7ff7a6a364fd-7ff7a6a36501 747->748 749 7ff7a6a364e4-7ff7a6a364f8 call 7ff7a6a35a40 call 7ff7a6a35a60 747->749 750 7ff7a6a36507-7ff7a6a3650e 748->750 751 7ff7a6a368e0-7ff7a6a368ec call 7ff7a6a35a40 call 7ff7a6a35a60 748->751 763 7ff7a6a368f7 749->763 750->751 753 7ff7a6a36514-7ff7a6a36546 750->753 770 7ff7a6a368f2 call 7ff7a6a35940 751->770 753->751 756 7ff7a6a3654c-7ff7a6a36553 753->756 760 7ff7a6a3656c-7ff7a6a3656f 756->760 761 7ff7a6a36555-7ff7a6a36567 call 7ff7a6a35a40 call 7ff7a6a35a60 756->761 766 7ff7a6a368dc-7ff7a6a368de 760->766 767 7ff7a6a36575-7ff7a6a36577 760->767 761->770 768 7ff7a6a368fa-7ff7a6a36911 763->768 766->768 767->766 771 7ff7a6a3657d-7ff7a6a36580 767->771 770->763 771->761 774 7ff7a6a36582-7ff7a6a365a8 771->774 776 7ff7a6a365aa-7ff7a6a365ad 774->776 777 7ff7a6a365e7-7ff7a6a365ef 774->777 780 7ff7a6a365af-7ff7a6a365b7 776->780 781 7ff7a6a365d5-7ff7a6a365e2 776->781 778 7ff7a6a365b9-7ff7a6a365d0 call 7ff7a6a35a40 call 7ff7a6a35a60 call 7ff7a6a35940 777->778 779 7ff7a6a365f1-7ff7a6a36619 call 7ff7a6a37e44 call 7ff7a6a35a80 * 2 777->779 811 7ff7a6a36770 778->811 807 7ff7a6a3661b-7ff7a6a36631 call 7ff7a6a35a60 call 7ff7a6a35a40 779->807 808 7ff7a6a36636-7ff7a6a36667 call 7ff7a6a36c14 779->808 780->778 780->781 783 7ff7a6a3666b-7ff7a6a3667e 781->783 786 7ff7a6a366fa-7ff7a6a36704 call 7ff7a6a3dd98 783->786 787 7ff7a6a36680-7ff7a6a36688 783->787 798 7ff7a6a3670a-7ff7a6a3671f 786->798 799 7ff7a6a3678e 786->799 787->786 791 7ff7a6a3668a-7ff7a6a3668c 787->791 791->786 795 7ff7a6a3668e-7ff7a6a366a5 791->795 795->786 800 7ff7a6a366a7-7ff7a6a366b3 795->800 798->799 804 7ff7a6a36721-7ff7a6a36733 GetConsoleMode 798->804 802 7ff7a6a36793-7ff7a6a367b3 ReadFile 799->802 800->786 805 7ff7a6a366b5-7ff7a6a366b7 800->805 809 7ff7a6a367b9-7ff7a6a367c1 802->809 810 7ff7a6a368a6-7ff7a6a368af GetLastError 802->810 804->799 812 7ff7a6a36735-7ff7a6a3673d 804->812 805->786 813 7ff7a6a366b9-7ff7a6a366d1 805->813 807->811 808->783 809->810 815 7ff7a6a367c7 809->815 818 7ff7a6a368cc-7ff7a6a368cf 810->818 819 7ff7a6a368b1-7ff7a6a368c7 call 7ff7a6a35a60 call 7ff7a6a35a40 810->819 820 7ff7a6a36773-7ff7a6a3677d call 7ff7a6a35a80 811->820 812->802 817 7ff7a6a3673f-7ff7a6a36761 ReadConsoleW 812->817 813->786 821 7ff7a6a366d3-7ff7a6a366df 813->821 826 7ff7a6a367ce-7ff7a6a367e3 815->826 828 7ff7a6a36782-7ff7a6a3678c 817->828 829 7ff7a6a36763 GetLastError 817->829 823 7ff7a6a36769-7ff7a6a3676b call 7ff7a6a359f0 818->823 824 7ff7a6a368d5-7ff7a6a368d7 818->824 819->811 820->768 821->786 822 7ff7a6a366e1-7ff7a6a366e3 821->822 822->786 832 7ff7a6a366e5-7ff7a6a366f5 822->832 823->811 824->820 826->820 834 7ff7a6a367e5-7ff7a6a367f0 826->834 828->826 829->823 832->786 839 7ff7a6a36817-7ff7a6a3681f 834->839 840 7ff7a6a367f2-7ff7a6a3680b call 7ff7a6a36080 834->840 843 7ff7a6a36821-7ff7a6a36833 839->843 844 7ff7a6a36894-7ff7a6a368a1 call 7ff7a6a35e38 839->844 847 7ff7a6a36810-7ff7a6a36812 840->847 848 7ff7a6a36887-7ff7a6a3688f 843->848 849 7ff7a6a36835 843->849 844->847 847->820 848->820 851 7ff7a6a3683a-7ff7a6a36841 849->851 852 7ff7a6a3687d-7ff7a6a36881 851->852 853 7ff7a6a36843-7ff7a6a36847 851->853 852->848 854 7ff7a6a36849-7ff7a6a36850 853->854 855 7ff7a6a36863 853->855 854->855 856 7ff7a6a36852-7ff7a6a36856 854->856 857 7ff7a6a36869-7ff7a6a36879 855->857 856->855 858 7ff7a6a36858-7ff7a6a36861 856->858 857->851 859 7ff7a6a3687b 857->859 858->857 859->848
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: df09659975cd793f862987a859c2b9a44509008f7f7e632d6f52d7ee2385b871
                                                                      • Instruction ID: fa97b97fb2010acd2a57e1855b10f43e69c11d28585b23d7f30b2ae3c304cd45
                                                                      • Opcode Fuzzy Hash: df09659975cd793f862987a859c2b9a44509008f7f7e632d6f52d7ee2385b871
                                                                      • Instruction Fuzzy Hash: A1C1F62AA0EB8281E7686B159C44ABBE760FB45F84FC61131DA4E077B1EF7CE455C360
                                                                      Function 00007FF7A6A377FC Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 860 7ff7a6a377fc-7ff7a6a37821 861 7ff7a6a37827-7ff7a6a3782a 860->861 862 7ff7a6a37ac5 860->862 863 7ff7a6a3784b-7ff7a6a37872 861->863 864 7ff7a6a3782c-7ff7a6a37846 call 7ff7a6a35a40 call 7ff7a6a35a60 call 7ff7a6a35940 861->864 865 7ff7a6a37ac7-7ff7a6a37ade 862->865 867 7ff7a6a3787d-7ff7a6a37883 863->867 868 7ff7a6a37874-7ff7a6a3787b 863->868 864->865 870 7ff7a6a37885-7ff7a6a3788e call 7ff7a6a36c14 867->870 871 7ff7a6a37893-7ff7a6a378a1 call 7ff7a6a3dd98 867->871 868->864 868->867 870->871 878 7ff7a6a378a7-7ff7a6a378b7 871->878 879 7ff7a6a379b2-7ff7a6a379c2 871->879 878->879 883 7ff7a6a378bd-7ff7a6a378d0 call 7ff7a6a38598 878->883 881 7ff7a6a37a11-7ff7a6a37a36 WriteFile 879->881 882 7ff7a6a379c4-7ff7a6a379c9 879->882 885 7ff7a6a37a38-7ff7a6a37a3e GetLastError 881->885 886 7ff7a6a37a41 881->886 887 7ff7a6a379fd-7ff7a6a37a0a call 7ff7a6a37380 882->887 888 7ff7a6a379cb-7ff7a6a379ce 882->888 894 7ff7a6a378e8-7ff7a6a37904 GetConsoleMode 883->894 895 7ff7a6a378d2-7ff7a6a378e2 883->895 885->886 891 7ff7a6a37a44 886->891 896 7ff7a6a37a0f 887->896 892 7ff7a6a379e9-7ff7a6a379fb call 7ff7a6a375a0 888->892 893 7ff7a6a379d0-7ff7a6a379d3 888->893 897 7ff7a6a37a49 891->897 901 7ff7a6a379a6-7ff7a6a379ad 892->901 898 7ff7a6a37a4e-7ff7a6a37a58 893->898 899 7ff7a6a379d5-7ff7a6a379e7 call 7ff7a6a37484 893->899 894->879 902 7ff7a6a3790a-7ff7a6a3790d 894->902 895->879 895->894 896->901 897->898 903 7ff7a6a37a5a-7ff7a6a37a5f 898->903 904 7ff7a6a37abe-7ff7a6a37ac3 898->904 899->901 901->897 907 7ff7a6a37913-7ff7a6a3791a 902->907 908 7ff7a6a37994-7ff7a6a379a1 call 7ff7a6a36e94 902->908 909 7ff7a6a37a8e-7ff7a6a37a9f 903->909 910 7ff7a6a37a61-7ff7a6a37a64 903->910 904->865 907->898 913 7ff7a6a37920-7ff7a6a3792e 907->913 908->901 914 7ff7a6a37aa1-7ff7a6a37aa4 909->914 915 7ff7a6a37aa6-7ff7a6a37ab6 call 7ff7a6a35a60 call 7ff7a6a35a40 909->915 916 7ff7a6a37a81-7ff7a6a37a89 call 7ff7a6a359f0 910->916 917 7ff7a6a37a66-7ff7a6a37a76 call 7ff7a6a35a60 call 7ff7a6a35a40 910->917 913->891 919 7ff7a6a37934 913->919 914->862 914->915 915->904 916->909 917->916 923 7ff7a6a37937-7ff7a6a3794e call 7ff7a6a3de64 919->923 932 7ff7a6a37950-7ff7a6a3795a 923->932 933 7ff7a6a37986-7ff7a6a3798f GetLastError 923->933 934 7ff7a6a37977-7ff7a6a3797e 932->934 935 7ff7a6a3795c-7ff7a6a3796e call 7ff7a6a3de64 932->935 933->891 934->891 936 7ff7a6a37984 934->936 935->933 939 7ff7a6a37970-7ff7a6a37975 935->939 936->923 939->934
                                                                      APIs
                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A3783E
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB,?,?,?,00007FF7A6A37BAE), ref: 00007FF7A6A378FC
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB,?,?,?,00007FF7A6A37BAE), ref: 00007FF7A6A37986
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2210144848-0
                                                                      • Opcode ID: ebfacf7f234232937329807152f3a504317d623b91edc3017981ea161f13b768
                                                                      • Instruction ID: 8fd381459aa4cc125d696c30ecd4f669a30b41b5ae518f0964ce2e9bcf9435a9
                                                                      • Opcode Fuzzy Hash: ebfacf7f234232937329807152f3a504317d623b91edc3017981ea161f13b768
                                                                      • Instruction Fuzzy Hash: E781B12AE1A61285F75ABF648C41ABAA660BF44F84FC60135DE0E577B1EE3CE441C334
                                                                      Function 00007FF7A6A29BB4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 1321466686-0
                                                                      • Opcode ID: 4f6902eb37e6eef12981603fab62300cdef59e7fd256032db2106749a544459e
                                                                      • Instruction ID: ca2ee6b96a8dfaf3fc71dbf7d4dfb3e0b462a14065c491b4729596cc0d5c054e
                                                                      • Opcode Fuzzy Hash: 4f6902eb37e6eef12981603fab62300cdef59e7fd256032db2106749a544459e
                                                                      • Instruction Fuzzy Hash: 4D313B21A4E60345FA14BB319D15BBBD292AF45F84FC64034EA4E272F7EE6DF4058271
                                                                      Function 00007FF7A6A2FEB8 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2907017715-0
                                                                      • Opcode ID: b56567c86df9a1df7e3c984ebb8a255b8d3087ce283afbec8c8fb5752e116410
                                                                      • Instruction ID: 871339b03384fd5fe8e403719f185094df34e9a9eb12346045c74bc6e8dea4b6
                                                                      • Opcode Fuzzy Hash: b56567c86df9a1df7e3c984ebb8a255b8d3087ce283afbec8c8fb5752e116410
                                                                      • Instruction Fuzzy Hash: 5231E672E09B4146E654AF249D0066BB650FF55FA0F554335EB6D03AF2EF3CE1A08B60
                                                                      Function 00007FF7A6A34370 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 604c1ad190159064f8d0d9f17bd79febb7bb51acc42eb22ba23c993cd3b9a3ca
                                                                      • Instruction ID: 5904a7f30b07915eba4145f7e38c454322dab89981b62fc9aefc80f04f7f8908
                                                                      • Opcode Fuzzy Hash: 604c1ad190159064f8d0d9f17bd79febb7bb51acc42eb22ba23c993cd3b9a3ca
                                                                      • Instruction Fuzzy Hash: 5FE01224A1570283E6187B209C99B7AA251EF84F41F914438C50E033B6ED3DE4444230
                                                                      Function 00007FF7A6A3986C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: try_get_function
                                                                      • String ID: AppPolicyGetProcessTerminationMethod
                                                                      • API String ID: 2742660187-2031265017
                                                                      • Opcode ID: 4bcc9b3ccb7240cf48817a96642029c3a2284b7926d128bd08fd199ae4dc2826
                                                                      • Instruction ID: 08e127e44e02f331e131e06fa25e1ba07e7821ffc4f302e041f780801068222f
                                                                      • Opcode Fuzzy Hash: 4bcc9b3ccb7240cf48817a96642029c3a2284b7926d128bd08fd199ae4dc2826
                                                                      • Instruction Fuzzy Hash: 84E04F91E0790691FB0867A1AC149B292519F9CBB0EC95331D93D063F0BE2CAA958220
                                                                      Function 00007FF7A6A2BDA0 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 551a24d3dd0432e0cadfa337d9e17c8f920c54420629120b7131c68249c0f4c1
                                                                      • Instruction ID: e8e8c8132704e8ce4654bdaceca7ab9b9398babfbafb9ced80ef3350d87048e6
                                                                      • Opcode Fuzzy Hash: 551a24d3dd0432e0cadfa337d9e17c8f920c54420629120b7131c68249c0f4c1
                                                                      • Instruction Fuzzy Hash: D551F963B4A64147E628BF359800E7BE692BF44F68F964230DE6D277F5EE3CD4418620
                                                                      Function 00007FF7A6A2D330 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 03f8c4f89a52639dc69cc4b46075b24e064f2aca8c5f987fb114b51f21b2416b
                                                                      • Instruction ID: a6d33462da4e8293f502feb973d46778cff769721b8d38411c5d60b10f9b5a2c
                                                                      • Opcode Fuzzy Hash: 03f8c4f89a52639dc69cc4b46075b24e064f2aca8c5f987fb114b51f21b2416b
                                                                      • Instruction Fuzzy Hash: CF61B87294E70286FB64BF34C85467EB7A2FB15F18F961135C64A621F6EF28E440C620
                                                                      Function 00007FF7A6A37380 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID:
                                                                      • API String ID: 442123175-0
                                                                      • Opcode ID: 4f69ec7f74ae699877823745ca97606d01ceb968620d13cf4aec09a9a8799651
                                                                      • Instruction ID: b0828d997c222b3d34494adffdf53f99b8ef9285be1f8efef027d3269d53f227
                                                                      • Opcode Fuzzy Hash: 4f69ec7f74ae699877823745ca97606d01ceb968620d13cf4aec09a9a8799651
                                                                      • Instruction Fuzzy Hash: 6731F736A1AB818ADB11AF15E840AEAF7A0FB58B80FC54032DB4E43764EF3CE455C714
                                                                      Function 00007FF7A6A36D0C Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType
                                                                      • String ID:
                                                                      • API String ID: 3000768030-0
                                                                      • Opcode ID: 2ca9993425302d11335e1652840a998e65625aa6a18f41d6fdad1bdfd07849ae
                                                                      • Instruction ID: cf08fdb3ecaf4bdefdf5532dbbf9d0f38bbf5b56b9ac7984c225dbf8162ff96f
                                                                      • Opcode Fuzzy Hash: 2ca9993425302d11335e1652840a998e65625aa6a18f41d6fdad1bdfd07849ae
                                                                      • Instruction Fuzzy Hash: 2031D625919F4181D768AB14889057AA690FB45FF0BB92339DB5E073F4DF38E461C350
                                                                      Function 00007FF7A6A36B70 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,00007FF7A6A37893,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB), ref: 00007FF7A6A36BB4
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A37893,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A377BB), ref: 00007FF7A6A36BBE
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 41cc6d5bdf9a5dc440c86a1a687a0af25ce893ca5a364656609af41169203595
                                                                      • Instruction ID: e06361fcb7c6486fef855c88c465b40cf1e0dddd2804b9310880a108d291668f
                                                                      • Opcode Fuzzy Hash: 41cc6d5bdf9a5dc440c86a1a687a0af25ce893ca5a364656609af41169203595
                                                                      • Instruction Fuzzy Hash: A901E565A19A4241DE14AF29EC5447AA250AF80FF0FD55332EA3E0B7F5EE3CD0518710
                                                                      Function 00007FF7A6A35BD8 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF7A6A35B0B,?,?,00000000,00007FF7A6A35BB3,?,?,?,?,?,?,00007FF7A6A2BCB2), ref: 00007FF7A6A35C3E
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A35B0B,?,?,00000000,00007FF7A6A35BB3,?,?,?,?,?,?,00007FF7A6A2BCB2), ref: 00007FF7A6A35C48
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID:
                                                                      • API String ID: 918212764-0
                                                                      • Opcode ID: 2c590a4e6f3ae4dbfeb2fe714c046f3b22d8df01d646a30b40b750db35e5ac70
                                                                      • Instruction ID: c7ae6ca3dd08207581636b1de89bd5d65c8822168e73eb547bb0e3939bcd92e0
                                                                      • Opcode Fuzzy Hash: 2c590a4e6f3ae4dbfeb2fe714c046f3b22d8df01d646a30b40b750db35e5ac70
                                                                      • Instruction Fuzzy Hash: 8011DA19F0A94201EE9C77699D98A7F92815F40FA8FD60235DB2E463F2FD6CF4444321
                                                                      Function 00007FF7A6A36914 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8a938a14db64c120b990eaa2697fbedf78ea3316998f0bec7bf6d09eaf4bf6d3
                                                                      • Instruction ID: 7e7d81acc2142d000e88b653b0a32f35d6b3a4df3024ff1f3af24de228adcab6
                                                                      • Opcode Fuzzy Hash: 8a938a14db64c120b990eaa2697fbedf78ea3316998f0bec7bf6d09eaf4bf6d3
                                                                      • Instruction Fuzzy Hash: 0D41E536D0A21147EA5CAB18CA41A7EB3B0FB01F54F855131DA4D877A1EF3CE462C761
                                                                      Function 00007FF7A6A3307C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: af202a245decdf49febda4a7e224a183fe1c410a05a19f6e6f3cb4efe9ae17e3
                                                                      • Instruction ID: cb227ca8dd35f1df7a2be4efce2e6fcf2f510a68003e85005ade569a86ae789a
                                                                      • Opcode Fuzzy Hash: af202a245decdf49febda4a7e224a183fe1c410a05a19f6e6f3cb4efe9ae17e3
                                                                      • Instruction Fuzzy Hash: 2F31C53AA0EA8681EE58AB25DD4477AA750AF41FD4F865131D90E073E5EF3CE4418370
                                                                      Function 00007FF7A6A25F30 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 840049012-0
                                                                      • Opcode ID: c4f04f011b439d12fb6a6283a04ede597623416ee84e0ed76dc79fad205a3f64
                                                                      • Instruction ID: fc33a734533c9f90a5915d929691eece5d5502b80e46c763c904bb7b15d624d7
                                                                      • Opcode Fuzzy Hash: c4f04f011b439d12fb6a6283a04ede597623416ee84e0ed76dc79fad205a3f64
                                                                      • Instruction Fuzzy Hash: 2D21B121B8F29142EA14AB225D04BBBD642BB55FC4FC96031DE0D2BBA5EE3CE112C310
                                                                      Function 00007FF7A6A363A0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: f7b1018d95059be5f2472aeab238b1d50f2d05f474b142899e98b1aa8551e0f9
                                                                      • Instruction ID: e1f8f9530c573bcf572b8713621529107b2b1cd6011b6cc93a7c6341574ff849
                                                                      • Opcode Fuzzy Hash: f7b1018d95059be5f2472aeab238b1d50f2d05f474b142899e98b1aa8551e0f9
                                                                      • Instruction Fuzzy Hash: B431D226E0A60185E3587B548D85B7EA650AF80FA4FD60135EA2D033F2EF7CA4409331
                                                                      Function 00007FF7A6A37710 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a823532ccca3d227c5edd3d8410f9d75198228907886328e198eeacd7f4cfbb4
                                                                      • Instruction ID: 2f8daef99f244764bc15de3dbd913159a53a08be34d18271d483fc993a0fa3b0
                                                                      • Opcode Fuzzy Hash: a823532ccca3d227c5edd3d8410f9d75198228907886328e198eeacd7f4cfbb4
                                                                      • Instruction Fuzzy Hash: 1021E22AE0A64245E64A7F159C45B3EA650FF40FA0FD60534EA1D073E2EF7CE4419735
                                                                      Function 00007FF7A6A36A80 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5ba0a5105dcadc94e8368fa138fe4039e798ae2bbd3ceeeb6a5f08dce0d6a88e
                                                                      • Instruction ID: 1dddbd2203eb14a4b40fb183341209371b9f2c53104ac8957cf01d3e58b7a24c
                                                                      • Opcode Fuzzy Hash: 5ba0a5105dcadc94e8368fa138fe4039e798ae2bbd3ceeeb6a5f08dce0d6a88e
                                                                      • Instruction Fuzzy Hash: A321F366E0A64145E6497F159C85B7AA650BF40FB0FD61234FA2E0B3E3EE3CE4419730
                                                                      Function 00007FF7A6A30C68 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 71762e15dc803462ab9d729bb723aa1cf0c5538ee3f3f81ab0fb9a79e79d0e25
                                                                      • Instruction ID: 9b0cb55343dca1364df5ae8188e64a1eca1dfb8fd69606b278d66b423d0048e5
                                                                      • Opcode Fuzzy Hash: 71762e15dc803462ab9d729bb723aa1cf0c5538ee3f3f81ab0fb9a79e79d0e25
                                                                      • Instruction Fuzzy Hash: AB116226B0E64181EA68BF55980097BE264FF44F84FC64431EB8D5B6A6EF3CE5409760
                                                                      Function 00007FF7A6A40944 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 0f15acf2641b5d781a49305b0aeed29c104034390bdf68f53405848f399878a0
                                                                      • Instruction ID: 98ab8892bf0f5599d38dcf4a958bccbe1a103a99e5445a28c3deeebdb4711125
                                                                      • Opcode Fuzzy Hash: 0f15acf2641b5d781a49305b0aeed29c104034390bdf68f53405848f399878a0
                                                                      • Instruction Fuzzy Hash: B421D733709A4286E760AF18DC44B7AB6A0FB84F54F950234E6AD476EAEF3DD4008B10
                                                                      Function 00007FF7A6A342B4 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 450686711e36774b74e495128d3cbab4811d3647f709a350abe0e0b63df198b2
                                                                      • Instruction ID: 676428fd030bddfca5b5974258c61fbb1e2270011c9d89cbd998d92dcf3ae3c0
                                                                      • Opcode Fuzzy Hash: 450686711e36774b74e495128d3cbab4811d3647f709a350abe0e0b63df198b2
                                                                      • Instruction Fuzzy Hash: DA218335E06B018AEB58AF64C8446EDB7A0EB44B08F854539D60D03AD5EF38D445CBA0
                                                                      Function 00007FF7A6A2C020 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: dfbebf30cb48f738f0eabcbc411d10d919f2fa8ec73a96adcb798d315a66a38a
                                                                      • Instruction ID: 3d1b5d44610264c3c7f0a15ce0dfe71d5407338c8522e3534f253851a9837514
                                                                      • Opcode Fuzzy Hash: dfbebf30cb48f738f0eabcbc411d10d919f2fa8ec73a96adcb798d315a66a38a
                                                                      • Instruction Fuzzy Hash: 040108A2A8974141E648FB729D0047BE692BF85FE0F894631DE5C23BF6EE3CE4018310
                                                                      Function 00007FF7A6A35B34 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 921391608e5ef47ff655efd2ab22c4f7aa06a97ebf2cc33185167e344bcbb9ec
                                                                      • Instruction ID: 533a75e4508bd07e960a67a1c89d273a923659cd6a4b2e9998d64dffb17b8133
                                                                      • Opcode Fuzzy Hash: 921391608e5ef47ff655efd2ab22c4f7aa06a97ebf2cc33185167e344bcbb9ec
                                                                      • Instruction Fuzzy Hash: 7111936AD0AA4685D608BF58C8486AEB760FF80B60FD24132E74D0A2F6FF7CD000D761
                                                                      Function 00007FF7A6A2BC60 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: a02a4c2024a2f616504b9873a248a5efe5acaef9ed42354d5ef7c93163b3202f
                                                                      • Instruction ID: ce45dd3f71b3b350db45fd34c8bb620cb89e1ae45c059720cabcf5e6a48ad0b4
                                                                      • Opcode Fuzzy Hash: a02a4c2024a2f616504b9873a248a5efe5acaef9ed42354d5ef7c93163b3202f
                                                                      • Instruction Fuzzy Hash: 75017566E0B90242F9187B799C59B7B91519F45F68FD60230E91A562F3EE2CF4408320
                                                                      Function 00007FF7A6A2F93C Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 25cb22c51f4c74deb1fef866baf24ad7c1d1857b1078a813ab3e6a212055e277
                                                                      • Instruction ID: 86845f97110ca71d888e50a0e40acd4fb02099bd1e3b59e801324b796f35a084
                                                                      • Opcode Fuzzy Hash: 25cb22c51f4c74deb1fef866baf24ad7c1d1857b1078a813ab3e6a212055e277
                                                                      • Instruction Fuzzy Hash: 9611F576A01F1598EB10DFB0E8814DD37B8FB1876CB910626EA4D22B68EF34C1A5C790
                                                                      Function 00007FF7A6A2D9B8 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 331816b0be69161290bf56c5e6be8e392ddf5581ef7ab15aeb3d1c2c011a5871
                                                                      • Instruction ID: b2b6f2f9b5148b6bcaff971718b458cf20676b88aa6d0b9a4ab49ac8454c6353
                                                                      • Opcode Fuzzy Hash: 331816b0be69161290bf56c5e6be8e392ddf5581ef7ab15aeb3d1c2c011a5871
                                                                      • Instruction Fuzzy Hash: 0DF0D16190D74141EB687F398845BBAA362DF41F24F9A4235CA1D172F7FE29D881C330
                                                                      Function 00007FF7A6A2C0C8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: a4415b3269173f7f4f0bd62eee521d4367db5f901a5c1b6d994fb41293a57904
                                                                      • Instruction ID: 277d8c96aa0c322b0c0d24c1f4e7798217fdc16c8ba914252f042466ebf500ea
                                                                      • Opcode Fuzzy Hash: a4415b3269173f7f4f0bd62eee521d4367db5f901a5c1b6d994fb41293a57904
                                                                      • Instruction Fuzzy Hash: FDF0F661A8964140EB44BB76AC0142FE1529F85FE0F9A5530FA4A57BB6EE2CD4414720
                                                                      Function 00007FF7A6A2BCE4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: eb292ca8be196a59f928dbf214a93a74faa9c0c465ca53e9979e54a34e0e1708
                                                                      • Instruction ID: 5409bf3bb36cc0e4b03d4e922b36b1673e8a4ecb69a3b67f24e7c779cc156479
                                                                      • Opcode Fuzzy Hash: eb292ca8be196a59f928dbf214a93a74faa9c0c465ca53e9979e54a34e0e1708
                                                                      • Instruction Fuzzy Hash: 5AF0B462D8E50642E944BB78AC419BBA2819F40F68FEA1530EA19572F3FE2CE4418630
                                                                      Function 00007FF7A6A33028 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: fd7fdfe1bc42991355dbe33c27bd56e413128a1f4742185d729afad5f4142b2a
                                                                      • Instruction ID: 56590bdbb2c4b8a0b2ab33e02f35b65ea0da9b3ce87d6894dda7027768378849
                                                                      • Opcode Fuzzy Hash: fd7fdfe1bc42991355dbe33c27bd56e413128a1f4742185d729afad5f4142b2a
                                                                      • Instruction Fuzzy Hash: 2FE0E521A4F68240ED08BB75AC0157BA1109F45FF0F862730EA3E073F2FE2CE0404620
                                                                      Function 00007FF7A6A25EE0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A268F0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                      • LoadLibraryExW.KERNELBASE(?,?,?,?), ref: 00007FF7A6A25F03
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                      • String ID:
                                                                      • API String ID: 2592636585-0
                                                                      • Opcode ID: c35c8d8bcaca70b3f30941a176a758d1f6cdcbdb41c3e5815e768ec8ba8b2534
                                                                      • Instruction ID: 13db1ad069ce6e7f73e0850ce1bdebb7a1d97bc8942287c041b9c1fe17b6ffb6
                                                                      • Opcode Fuzzy Hash: c35c8d8bcaca70b3f30941a176a758d1f6cdcbdb41c3e5815e768ec8ba8b2534
                                                                      • Instruction Fuzzy Hash: 29E08611B1558146DA18A777AD1686BE152AF88FC0B889035DE0D47B76ED2CD4908A00
                                                                      Function 00007FF7A6A35A80 Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID:
                                                                      • API String ID: 3298025750-0
                                                                      • Opcode ID: 66960a070f14a194df4a92390411d70647c43af3b7a0c854f344bb937d68e411
                                                                      • Instruction ID: ea6b9024ed46e93c83be81a591f312f55bbf9e983263c0950b152020d2b5d403
                                                                      • Opcode Fuzzy Hash: 66960a070f14a194df4a92390411d70647c43af3b7a0c854f344bb937d68e411
                                                                      • Instruction Fuzzy Hash: 94D0A748E2B80743FA1CB3A65C8CC3382411F94F40FC90030CA0D41271BE1C54C01170
                                                                      Function 00007FF7A6A37E44 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF7A6A37DB2,?,?,?,00007FF7A6A2CFD7), ref: 00007FF7A6A37E82
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: cbacf42f6c434606945c3d8b81b52a6b030c9802bb7949b29a9da8bb99df4a57
                                                                      • Instruction ID: 4d3c60bde72be18a5d14870c17bea9d38f7010ba7d2c666b903b2ec022fee736
                                                                      • Opcode Fuzzy Hash: cbacf42f6c434606945c3d8b81b52a6b030c9802bb7949b29a9da8bb99df4a57
                                                                      • Instruction Fuzzy Hash: 78F05E09E1B30281FA6E36B15C40EB792815F46FA0F9A4630D92E452E2FE2CE8804134

                                                                      Non-executed Functions

                                                                      Function 00007FF7A6A25510 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF7A6A254DD), ref: 00007FF7A6A255AA
                                                                      • GetCurrentProcessId.KERNEL32(?,00007FF7A6A254DD), ref: 00007FF7A6A255B0
                                                                        • Part of subcall function 00007FF7A6A25720: GetEnvironmentVariableW.KERNEL32(00007FF7A6A227A9,?,?,?,?,?,?), ref: 00007FF7A6A2575A
                                                                        • Part of subcall function 00007FF7A6A25720: ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A25777
                                                                        • Part of subcall function 00007FF7A6A31D2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A31D45
                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7A6A25661
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                      • API String ID: 1556224225-1116378104
                                                                      • Opcode ID: c1b2f416d75a4b6b7a5ec7b89b2c8ddc3538bce04b7e787553e0933dc1e9b260
                                                                      • Instruction ID: f2181bef5f45847e4ea44a47ed83bf2fd3e77b65540113da88d9445e29118024
                                                                      • Opcode Fuzzy Hash: c1b2f416d75a4b6b7a5ec7b89b2c8ddc3538bce04b7e787553e0933dc1e9b260
                                                                      • Instruction Fuzzy Hash: 0751D111B8BA4205FA54BB32AD56ABBD2426F49FC0FC65031ED0E577B7FD2CE4018620
                                                                      Function 00007FFE13332C20 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 313767242-0
                                                                      • Opcode ID: cde09f3980b0358393566450e11165371852a9086df67a8d9c52c17f8d91002a
                                                                      • Instruction ID: 2d7b616e6a06bd5537be8bd9b431960a81b0732acef6452aca0607762ae68df3
                                                                      • Opcode Fuzzy Hash: cde09f3980b0358393566450e11165371852a9086df67a8d9c52c17f8d91002a
                                                                      • Instruction Fuzzy Hash: 47318F72609F818AEB608F61E8803EDB760FB94B54F44803ADA5E97BA4DF3CD548C714
                                                                      Function 00007FFE1A466104 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 313767242-0
                                                                      • Opcode ID: 7ca2ee392c9ada51f1324eb515092b31bea3abfe0bcce6a82c1ee8928e7227b9
                                                                      • Instruction ID: 29d1af0c0be05a034beb99b9f5c2785680f1119cf58c304b558afbc04c09ebc7
                                                                      • Opcode Fuzzy Hash: 7ca2ee392c9ada51f1324eb515092b31bea3abfe0bcce6a82c1ee8928e7227b9
                                                                      • Instruction Fuzzy Hash: 41314B76709EC186EB649F65E8403F96370FB84B64F4444BADA4E47AA8EF38D658C700
                                                                      Function 00007FFE1A451AF0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 313767242-0
                                                                      • Opcode ID: 02e2d915b29e039d0c0129752fa0162666c9946162aba3b5f89e2f81820b6aa5
                                                                      • Instruction ID: 20dec2a08caac81f2bd3e3d37fb52040eca4f54be4bf969a3e3e42d389e661a2
                                                                      • Opcode Fuzzy Hash: 02e2d915b29e039d0c0129752fa0162666c9946162aba3b5f89e2f81820b6aa5
                                                                      • Instruction Fuzzy Hash: 80315EB2708F8186EB60AF65E8503FD73A0FB44B54F40447ADA4D47AA8DF38D558C700
                                                                      Function 00007FF7A6A2A348 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: d94639060063afa1d899b94e8cd31f04fef57491b3cbb55aa90edf4c43d56219
                                                                      • Instruction ID: aa92f14a75a441ddb129e7da736c20560db0214b96596e3d11da6554d145d41c
                                                                      • Opcode Fuzzy Hash: d94639060063afa1d899b94e8cd31f04fef57491b3cbb55aa90edf4c43d56219
                                                                      • Instruction Fuzzy Hash: D4316476605B818AE760AF64EC447EEB361FB84B48F854039DB4E57AA4EF3CD548C720
                                                                      Function 00007FFE133345C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$AuditErr_FormatRestoreSaveSys_bind
                                                                      • String ID: bind$socket.bind
                                                                      • API String ID: 1695574521-187351271
                                                                      • Opcode ID: 894707191f11cf39211571ab5ebc628d01ecfc936a6cdc509eacd2d0b686f231
                                                                      • Instruction ID: 0c85964aa4d75e280ed2bbad90bdd5be4fc4d907c79d1af35e1dec9ccd3e32ee
                                                                      • Opcode Fuzzy Hash: 894707191f11cf39211571ab5ebc628d01ecfc936a6cdc509eacd2d0b686f231
                                                                      • Instruction Fuzzy Hash: 68111F65A08F4289E6209B52F8407A9A364FFA8FA0F048172DE9D67B64DF3CE445C704
                                                                      Function 00007FF7A6A40000 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                      • String ID:
                                                                      • API String ID: 435049134-0
                                                                      • Opcode ID: 64c4211e4781ddf248c92d5f37fe669dabd027b1e356cb9b66040eb2526a4fea
                                                                      • Instruction ID: 2ea6cc6ab07c9b6828deb7238fdb0349c66deacc698492005c2f626bc9295fe7
                                                                      • Opcode Fuzzy Hash: 64c4211e4781ddf248c92d5f37fe669dabd027b1e356cb9b66040eb2526a4fea
                                                                      • Instruction Fuzzy Hash: 82B1DE26B1A64286E724FF229C44DBBE751BB84F84F824135EA1D43AB5FF3CE4419760
                                                                      Function 00007FF7A6A3C064 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 3215553584-0
                                                                      • Opcode ID: 8efc7e9ad3f3f94081811ddcb40a9b85c3a855a4f431ee3a19f5cc753d332a5c
                                                                      • Instruction ID: ce848e067501738393c6080bfd54355861ef0aa4dc479ed12094e8b80a3a533f
                                                                      • Opcode Fuzzy Hash: 8efc7e9ad3f3f94081811ddcb40a9b85c3a855a4f431ee3a19f5cc753d332a5c
                                                                      • Instruction Fuzzy Hash: E1A1F766B1A68141EB54EB629C049BBE390FB44FD4F825132DE5E07BA4EF3CD4459320
                                                                      Function 00007FF7A6A3572C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: 89dd4c727fdbf041b383a489a74d35900f035f9cda0a6efefbf374b83f5cf37e
                                                                      • Instruction ID: 2f1b84cda14d49dd09717fe6da6d77ec35ba086fdafa812819b508d4f25cf47c
                                                                      • Opcode Fuzzy Hash: 89dd4c727fdbf041b383a489a74d35900f035f9cda0a6efefbf374b83f5cf37e
                                                                      • Instruction Fuzzy Hash: B7315E36619F8186D760DF25EC446AEB3A4FB84B58F950136EB9D43B64EF38C1458B10
                                                                      Function 00007FFE13335544 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_listen
                                                                      • String ID: |i:listen
                                                                      • API String ID: 3610171639-1087349693
                                                                      • Opcode ID: ebd0611ca1549b800ea2162c17b8b11dd0d0ec0424a05e4d2022515d59b66883
                                                                      • Instruction ID: 43d28c6ce3641345f8255583e42ee881cb57f459aaf5132af681498699ef27ef
                                                                      • Opcode Fuzzy Hash: ebd0611ca1549b800ea2162c17b8b11dd0d0ec0424a05e4d2022515d59b66883
                                                                      • Instruction Fuzzy Hash: 71012D61A08F41CAE7508B63E88416AB3B1FF98FA0B048071DA9E57B68DF3CE4498704
                                                                      Function 00007FF7A6A3FF1C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                      • String ID: ?
                                                                      • API String ID: 1286766494-1684325040
                                                                      • Opcode ID: 43749bf6a4c5632896b3c6b0b3649e7cdffb09d1a1dad26ada918f813c37b108
                                                                      • Instruction ID: b10c85d2fda3a54cfcb8413dfdb3d179227f7c85463850f6b8d9b15b9ed1c752
                                                                      • Opcode Fuzzy Hash: 43749bf6a4c5632896b3c6b0b3649e7cdffb09d1a1dad26ada918f813c37b108
                                                                      • Instruction Fuzzy Hash: 76911426F1A65286EB24BF258C04A7BA651EF91FD4F964031EE5C07AE5EF3CD841C360
                                                                      Function 00007FFE1A46F634 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1A46CDEA,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46F649
                                                                      • VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1A46CDEA,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46F687
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AllocInfoSystemVirtual
                                                                      • String ID:
                                                                      • API String ID: 3440192736-0
                                                                      • Opcode ID: d12ec598b130cf99cec587ec54ac1f087e2ac8be571b8a4a304b82bee799b0c0
                                                                      • Instruction ID: b5013575fb31a6930769b3466c03bc127828b1837f367ffec02bfc39b491a453
                                                                      • Opcode Fuzzy Hash: d12ec598b130cf99cec587ec54ac1f087e2ac8be571b8a4a304b82bee799b0c0
                                                                      • Instruction Fuzzy Hash: 1601D632B18A4247EF508B96A44023433E5BF58FA1F8400FAD94D87374DF2DE4268700
                                                                      Function 00007FFE13335A58 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: memsetrecvfrom
                                                                      • String ID:
                                                                      • API String ID: 3853191257-0
                                                                      • Opcode ID: 1756e319e08046afacee54d5f63b443057564f6573973c4b07ade24e4f6d7428
                                                                      • Instruction ID: b64e9c98d0abb879b9300053c50e91ad360f0094ae6966a0c5341d5636a6fac6
                                                                      • Opcode Fuzzy Hash: 1756e319e08046afacee54d5f63b443057564f6573973c4b07ade24e4f6d7428
                                                                      • Instruction Fuzzy Hash: D001EC76B04F4582DB14CF2AE481129B3B1F788FA8B258235DE6D4B7A8DF38D491C744
                                                                      Function 00007FF7A6A24430 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                      • API String ID: 2238633743-1453502826
                                                                      • Opcode ID: 66c3265c9ee181e582d8d8ff28a4b9b0c1c9f2ac8d8cf2dff82eeb8f56dd1e4e
                                                                      • Instruction ID: 36a1eff4e65bc80383d27c3c449089d1d096028183c4eb4756165450a05a27f4
                                                                      • Opcode Fuzzy Hash: 66c3265c9ee181e582d8d8ff28a4b9b0c1c9f2ac8d8cf2dff82eeb8f56dd1e4e
                                                                      • Instruction Fuzzy Hash: BBE1C568A5FB4391EA1AEB14FC589B6A3A6EF46F44BC65431C90D062B4FF7CE544C230
                                                                      Function 00007FFE1A464F18 Relevance: 117.6, APIs: 49, Strings: 18, Instructions: 350COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F39
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F71
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F97
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FB6
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FD9
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FF8
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46501E
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46503D
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465063
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465082
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4650A8
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4650C7
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4650ED
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46510C
                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465134
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465153
                                                                      • PyLong_FromVoidPtr.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46517B
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46519A
                                                                      • PyLong_FromVoidPtr.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4651C2
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4651E1
                                                                      • PyLong_FromVoidPtr.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465209
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465228
                                                                      • PyLong_FromVoidPtr.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465250
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46526F
                                                                      • PyLong_FromVoidPtr.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465297
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4652B6
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4652D9
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4652F8
                                                                      • PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46531B
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465336
                                                                      • PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46536E
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691A3
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691B2
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691C1
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691D0
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691DF
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691EE
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4691FD
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46920C
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46921B
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46922A
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469239
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469248
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469257
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469266
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469275
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A469291
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4692A0
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4692AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Module_Object$From$Long_$Long$Void$StringUnicode_
                                                                      • String ID: 1.1.0$ArgumentError$COMError$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$RTLD_GLOBAL$RTLD_LOCAL$__version__$_cast_addr$_memmove_addr$_memset_addr$_pointer_type_cache$_string_at_addr$_wstring_at_addr
                                                                      • API String ID: 2895207140-3907785099
                                                                      • Opcode ID: 2f87eb848d32a16b4b0033ca104b47d721acf6dff1b34ab5b6c804d3598f50cb
                                                                      • Instruction ID: e3aa3c4240ef56336e154fa62df44c0f2757eb8d1de896c59e99973c2224281a
                                                                      • Opcode Fuzzy Hash: 2f87eb848d32a16b4b0033ca104b47d721acf6dff1b34ab5b6c804d3598f50cb
                                                                      • Instruction Fuzzy Hash: 61E10E29B0AF4281FB458B63E5641B833A4AF89FB5B4404F7C91E97371EF7CE5688241
                                                                      Function 00007FFE1A46C944 Relevance: 66.7, APIs: 27, Strings: 11, Instructions: 245COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Err_ErrorLast_errno$Sequence_UnraisableWrite$CallContainsDict_EnsureItemObjectObject_SizeState_StringSubtypeTuple_Type_Warnmemcpy
                                                                      • String ID: BUG: PySequence_Length$Getting argument converter %zd$Parsing argument %zd$PyTuple_New()$cannot build parameter$create argument %zd:$getting _needs_com_addref_$memory leak in callback function.$on calling ctypes callback function$on converting result of ctypes callback function$unexpected result of create argument %zd:
                                                                      • API String ID: 3941089121-774023293
                                                                      • Opcode ID: 4dd69db447ed23b8bd1aaab78cbbb4f82e75be3912e8fad494e6638e4bdbdcf9
                                                                      • Instruction ID: 9267b3a63bd261d4b1e8e8ad1ef36dcf8c9702d739741e4cadc53668616b3962
                                                                      • Opcode Fuzzy Hash: 4dd69db447ed23b8bd1aaab78cbbb4f82e75be3912e8fad494e6638e4bdbdcf9
                                                                      • Instruction Fuzzy Hash: 52B1F326F09E8281EA649F63E85427923A0BF85FB1F4444F7CA5E477B5DE3CE8658304
                                                                      Function 00007FFE13336590 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 240threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Err_String$Eval_List_SizeThreadUnicode_freeaddrinfo$AppendArg_AuditBuildEncodedKeywords_LongLong_OccurredParseRestoreS_snprintfSaveSys_TupleValue_getaddrinfo
                                                                      • String ID: %ld$Int or String expected$OOiii$OO|iiii:getaddrinfo$getaddrinfo() argument 1 must be string or None$idna$iiisO$socket.getaddrinfo
                                                                      • API String ID: 3700949282-3943835681
                                                                      • Opcode ID: 36b7fee2362cdf4b2a12039fc84ef9bcf82957bd3ac9fdaa818060f26ded5835
                                                                      • Instruction ID: 45ee03c234db3df00ce7ad2c432d5a331d0710edcc2a294a0bea78387d9e00b4
                                                                      • Opcode Fuzzy Hash: 36b7fee2362cdf4b2a12039fc84ef9bcf82957bd3ac9fdaa818060f26ded5835
                                                                      • Instruction Fuzzy Hash: 6AB11E36B09E128EEB10CF62D4805BCA770EB68FB4B048175DD2D6B764DE3CE5499308
                                                                      Function 00007FFE1A508C24 Relevance: 54.6, APIs: 3, Strings: 28, Instructions: 352COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                      • API String ID: 2943138195-1388207849
                                                                      • Opcode ID: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                      • Instruction ID: 26f6b80fc4cf46b3081415f501e243657fe3edc1d6da8dad85d0928c0395b769
                                                                      • Opcode Fuzzy Hash: 34b20832b4d5a9c82cdd9a34609b0a596913eac70dfc3082442192f721d64891
                                                                      • Instruction Fuzzy Hash: E9F18CB2F0CE1294FB158B66CA546BC36B1BB12BA4F4045F7CA0D56AB8DF3DA644C340
                                                                      Function 00007FFE1A463EF0 Relevance: 54.5, APIs: 17, Strings: 14, Instructions: 246COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Dealloc$Arg_FormatParseSizeStringTuple_$Eval_Thread$AddressAttrAuditLong_Object_OccurredProcRestoreSaveSequence_Sys_TupleVoid
                                                                      • String ID: O&O;illegal func_spec argument$O|O$_handle$abstract class$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes$the _handle attribute of the second argument must be an integer
                                                                      • API String ID: 1081342661-1557499450
                                                                      • Opcode ID: 7ef49023135079aaf2da2d0545b71a1624cc9c0639abea6215c951ea54937fcf
                                                                      • Instruction ID: 21fb204ff28c54d935f0ba3023e282e5457b79e29e1eb46df0364457e8a45cee
                                                                      • Opcode Fuzzy Hash: 7ef49023135079aaf2da2d0545b71a1624cc9c0639abea6215c951ea54937fcf
                                                                      • Instruction Fuzzy Hash: ECC11866B09E5284FA558BA6D8501B823B1BB84FB8F5840F7DA1E577B4DF3CE865C300
                                                                      Function 00007FFE1A45222C Relevance: 47.4, APIs: 25, Strings: 2, Instructions: 200timethreadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _PyTime_FromSecondsObject.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45228C
                                                                      • PyErr_ExceptionMatches.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4522A0
                                                                      • PyErr_SetString.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4522EC
                                                                        • Part of subcall function 00007FFE1A452584: PySequence_Fast.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A4525B3
                                                                        • Part of subcall function 00007FFE1A452584: PyObject_AsFileDescriptor.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A452610
                                                                        • Part of subcall function 00007FFE1A452584: PyErr_SetString.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A452677
                                                                        • Part of subcall function 00007FFE1A452584: _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A452686
                                                                        • Part of subcall function 00007FFE1A452584: _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A452695
                                                                        • Part of subcall function 00007FFE1A452584: _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A4526AB
                                                                      • _PyTime_GetMonotonicClock.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45238F
                                                                        • Part of subcall function 00007FFE1A4526D4: __WSAFDIsSet.WS2_32 ref: 00007FFE1A4526FA
                                                                        • Part of subcall function 00007FFE1A4526D4: PyList_New.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A45271B
                                                                        • Part of subcall function 00007FFE1A4526D4: __WSAFDIsSet.WS2_32 ref: 00007FFE1A452747
                                                                        • Part of subcall function 00007FFE1A4526D4: PyList_SetItem.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A452761
                                                                        • Part of subcall function 00007FFE1A4526D4: _Py_Dealloc.PYTHON310(?,?,?,00007FFE1A45221B), ref: 00007FFE1A4527A3
                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45239D
                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523A6
                                                                      • select.WS2_32(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523C8
                                                                      • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523D4
                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523DA
                                                                      • PyErr_CheckSignals.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523E5
                                                                      • _PyTime_GetMonotonicClock.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4523F8
                                                                      • _PyTime_AsTimeval_noraise.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452416
                                                                      • PyEval_SaveThread.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45241C
                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452425
                                                                      • select.WS2_32(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452447
                                                                      • PyEval_RestoreThread.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452453
                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452459
                                                                      • WSAGetLastError.WS2_32(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45246A
                                                                      • PyErr_SetExcFromWindowsErr.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45247C
                                                                      • PyErr_Occurred.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4524D7
                                                                      • PyTuple_Pack.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A4524EE
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452505
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A452519
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,00007FFE1A45221B), ref: 00007FFE1A45252D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Err_$Eval_ThreadTime__errno$ClockFromList_MonotonicRestoreSaveStringselect$CheckDescriptorErrorExceptionFastFileItemLastMatchesObjectObject_OccurredPackSecondsSequence_SignalsTimeval_noraiseTuple_Windows
                                                                      • String ID: timeout must be a float or None$timeout must be non-negative
                                                                      • API String ID: 1590595678-2150404077
                                                                      • Opcode ID: 877a3bb35cee0081e9ab5b4a14d511975eb19c03c854525bd26498f470473da0
                                                                      • Instruction ID: 27a89a20e4d56a627735e6b5a325b8b928691238f4fae623504a43b8e6b6844d
                                                                      • Opcode Fuzzy Hash: 877a3bb35cee0081e9ab5b4a14d511975eb19c03c854525bd26498f470473da0
                                                                      • Instruction Fuzzy Hash: 7F9131A1B08E8795EA25AF36D8641B92360FF44FA4F4041F3EA0E46678DF3CE519C700
                                                                      Function 00007FFE1A462D60 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err__errno$Eval_OccurredSaveStringThreadffi_callffi_prep_cif
                                                                      • String ID: No ffi_type for result$ctypes.seh_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                                                      • API String ID: 1950514379-2749438402
                                                                      • Opcode ID: 388be19c76ad2a1b412bd08cb225b7b241ccf2afde899a73b50f4e237f559df8
                                                                      • Instruction ID: 0d5944a366e778c05616b3b3f43eadcd7ee63ea3b2b894a90ed6b24f7d7f4d97
                                                                      • Opcode Fuzzy Hash: 388be19c76ad2a1b412bd08cb225b7b241ccf2afde899a73b50f4e237f559df8
                                                                      • Instruction Fuzzy Hash: 50812776B0DE8296E6A48B56E8446B92374FB84FB4F5050F6C92E436B4DF3CE864C740
                                                                      Function 00007FFE13334E8C Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 282threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Eval_Thread$AuditLongRestoreSaveSocketSys_closesocket$Arg_ErrorFormatFromHandleInformationKeywords_LastLong_OccurredParseSizeStringTupleWindowsgetsocknamegetsockoptsocket
                                                                      • String ID: Oiii$negative file descriptor$socket descriptor string has wrong size, should be %zu bytes.$socket.__new__$|iiiO:socket
                                                                      • API String ID: 4205921416-4059698971
                                                                      • Opcode ID: e64d5ea9a319b6c52ba16a7eb9f3e916c01da1adaf00766ccb9fd5beb6d3c549
                                                                      • Instruction ID: 379364df3894234c1c276420bffe0ff2c2117233070b7e5d28cba9031c57a3a6
                                                                      • Opcode Fuzzy Hash: e64d5ea9a319b6c52ba16a7eb9f3e916c01da1adaf00766ccb9fd5beb6d3c549
                                                                      • Instruction Fuzzy Hash: 31E13132E08F418AE710CB26E540179B760FBA9BB4F149375EA6D536B5DF3CE5888B04
                                                                      Function 00007FFE1A464430 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 203COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Err_$Object_$AttrLong_LookupMallocMem_String$CallDict_ExceptionMakeMatchesMemoryOccurredSignSsize_tState_ThreadUpdate
                                                                      • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                                                      • API String ID: 3944543447-504660705
                                                                      • Opcode ID: 8bd24bab3752daf11f2f1598084d72491409bc8efdceabfa0b84352a43d3c50d
                                                                      • Instruction ID: d437a8f838e309059e082c9c94ca9b971a80296da10b281f5e4721c1a7e6dc6d
                                                                      • Opcode Fuzzy Hash: 8bd24bab3752daf11f2f1598084d72491409bc8efdceabfa0b84352a43d3c50d
                                                                      • Instruction Fuzzy Hash: D9A12965B09E8281FA958B66D89027823B5AF84FB4F1445F3D92E876B5DF3CE4A5C300
                                                                      Function 00007FFE1A46A434 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 218COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Number_OccurredSsize_t$FromString$Bytes_Mem_SizeUnicode_$CharCheckFreeIndex_List_MallocMemoryWide
                                                                      • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                                                      • API String ID: 3053630023-3059441807
                                                                      • Opcode ID: 29c4e5f30fa1792a2e9e830725d8bb3ce62b15804ad10304daab569f744bf3a0
                                                                      • Instruction ID: f19b1d039d033858f6f52f92d86246bf86127b0b000b0823b14b69c209493ecb
                                                                      • Opcode Fuzzy Hash: 29c4e5f30fa1792a2e9e830725d8bb3ce62b15804ad10304daab569f744bf3a0
                                                                      • Instruction Fuzzy Hash: 1A916C65B0AE8281EA54DB57D65427823B1AF84FB0F1856F3D93E477F0EF2CE4658200
                                                                      Function 00007FFE13334198 Relevance: 42.2, APIs: 18, Strings: 6, Instructions: 164stringthreadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Eval_Threadinet_ptonstrcmp$BuildDeallocObjectRestoreSaveSizeStringValue_freeaddrinfogetaddrinfostrchr
                                                                      • String ID: 255.255.255.255$<broadcast>$address family mismatched$unknown address family$unsupported address family$wildcard resolved to multiple address
                                                                      • API String ID: 3661317600-1715193308
                                                                      • Opcode ID: c286230f942d668f5a5dbbff90a1bb31ac2eb882333c30d274c82fb953f0ab6f
                                                                      • Instruction ID: 9b31fcbc87f7569d6f20ac6b5d90315d39419008236c3d935bcc9bede7983fc2
                                                                      • Opcode Fuzzy Hash: c286230f942d668f5a5dbbff90a1bb31ac2eb882333c30d274c82fb953f0ab6f
                                                                      • Instruction Fuzzy Hash: A1718025E08F428AEB208B27A440278A360BB64FB0F54C275DA6D776B1DF3CE5958349
                                                                      Function 00007FFE13336C54 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 150threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Size$Arg_Err_Eval_ParseStringThreadTuple_$AuditBuildDecodeRestoreS_snprintfSaveSys_Unicode_Value_freeaddrinfogetaddrinfogetnameinfohtonl
                                                                      • String ID: $(O)$IPv4 sockaddr must be 2 tuple$Oi:getnameinfo$getnameinfo() argument 1 must be a tuple$getnameinfo(): flowinfo must be 0-1048575.$si|II;getnameinfo(): illegal sockaddr argument$sockaddr resolved to multiple addresses$socket.getnameinfo$surrogatepass
                                                                      • API String ID: 102691017-243639936
                                                                      • Opcode ID: 1776d02b807ab63b0107aae67b1e5e7c54c3583b35349095b97fd29e56b7894c
                                                                      • Instruction ID: 5fcad1f507383a9ccc0f489b4232ab012ba0a492e1e7a4933fa4866e3d84ddf2
                                                                      • Opcode Fuzzy Hash: 1776d02b807ab63b0107aae67b1e5e7c54c3583b35349095b97fd29e56b7894c
                                                                      • Instruction Fuzzy Hash: EB814072A08F428EEB10CF16E4401A9B7A0FB94FA4F108176DA6D67678DF7CE549CB44
                                                                      Function 00007FFE1A46C628 Relevance: 42.1, APIs: 21, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$FromLong_$Err_Void$Object_StringUnraisableWrite$ArgsAttrBlockCallFunctionImportImport_InternLongModuleOccurredUnicode_
                                                                      • String ID: DllGetClassObject$_ctypes.DllGetClassObject$ctypes
                                                                      • API String ID: 3128317949-177550262
                                                                      • Opcode ID: fc936810dcdbcd1f1ff5db97019c23f2f739c29b906e2270a4edb25423f3c6e9
                                                                      • Instruction ID: 8ab35b3bc2bd946dcbd75b37677146df9adc77fac083ffc24e8715eb735b1987
                                                                      • Opcode Fuzzy Hash: fc936810dcdbcd1f1ff5db97019c23f2f739c29b906e2270a4edb25423f3c6e9
                                                                      • Instruction Fuzzy Hash: DC51002AF0AF5385EA549FA3A95427823B0AF95FB2F0844F6C95D47770DF3CA9248304
                                                                      Function 00007FFE1A462300 Relevance: 38.6, APIs: 17, Strings: 5, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_$CallDict_Err_FreeFunctionItemMallocObject_$DeallocErrorFromLong_OccurredStringUnicode_VoidWith
                                                                      • String ID: LP_%s$_type_$must be a ctypes type$s(O){sO}$s(O){}
                                                                      • API String ID: 2461613936-2311978994
                                                                      • Opcode ID: bd625ada9318b446dfd061ed8b005fa643288eae49903e4ba0b63c541dd73652
                                                                      • Instruction ID: 6bc595a2e7522ca5b7932533ff0d5a694bdcdd3bc6ba8fbd4180aaef72918974
                                                                      • Opcode Fuzzy Hash: bd625ada9318b446dfd061ed8b005fa643288eae49903e4ba0b63c541dd73652
                                                                      • Instruction Fuzzy Hash: D7513929F0AE8381FA548BA7E95417863A4AF86FB0F1405F7C92E077B4DF3CA4658340
                                                                      Function 00007FFE13333570 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 167networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Format$Deallochtons
                                                                      • String ID: %s(): AF_INET address must be tuple, not %.500s$%s(): AF_INET6 address must be tuple, not %.500s$%s(): bad family$%s(): flowinfo must be 0-1048575.$%s(): port must be 0-65535.$%s(): unknown Bluetooth protocol$%s(): wrong format$O&i;AF_INET address must be a pair (host, port)$O&i|II;AF_INET6 address must be a tuple (host, port[, flowinfo[, scopeid]])
                                                                      • API String ID: 2819711985-3893595010
                                                                      • Opcode ID: f227f01dcb8bd1521a2745290dc7bbc8ca73e0d3b55e962668677d1f59eae816
                                                                      • Instruction ID: 4c8211c0857780b9d3d9ed7a435eb083daa57eff0d1806d73f31fae441f2ecee
                                                                      • Opcode Fuzzy Hash: f227f01dcb8bd1521a2745290dc7bbc8ca73e0d3b55e962668677d1f59eae816
                                                                      • Instruction Fuzzy Hash: 89813C76A08E4689EB108F63D4402B9B7A0EF64F68F10C572DA6D67764DF3CE488C748
                                                                      Function 00007FFE1A46970C Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 176COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Slice_$AdjustBytes_CheckFromIndex_IndicesMallocMem_MemoryNumber_OccurredSizeSsize_tStringUnpack
                                                                      • String ID: indices must be integers
                                                                      • API String ID: 2944763997-2024404580
                                                                      • Opcode ID: 51bc80c86fa1cb5f9cd77a1dc06858aa5c86ca71bbccbd14ee0fc818b2bb724c
                                                                      • Instruction ID: 31ca4084bbc2c1a327d97e0568f229c1f8dc7a236001f266643cc9c23daca89d
                                                                      • Opcode Fuzzy Hash: 51bc80c86fa1cb5f9cd77a1dc06858aa5c86ca71bbccbd14ee0fc818b2bb724c
                                                                      • Instruction Fuzzy Hash: 75713A29B0AE8282EB549B6399540B86371BF84FF4B0405F7DD2E87BB5DE7DE4658300
                                                                      Function 00007FFE1A469DDC Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 78threadlibraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrAuditFormatLong_Object_OccurredParseProcRestoreSaveSizeSys_Tuple_Void
                                                                      • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                                                      • API String ID: 1915345233-3856192562
                                                                      • Opcode ID: 030bd8ade0928da490e93e1f9dc3fdac78fcf6cebd64543e85a1b2bea43a9505
                                                                      • Instruction ID: 9bbf138ce348cdc54c9ecff6fd5138d149f2ecdf9b89ed80093e6a136c168976
                                                                      • Opcode Fuzzy Hash: 030bd8ade0928da490e93e1f9dc3fdac78fcf6cebd64543e85a1b2bea43a9505
                                                                      • Instruction Fuzzy Hash: 9131EC29B0AE8281EA548B97E9541B833B1EF84FF5B0440F3C91E87675DE6CE569C300
                                                                      Function 00007FFE133332C8 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 173networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WSAGetLastError.WS2_32 ref: 00007FFE133332F9
                                                                        • Part of subcall function 00007FFE13334060: _Py_BuildValue_SizeT.PYTHON310(?,?,?,00007FFE13333306), ref: 00007FFE13334076
                                                                        • Part of subcall function 00007FFE13334060: PyErr_SetObject.PYTHON310(?,?,?,00007FFE13333306), ref: 00007FFE1333408E
                                                                        • Part of subcall function 00007FFE13334060: _Py_Dealloc.PYTHON310(?,?,?,00007FFE13333306), ref: 00007FFE1333409D
                                                                      • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE13333316
                                                                      • PyErr_SetFromErrno.PYTHON310 ref: 00007FFE1333332C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$BuildDeallocErrnoErrorFromLastObjectSizeValue__errno
                                                                      • String ID: NOO$surrogatepass$unsupported address family
                                                                      • API String ID: 316901363-472101058
                                                                      • Opcode ID: 7da136951623f4772e7b2b789dcf6bd7497e4d7ba8a08d1eccfe8678c7ef6670
                                                                      • Instruction ID: 2bd4cd2cb6f53f02dd3e9f3ff40d6691f86a53487e9f919ecc600f77f58e9ce3
                                                                      • Opcode Fuzzy Hash: 7da136951623f4772e7b2b789dcf6bd7497e4d7ba8a08d1eccfe8678c7ef6670
                                                                      • Instruction Fuzzy Hash: 7F717F22A09F4689EA558F27A404179A7A0FF68FB4F04C575DE6E67774EF3CE0848708
                                                                      Function 00007FFE1A46F6BC Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 151COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyObject_GetAttrString.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F6EF
                                                                      • PySequence_Fast.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F70B
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F71D
                                                                      • PyArg_ParseTuple.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F776
                                                                      • PyObject_GetAttr.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F78D
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F7DA
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F846
                                                                      • PyObject_SetAttr.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F857
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F86B
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F882
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F89C
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F8AB
                                                                      • PyErr_SetString.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F8E3
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FFE1A468BB4), ref: 00007FFE1A46F8F4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
                                                                      • String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
                                                                      • API String ID: 1182381414-2418103425
                                                                      • Opcode ID: 690706235b32ba482d6505afb2f22874b6565253313498325e6914673a9f3e1d
                                                                      • Instruction ID: 6a61eb4375332132290f7c68893915ecd2c2e1b873a8d787290444e9d069e639
                                                                      • Opcode Fuzzy Hash: 690706235b32ba482d6505afb2f22874b6565253313498325e6914673a9f3e1d
                                                                      • Instruction Fuzzy Hash: 1C611A36B09E4281EA548B67E94457923B0FB84FB4B4845F6CAAE47B74DF3CE8658300
                                                                      Function 00007FFE1A46D4CC Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyUnicode_FromFormatV.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D4F1
                                                                      • PyErr_Fetch.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D510
                                                                      • PyErr_NormalizeException.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D522
                                                                      • PyObject_Str.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D52C
                                                                      • PyUnicode_AppendAndDel.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D53E
                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D54B
                                                                      • PyUnicode_AppendAndDel.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D558
                                                                      • PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D567
                                                                      • PyObject_Str.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D571
                                                                      • PyErr_Clear.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D57C
                                                                      • PyUnicode_FromString.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D589
                                                                      • PyUnicode_AppendAndDel.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D596
                                                                      • PyErr_SetObject.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D5AB
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D5C0
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D5D5
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D5EA
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,?,?,?,00007FFE1A467433), ref: 00007FFE1A46D5FF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Unicode_$Err_$Dealloc$AppendFrom$ClearObject_String$ExceptionFetchFormatNormalizeObject
                                                                      • String ID: ???
                                                                      • API String ID: 2201921740-1053719742
                                                                      • Opcode ID: c1440f13d98236cae470a74b6d152f21417e97bc43ba56fa7242ed5edeb86299
                                                                      • Instruction ID: 71cf1e19b93a9c991b825c2f4138b634b80868f193db56c4d693e1650d6128b3
                                                                      • Opcode Fuzzy Hash: c1440f13d98236cae470a74b6d152f21417e97bc43ba56fa7242ed5edeb86299
                                                                      • Instruction Fuzzy Hash: 6F41FB76F0AE4285EF559BA2D8542BC2370BF88F78F0404F6C95E52A74DE2CA5A8C350
                                                                      Function 00007FFE1A4653A8 Relevance: 30.1, APIs: 20, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653CE
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653E3
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653FB
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46541E
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465444
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46546A
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465490
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4654B6
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4654DC
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465502
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465528
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46554E
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465574
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46559A
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4655C0
                                                                      • PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4655E6
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4655FB
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46561A
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46562B
                                                                      • PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46564D
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ReadyType_$Module_Type
                                                                      • String ID:
                                                                      • API String ID: 2298540608-0
                                                                      • Opcode ID: 5fbf877398a9032adb95e61ed7f33c040aaff81d2c2c94dcb10a7b45ccfb0371
                                                                      • Instruction ID: 52e94f1f82f59c641e6ac3e38300398055d169360e7135e5366e1b83b26d8d14
                                                                      • Opcode Fuzzy Hash: 5fbf877398a9032adb95e61ed7f33c040aaff81d2c2c94dcb10a7b45ccfb0371
                                                                      • Instruction Fuzzy Hash: 24717225B09F8392F640DBA3AC8463523A8BF44FB4B8441FBC95D82674DF3CE9A5D241
                                                                      Function 00007FFE1A467C17 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_Mem_$Free$Arg_AttrFormatItemMallocMemoryObject_ParseSequence_SizeStringSubtypeTupleTuple_Type_Unicode_
                                                                      • String ID: %s:%s:$UO|i$bit fields not allowed for type %s$number of bits invalid for bit field
                                                                      • API String ID: 3883499869-1978056028
                                                                      • Opcode ID: bda89cda3384f054e8c33aac41f4c2d07951ca99e4b4bb7a05393f1a315ddafe
                                                                      • Instruction ID: 728aeb4f57390c4a7015b3790689c40aaa0e680eb24212a3456c6b249d49bdba
                                                                      • Opcode Fuzzy Hash: bda89cda3384f054e8c33aac41f4c2d07951ca99e4b4bb7a05393f1a315ddafe
                                                                      • Instruction Fuzzy Hash: 50912C36B09E8285EB50CB66E4442B823B4FB45FA8F5505B6DE2D577A4EF38E465C300
                                                                      Function 00007FFE1A50C3C8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: `anonymous namespace'
                                                                      • API String ID: 2943138195-3062148218
                                                                      • Opcode ID: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                      • Instruction ID: f6f59f81c4f75f15a0102c15bfc27816d62ac881770cf60234585bed1aea9657
                                                                      • Opcode Fuzzy Hash: c36001f134547c1fc12f70ffa9b86d35a9d04869d0c52a2f257cd9dd74f3dfc9
                                                                      • Instruction Fuzzy Hash: A1E15972A0CF8295EB10CF26E9801BD7BA0FB56B64F5440B6EA4D17BA5DF38E654C700
                                                                      Function 00007FFE1A4626B0 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 197COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_ItemStringTuple_
                                                                      • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                                                      • API String ID: 2162364271-1981512665
                                                                      • Opcode ID: 9e01c02b61e5e5aa0183ccfb0e0876fe9ed39607b644f82a5e7f94aafeff8bd4
                                                                      • Instruction ID: 3e63af346e47570a412f44623482a146f08079dff389bf2427e336a549000aee
                                                                      • Opcode Fuzzy Hash: 9e01c02b61e5e5aa0183ccfb0e0876fe9ed39607b644f82a5e7f94aafeff8bd4
                                                                      • Instruction Fuzzy Hash: B8913726B09F8291EA64CB62A8402B963B0FB84FA4F5444F7DE5D07B64EF3DE465C700
                                                                      Function 00007FFE1A462C40 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 142COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$String$LongLong_Occurred$Bytes_Capsule_CharClearFreeMem_Unicode_UnsignedWide
                                                                      • String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
                                                                      • API String ID: 3969321993-4137960972
                                                                      • Opcode ID: 74737cafc4d47cfeb5516eef9378bf1c64d9f843f63acaba1e4a89118a639ade
                                                                      • Instruction ID: dabe196f12d3b03f0fa1eeb60ee8360f1ee27f8a81755309850ee235059e3ef8
                                                                      • Opcode Fuzzy Hash: 74737cafc4d47cfeb5516eef9378bf1c64d9f843f63acaba1e4a89118a639ade
                                                                      • Instruction Fuzzy Hash: C561EA35B0AF8292EA548F66E49013823B4FB88F64B5445F6DA6D43B74DF38E4B4C300
                                                                      Function 00007FFE1A461180 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocDict_$CallErr_ErrorFromFunction_ItemLong_Object_OccurredPackSizeSsize_tTuple_With
                                                                      • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                                                      • API String ID: 2975079148-1488966637
                                                                      • Opcode ID: bda14b736fa4d55d3a819bfbb45300960813b3f97bc4499c691a8218ebb8e5ba
                                                                      • Instruction ID: 385022d4c98a34eed29de26c5c26f2b30c7a2bbabeefb8a900d9982148ec62f3
                                                                      • Opcode Fuzzy Hash: bda14b736fa4d55d3a819bfbb45300960813b3f97bc4499c691a8218ebb8e5ba
                                                                      • Instruction Fuzzy Hash: 24514D25B0AF8284FA548BA7E9542B963A4AF88FB5F0844F3C91E47774DF3CE4648340
                                                                      Function 00007FFE1A4699FC Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$String$Arg_AuditBuffer_ContiguousDeallocFormatFromMemoryObjectParseSizeSys_Tuple_View_
                                                                      • String ID: Buffer size too small (%zd instead of at least %zd bytes)$O|n:from_buffer$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$underlying buffer is not C contiguous$underlying buffer is not writable
                                                                      • API String ID: 3947696715-3790261066
                                                                      • Opcode ID: 30ff033285bfcb53a93577743035bb53ee5386322a1d83d3414460bb031d0c2e
                                                                      • Instruction ID: 4914f609e75c2a03f82d59f7e4e5697f521b48801406cc22ee0c1cee91be50fa
                                                                      • Opcode Fuzzy Hash: 30ff033285bfcb53a93577743035bb53ee5386322a1d83d3414460bb031d0c2e
                                                                      • Instruction Fuzzy Hash: AB413869B09E8281EA108B67D9501B823B1BF84FF1F4041F3DA2D876B5EFACE565C300
                                                                      Function 00007FFE1A46D60C Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 79threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Capsule_$Dict_Err_ItemMem_String$CallocDeallocDictErrorFreeFromInternOccurredPointerState_ThreadUnicode_ValidWith
                                                                      • String ID: _ctypes pymem$cannot get thread state$ctypes.error_object$ctypes.error_object is an invalid capsule
                                                                      • API String ID: 2323834031-3474121714
                                                                      • Opcode ID: 4761d28fb3614e639aa8bd2bfe8f402fe76573364a35cc8ed40c721b0542e7a8
                                                                      • Instruction ID: 26cae859379c093dc3d3f80f6f45aa95fb5141aea28389e3f0485d500f6d95d6
                                                                      • Opcode Fuzzy Hash: 4761d28fb3614e639aa8bd2bfe8f402fe76573364a35cc8ed40c721b0542e7a8
                                                                      • Instruction Fuzzy Hash: 5031F724B0AF8281EE548B97E95417823A1AF98FB4F5844F7D95E47774EF3CE4A98300
                                                                      Function 00007FFE1A46D278 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: From$FormatUnicode_$DeallocDoubleFloat_
                                                                      • String ID: <cparam '%c' (%R)>$<cparam '%c' (%d)>$<cparam '%c' (%ld)>$<cparam '%c' (%lld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>$f
                                                                      • API String ID: 1798191970-1993916225
                                                                      • Opcode ID: 268c9d61f632c7f932ee5618ac3eabe48cdea0361933dfd40d09fda868f608e9
                                                                      • Instruction ID: f0e3cbb9935d8701e939bbc6cb2571cc45b8a81d9232e1b0b1f2b6fc5c599653
                                                                      • Opcode Fuzzy Hash: 268c9d61f632c7f932ee5618ac3eabe48cdea0361933dfd40d09fda868f608e9
                                                                      • Instruction Fuzzy Hash: BC417F62F1CC9381E7A94B67845443826B1AF56F64F2840F3C5AE479B8DE2DFDE8C640
                                                                      Function 00007FFE13334694 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 115networktimethreadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$Err_$CheckClockEval_MonotonicSignalsThreadTime_$RestoreSaveString
                                                                      • String ID: timed out
                                                                      • API String ID: 1470360436-3163636755
                                                                      • Opcode ID: e61995a4ad93c4dfc7e6f173e20683de2d14d92540df02a468f37d2db84681e4
                                                                      • Instruction ID: e166f8c8c8cdae71d02476805a33d4a012a8fc2c10f340b6f9ae5c27348e07d9
                                                                      • Opcode Fuzzy Hash: e61995a4ad93c4dfc7e6f173e20683de2d14d92540df02a468f37d2db84681e4
                                                                      • Instruction Fuzzy Hash: BD414129D08E428AF6605F63D404238E690EF64F75F14C1B0DE7D7AAB0DF3CE8858658
                                                                      Function 00007FFE133338CC Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 103COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Bytes_String$DeallocErr_Size
                                                                      • String ID: encoding of hostname failed$host name must not contain null character$idna$str, bytes or bytearray expected, not %s
                                                                      • API String ID: 2522550923-2120988924
                                                                      • Opcode ID: 2d25775af3ac1cb7685e1106e3c74701888e5f21dcb749c4c4079ea330063bca
                                                                      • Instruction ID: 1eff888e4f5e390358085acf62cd48c2a25ccf8b5e7370560df07352032b78b4
                                                                      • Opcode Fuzzy Hash: 2d25775af3ac1cb7685e1106e3c74701888e5f21dcb749c4c4079ea330063bca
                                                                      • Instruction Fuzzy Hash: A2414C61A08E0689EB548B17E454339A3A0EF64FB4F14D5B5CA7E673B0DF3CE4988308
                                                                      Function 00007FFE13336130 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Err_ParseSizeTuple_$Buffer_ClearReleasesetsockopt$Format
                                                                      • String ID: iiO!I:setsockopt$iii:setsockopt$iiy*:setsockopt$socket option is larger than %i bytes
                                                                      • API String ID: 418579395-1608436615
                                                                      • Opcode ID: 914a533f53a83c13df4db91f61e9ef54b43f8fa0ea4ae9f80ce5d7bb8e9e3183
                                                                      • Instruction ID: 627c70b7ca0809dc5a4f2fc679e70fd12013e80969f8486d18c1766a2a14d2b6
                                                                      • Opcode Fuzzy Hash: 914a533f53a83c13df4db91f61e9ef54b43f8fa0ea4ae9f80ce5d7bb8e9e3183
                                                                      • Instruction Fuzzy Hash: E041537660CE4689DB208F12E8446A9B770FB98F74F408272DAAD57764DF3CD548C704
                                                                      Function 00007FFE1A469B80 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Buffer_ReleaseString$Arg_AuditFormatParseSizeSys_Tuple_memcpy
                                                                      • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$y*|n:from_buffer_copy
                                                                      • API String ID: 2374319793-1742308441
                                                                      • Opcode ID: 1a696453bf80289a83a15c82a2d4b1294745264fa1163eb75b89fa9ace926e82
                                                                      • Instruction ID: a370f42c0770ba327c215f0b9d5c5b44cd84ee95da3b41709bb4d10b479f8005
                                                                      • Opcode Fuzzy Hash: 1a696453bf80289a83a15c82a2d4b1294745264fa1163eb75b89fa9ace926e82
                                                                      • Instruction Fuzzy Hash: 11310569B19F8681EA508BA7E4506B96361FB84FA0F4040F3DA5E83B75DE7CE564C700
                                                                      Function 00007FFE1A46C198 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AttrObject_String$Arg_Dealloc$KeywordsParseSequence_SizeSliceTuple_
                                                                      • String ID: OOO:COMError$args$details$hresult$text
                                                                      • API String ID: 4238450639-2065934886
                                                                      • Opcode ID: 5107e1d306d887dd5dcd49860270aae2cbcf30bd2d3da1bfc497291293c53750
                                                                      • Instruction ID: a75a3c0db1ee8c2d288a8cc604ffadd20abc904520a00478788b033ff3c6e894
                                                                      • Opcode Fuzzy Hash: 5107e1d306d887dd5dcd49860270aae2cbcf30bd2d3da1bfc497291293c53750
                                                                      • Instruction Fuzzy Hash: 48311865F09F8382EA408BE7A8400B923A0EF85FA4B4441B3DE1E47674DE2CE565C380
                                                                      Function 00007FFE13332210 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: From$AuditCharComputerErr_ErrorLastNameSys_Unicode_WideWindows
                                                                      • String ID: socket.gethostname
                                                                      • API String ID: 1075394898-2650736202
                                                                      • Opcode ID: abfec140e39d7c9e2ecabb8f4b833edff74060ff1dccb5446b4501ff05f4cc02
                                                                      • Instruction ID: cc57e312f79dcc784320e4d4e4e4c25966cc0d172749a1a36be28f7a0c383cda
                                                                      • Opcode Fuzzy Hash: abfec140e39d7c9e2ecabb8f4b833edff74060ff1dccb5446b4501ff05f4cc02
                                                                      • Instruction Fuzzy Hash: 16315225A0CE428AE7648B23E81417AE761FFA8FB5F44C074D95EA6774DF3CE0488704
                                                                      Function 00007FFE133375B8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_Err_Release$String$From$Arg_ErrnoFormatParseSizeTuple_Unicode_inet_ntop
                                                                      • String ID: invalid length of packed IP address string$iy*:inet_ntop$unknown address family %d
                                                                      • API String ID: 418764794-2822559286
                                                                      • Opcode ID: 34b52d594f639bfb429a1b244c741a4116a8415efebb9a9a6ffe907ea0322df1
                                                                      • Instruction ID: 6d302ad97fb62c153c8692d33605c1ed7d7d48e2e849a3abe696f9f5f514f2de
                                                                      • Opcode Fuzzy Hash: 34b52d594f639bfb429a1b244c741a4116a8415efebb9a9a6ffe907ea0322df1
                                                                      • Instruction Fuzzy Hash: BD316321A1CD4789EA608B17E854279A3A0FFA8F69F408471D56EA7674DF3CE448C708
                                                                      Function 00007FFE1A464D88 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                                                      • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                                                      • API String ID: 3805577924-808210370
                                                                      • Opcode ID: 61b97e2080e1575036e8db3e386e770c9d4ff7a739dae7a2ec87c0f366db14f3
                                                                      • Instruction ID: 0ab00e45b547a8ca7096af431078ed2fb5b816e62bd2bf2d46f45e6ac61e926f
                                                                      • Opcode Fuzzy Hash: 61b97e2080e1575036e8db3e386e770c9d4ff7a739dae7a2ec87c0f366db14f3
                                                                      • Instruction Fuzzy Hash: FA214F29B09F8385FA548BA3E9441B86361AF88FB5F1440F3C91E43671DE7CE868C340
                                                                      Function 00007FFE1A46C524 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Dealloc$StringUnraisableWrite$AttrBlockClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
                                                                      • String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
                                                                      • API String ID: 3204538840-4136862661
                                                                      • Opcode ID: c69be80eaffc077f9aa2a5099eb5e0a0dfb7b6076903f9c71ed35b93cb0aaa60
                                                                      • Instruction ID: 3882c7cbf736ae0c7de62283cea2db4715491b308efc58711078404d0d4b64ef
                                                                      • Opcode Fuzzy Hash: c69be80eaffc077f9aa2a5099eb5e0a0dfb7b6076903f9c71ed35b93cb0aaa60
                                                                      • Instruction Fuzzy Hash: 08210C25F0AF8281FA449B97A99433823A1AF89FB5F4444F7C91E47770DF3CA8648304
                                                                      Function 00007FFE1A4F46C4 Relevance: 24.2, APIs: 16, Instructions: 235COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931318322.00007FFE1A4F1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE1A4F0000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931299237.00007FFE1A4F0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931336154.00007FFE1A4F6000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931354877.00007FFE1A4F9000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a4f0000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_fastfail__scrt_release_startup_lock$__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_uninitialize_crt
                                                                      • String ID:
                                                                      • API String ID: 627783611-0
                                                                      • Opcode ID: 8596c3c767259de0664833c67bfaa157ca511883c0e87cffe35de92562f59fd1
                                                                      • Instruction ID: 71edee393d43621d24305d7227bf7b4c39c479a37c57200146936983886ed912
                                                                      • Opcode Fuzzy Hash: 8596c3c767259de0664833c67bfaa157ca511883c0e87cffe35de92562f59fd1
                                                                      • Instruction Fuzzy Hash: C191B120F08E8385FA509B6F98412F96690AF85FA2F14A0F7DA4D477B7DE3CE4618701
                                                                      Function 00007FFE1333728C Relevance: 24.1, APIs: 16, Instructions: 99COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$FreeTable$Err_FromList_Windows$AppendBuildConvertInterfaceLuidNameSizeTable2Value_memcpy
                                                                      • String ID:
                                                                      • API String ID: 1684791173-0
                                                                      • Opcode ID: d602946b0f9b815fdb988d96d1a385c595a70078b8e8536d62103e490f85a850
                                                                      • Instruction ID: 38b99482d4e4d66e38f927c03ae4122591111b4d77f3fb62111028813c0a53e6
                                                                      • Opcode Fuzzy Hash: d602946b0f9b815fdb988d96d1a385c595a70078b8e8536d62103e490f85a850
                                                                      • Instruction Fuzzy Hash: A0414531A1CF8289EA615B22A85427DA3A0FFA5FB0F048075C95E67774DF3CE4498744
                                                                      Function 00007FFE1A4628E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 272threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CheckDeallocErr_FormatFunctionResultState_Threadmemset
                                                                      • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                                                      • API String ID: 593911088-4072972272
                                                                      • Opcode ID: af6c3f4210b970026aab4528dc8fc24861e81647a6b63493f570ee2b7de37f17
                                                                      • Instruction ID: 0150aefb664a80a81ff6465c4af39cab9429110ca55b7e45271ee1a0c42ce854
                                                                      • Opcode Fuzzy Hash: af6c3f4210b970026aab4528dc8fc24861e81647a6b63493f570ee2b7de37f17
                                                                      • Instruction Fuzzy Hash: 49C17A62B09F8295EA648F6698402B923B0FB44FB8F5446B3DA3D477E5DE38E5658300
                                                                      Function 00007FFE1333535C Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 113networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_ParseSizeTuple_$Ioctl$Err_FormatFromLongLong_Unsigned
                                                                      • String ID: invalid ioctl command %lu$k(kkk):ioctl$kI:ioctl$kO:ioctl
                                                                      • API String ID: 1148432870-4238462244
                                                                      • Opcode ID: 38aa9ad77b1eb4620ea199389aac6c73eb6568b3fab7afb05139b87c738d5aa1
                                                                      • Instruction ID: 7ed8a541adc009926cd74144f2571076156c9efd9f46c9bf10fa0390a24efb4e
                                                                      • Opcode Fuzzy Hash: 38aa9ad77b1eb4620ea199389aac6c73eb6568b3fab7afb05139b87c738d5aa1
                                                                      • Instruction Fuzzy Hash: 61516D32A18E42D9E710CF62E8405ADB7B0FB58B64F548172EA6DA3AA4DF3CD584C744
                                                                      Function 00007FF7A6A26730 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF7A6A2676C
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                                                                      • API String ID: 203985260-1562484376
                                                                      • Opcode ID: 3ac13b983a14b4c4ffc5567425e1ebd476ee92a35846ce54eb31bc343d895407
                                                                      • Instruction ID: db891ef61726a1e290e17db2c10475612085124f746c21b750ab7a8edd6843be
                                                                      • Opcode Fuzzy Hash: 3ac13b983a14b4c4ffc5567425e1ebd476ee92a35846ce54eb31bc343d895407
                                                                      • Instruction Fuzzy Hash: A341B121A4FA4282E624FF21AC5087BE292AF94FD4FC24535D94E53AB5FF3CE5058720
                                                                      Function 00007FFE1A50A83C Relevance: 22.9, APIs: 15, Instructions: 358COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                      • Instruction ID: 88560e047ca0bf6fff92f2c9ea47a9f41f4a3b262bf49d5f04811f8b510de4e5
                                                                      • Opcode Fuzzy Hash: 63ad456de8db332c0b347e2e514b887ab112aaee213ccda8367cb7f767930e9c
                                                                      • Instruction Fuzzy Hash: AAF18A72B0CE829AE711DF66D5901FC37B1AB06B58F4441B2EB4D57AA9DF38DA09C340
                                                                      Function 00007FFE13335EB8 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: SizeTuple_$Arg_Parse$AuditBuffer_Err_FormatFromLong_ReleaseSsize_tSys_
                                                                      • String ID: sendto$sendto() takes 2 or 3 arguments (%zd given)$socket.sendto$y*O:sendto$y*iO:sendto
                                                                      • API String ID: 257515180-2448770124
                                                                      • Opcode ID: 7e6b24f39f496c710676185d8ca80b095c355ca1c016005518ff290670684ce5
                                                                      • Instruction ID: aba441f8155f0011d3c44910ed0ff23bac04c5f99d73313d517f8acd9a0c280a
                                                                      • Opcode Fuzzy Hash: 7e6b24f39f496c710676185d8ca80b095c355ca1c016005518ff290670684ce5
                                                                      • Instruction Fuzzy Hash: 7D413075608F468AEB10CF66E8402AAB7B0FB58BA4F404172EA5D67B74DF3CD548C704
                                                                      Function 00007FFE1A461C4C Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Object_$DeallocErr_$AttrCallClearEnterInstanceLookupRecursiveStringUnicode_
                                                                      • String ID: abstract class$while processing _as_parameter_$wrong type
                                                                      • API String ID: 4078837572-1173273510
                                                                      • Opcode ID: 6d7c2f9565e7cae010593efe3f226ecb8f7ef44586940a67e1bdf80e1ba23ba3
                                                                      • Instruction ID: 99834a37b89b8cc488457afbfa0385f5922a8b08e982e96cf1b047c4539f3357
                                                                      • Opcode Fuzzy Hash: 6d7c2f9565e7cae010593efe3f226ecb8f7ef44586940a67e1bdf80e1ba23ba3
                                                                      • Instruction Fuzzy Hash: FA412B26B09E82C5EA149FABA95417D6370AF89FB1F0440F3D91E436B5DF6CE465C300
                                                                      Function 00007FFE13337054 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 50threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: String$Err_Eval_Thread$Arg_AuditFromParseRestoreSaveSizeSys_Tuple_Unicode_getservbyporthtons
                                                                      • String ID: getservbyport: port must be 0-65535.$i|s:getservbyport$port/proto not found$socket.getservbyport
                                                                      • API String ID: 3420281234-2618607128
                                                                      • Opcode ID: 7cfeb38e4b8b92527ff0eb20915d81a160b76f8df2307a8bfc79166ec647bba8
                                                                      • Instruction ID: 9fac5a3bb41af862e3eaf9a2f392f5568005de58d4b07d85f5cfa3c2237a205d
                                                                      • Opcode Fuzzy Hash: 7cfeb38e4b8b92527ff0eb20915d81a160b76f8df2307a8bfc79166ec647bba8
                                                                      • Instruction Fuzzy Hash: 1A214125A08E0389EA008F17E854679A770FF54FA5F508071DA6E6BA74DF3DD048C704
                                                                      Function 00007FFE1A50D20C Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 349COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$nullptr
                                                                      • API String ID: 2943138195-2309034085
                                                                      • Opcode ID: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                      • Instruction ID: cc3280d9cea11e32a453f0682c9888b2a135e8379a9c3968465263f618a5f5fb
                                                                      • Opcode Fuzzy Hash: 767f6b35ed257beddb1ea2fff1390adae3ecab9bc22a75a6672164d643aa4b64
                                                                      • Instruction Fuzzy Hash: AFE16C63F0CE5284FB149B669A941BC27A1AF57F68F5401F7DE0E16AB9DE3CA508C340
                                                                      Function 00007FFE1A4638A0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_FormatLongLong_MaskTuple_Unsigned
                                                                      • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                                                      • API String ID: 3146797323-2588965191
                                                                      • Opcode ID: d36124a3f4b107651c96e6fd0aa1bd605ee9f0157cd63f339b91537f32ee17d1
                                                                      • Instruction ID: 3ba33f1b9d8d5ee75a29e848e170b1db234ae6e687aafaaea2c26c7f4efbece9
                                                                      • Opcode Fuzzy Hash: d36124a3f4b107651c96e6fd0aa1bd605ee9f0157cd63f339b91537f32ee17d1
                                                                      • Instruction Fuzzy Hash: 649106B6B09F8281EA618B56E85027973B4FB85FA0F1440B7DA5E87B64DF3CE465C700
                                                                      Function 00007FF7A6A21440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                      • API String ID: 0-666925554
                                                                      • Opcode ID: f4b0e9b6ad8961fe5466605cfde36e6797fb239bec283e7a33bdade9ab04fa94
                                                                      • Instruction ID: e6021951a7079e9ced596f80202d2db442a8ee715287317add5965dd6cc8913e
                                                                      • Opcode Fuzzy Hash: f4b0e9b6ad8961fe5466605cfde36e6797fb239bec283e7a33bdade9ab04fa94
                                                                      • Instruction Fuzzy Hash: A3516B61A8AA4281EA10AB219C44EBBE352BF45FD4FC64531DF1D176B5FE3CE944C720
                                                                      Function 00007FFE1A46CD90 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PySequence_Size.PYTHON310(?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46CDBC
                                                                        • Part of subcall function 00007FFE1A46C444: _PyObject_GC_NewVar.PYTHON310(?,?,?,00007FFE1A46CDCD,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46C45B
                                                                        • Part of subcall function 00007FFE1A46C444: memset.VCRUNTIME140(?,?,?,00007FFE1A46CDCD,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46C4A8
                                                                        • Part of subcall function 00007FFE1A46C444: PyObject_GC_Track.PYTHON310(?,?,?,00007FFE1A46CDCD,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46C4B0
                                                                      • PyErr_NoMemory.PYTHON310(?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46CE0D
                                                                      • _Py_Dealloc.PYTHON310 ref: 00007FFE1A46CF4E
                                                                        • Part of subcall function 00007FFE1A46F634: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1A46CDEA,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46F649
                                                                        • Part of subcall function 00007FFE1A46F634: VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFE1A46CDEA,?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46F687
                                                                      • PySequence_GetItem.PYTHON310(?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46CE2C
                                                                      • _Py_Dealloc.PYTHON310(?,?,?,?,?,00007FFE1A468A7A), ref: 00007FFE1A46CE52
                                                                      • ffi_prep_cif.LIBFFI-7 ref: 00007FFE1A46CED0
                                                                      • PyErr_Format.PYTHON310 ref: 00007FFE1A46CEEE
                                                                      • ffi_prep_closure.LIBFFI-7 ref: 00007FFE1A46CF08
                                                                      • PyErr_SetString.PYTHON310 ref: 00007FFE1A46CF3F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$DeallocObject_Sequence_$AllocFormatInfoItemMemorySizeStringSystemTrackVirtualffi_prep_cifffi_prep_closurememset
                                                                      • String ID: ffi_prep_cif failed with %d$ffi_prep_closure failed with %d$invalid result type for callback function
                                                                      • API String ID: 3808842850-3338905684
                                                                      • Opcode ID: d8e3f6cbfc350c5519043e3b71507dad68227d90f64a7c08169e85b5ac48ff09
                                                                      • Instruction ID: 9901c91d8a79214c4f2508f5692ae2378b4968377096cf47ff33aa39e3579510
                                                                      • Opcode Fuzzy Hash: d8e3f6cbfc350c5519043e3b71507dad68227d90f64a7c08169e85b5ac48ff09
                                                                      • Instruction Fuzzy Hash: B8512366B09F8285EB549FA6E84027823B4EB88FA4F4400F7DA1D477A5DF3CE865C344
                                                                      Function 00007FFE1A46B99C Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • _PyDict_GetItemIdWithError.PYTHON310 ref: 00007FFE1A46BA18
                                                                      • PyErr_Occurred.PYTHON310 ref: 00007FFE1A46BA2B
                                                                        • Part of subcall function 00007FFE1A46B99C: PySequence_GetItem.PYTHON310 ref: 00007FFE1A46BA70
                                                                        • Part of subcall function 00007FFE1A46B99C: PySequence_GetItem.PYTHON310 ref: 00007FFE1A46BA87
                                                                        • Part of subcall function 00007FFE1A46B99C: PyDict_Contains.PYTHON310 ref: 00007FFE1A46BAAF
                                                                        • Part of subcall function 00007FFE1A46B99C: PyObject_SetAttr.PYTHON310 ref: 00007FFE1A46BAC4
                                                                        • Part of subcall function 00007FFE1A46B99C: _Py_Dealloc.PYTHON310 ref: 00007FFE1A46BAD5
                                                                        • Part of subcall function 00007FFE1A46B99C: _Py_Dealloc.PYTHON310 ref: 00007FFE1A46BAE4
                                                                        • Part of subcall function 00007FFE1A46B99C: PyErr_Format.PYTHON310 ref: 00007FFE1A46BB1F
                                                                        • Part of subcall function 00007FFE1A46B99C: _Py_Dealloc.PYTHON310 ref: 00007FFE1A46BB2E
                                                                        • Part of subcall function 00007FFE1A46B99C: _Py_Dealloc.PYTHON310 ref: 00007FFE1A46BB48
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Item$Dict_Err_Sequence_$AttrContainsErrorFormatObject_OccurredWith
                                                                      • String ID: duplicate values for field %R
                                                                      • API String ID: 1919794741-1910533534
                                                                      • Opcode ID: 1f28aaa85995f17456a01f11fdbdcb3b4ad8aa154ef6c8b5d8f60ad9af219b98
                                                                      • Instruction ID: d5fb1bce49827689b7cbe2c19ef776ec0aa48c1e5075ee9800c57363840aba5a
                                                                      • Opcode Fuzzy Hash: 1f28aaa85995f17456a01f11fdbdcb3b4ad8aa154ef6c8b5d8f60ad9af219b98
                                                                      • Instruction Fuzzy Hash: DA516026B4AF8280EE548B57A95417963B0BF84FB5F0441F6CE2D077B8EE3CE4668300
                                                                      Function 00007FFE1A46D034 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 123threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
                                                                      • String ID: iu(uuuiu)
                                                                      • API String ID: 2817777535-1877708109
                                                                      • Opcode ID: 6ef92945c0551eb38fb7e270d01f8ca22ef986be256d470cbd87097c52c77c6e
                                                                      • Instruction ID: c58eabb073bcff9ad886dda48da22bb44a953671655174d1eb442386e3e55add
                                                                      • Opcode Fuzzy Hash: 6ef92945c0551eb38fb7e270d01f8ca22ef986be256d470cbd87097c52c77c6e
                                                                      • Instruction Fuzzy Hash: BA51D766B05E469AEB009FA6D4543BC2370FB88FA9F0045B6DE0E57B68DF78D558C340
                                                                      Function 00007FFE1A469418 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$CheckIndex_Number_OccurredSsize_tString
                                                                      • String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
                                                                      • API String ID: 428023279-3643249925
                                                                      • Opcode ID: dc9d55ac436a7ce3561f59cc0ad5b21a15d6b52e613841fcb95fb9a0ed283f56
                                                                      • Instruction ID: a0d2dd7699b0da9a16f839e075bdd195c37334dea49d2f2aa44412b9c9becc2f
                                                                      • Opcode Fuzzy Hash: dc9d55ac436a7ce3561f59cc0ad5b21a15d6b52e613841fcb95fb9a0ed283f56
                                                                      • Instruction Fuzzy Hash: 9D415D6AB09E8281EF548FA399401F82361BF84FF8B5445F3DD2D876A6DE7CE4658300
                                                                      Function 00007FFE1A464210 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$AttrObject_$FastLookupSequence_
                                                                      • String ID: '%U' is specified in _anonymous_ but not in _fields_$_anonymous_ must be a sequence
                                                                      • API String ID: 1391743325-2678605723
                                                                      • Opcode ID: b72f566a955980f42473b746e98ce0b6bbdb09a4c60f3c6a994d580ad2ddf5d9
                                                                      • Instruction ID: 4b113eb5802d117775f54d4929cec84ba77352e2367fd14f141731f12d760f0a
                                                                      • Opcode Fuzzy Hash: b72f566a955980f42473b746e98ce0b6bbdb09a4c60f3c6a994d580ad2ddf5d9
                                                                      • Instruction Fuzzy Hash: AB413B66B09E4285EA558BA7EA501782370BB85FB1F1440F3DA2E476B5DE2CE8658300
                                                                      Function 00007FFE1A461E40 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Dict_ErrorItemOccurredWith$AttrLookupObject_$Callable_CheckLongLong_MaskSequence_StringTupleTuple_Unsigned
                                                                      • String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
                                                                      • API String ID: 3087875697-2538317290
                                                                      • Opcode ID: 46639bf4354ebeaf9391365fae254b5af4059588604eab41b7a9a4558778948f
                                                                      • Instruction ID: 801e4e6bcfd6cc26b4a0ba3335ead7188534363e8d38c2209253040ecb173bf0
                                                                      • Opcode Fuzzy Hash: 46639bf4354ebeaf9391365fae254b5af4059588604eab41b7a9a4558778948f
                                                                      • Instruction Fuzzy Hash: 0641DB25B0AF8291EB998B66A94427863B0FF88F64F1455F6DA5D472B1DF3CE4B4C300
                                                                      Function 00007FF7A6A265A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                      • API String ID: 4998090-2855260032
                                                                      • Opcode ID: 9d0145b2161ee4ada670e6f9cedd1e2a7be125638fdd2f7f0d43613360acd780
                                                                      • Instruction ID: 9a4f90df1d50e7e5310f36a24424b25d59c3c1ee92c7e95d1212143f08a48857
                                                                      • Opcode Fuzzy Hash: 9d0145b2161ee4ada670e6f9cedd1e2a7be125638fdd2f7f0d43613360acd780
                                                                      • Instruction Fuzzy Hash: 6941863161AA4286E750AF21EC44AABE362FF84F94F851231EA5E466F9EF3CD444C750
                                                                      Function 00007FFE13333E78 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: BuildSizeValue_
                                                                      • String ID: OiII$Unknown Bluetooth protocol$iy#
                                                                      • API String ID: 1740464280-1931379703
                                                                      • Opcode ID: 353835afa98221497c9edfe29ee986e68db53b7b411e73699d2c6bb7bc9f5b13
                                                                      • Instruction ID: 51e3edfc276851d91d238e4167f4677fc5873fb2adc650455a402a5d757f2e16
                                                                      • Opcode Fuzzy Hash: 353835afa98221497c9edfe29ee986e68db53b7b411e73699d2c6bb7bc9f5b13
                                                                      • Instruction Fuzzy Hash: C4314021A09E5289EA248B17E594039E3B0EF64FB0B44C5B5DA6D67BB4EF3CE455C308
                                                                      Function 00007FFE1A4619E8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Err_$AttrFormatLookupObject_OccurredSequence_StringTupleTuple_
                                                                      • String ID: _argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
                                                                      • API String ID: 846282434-3063448601
                                                                      • Opcode ID: 724002600cbe678d67675c26a4b9d01a3a581ac24ce5a4d003aa2ea4fd4e8d68
                                                                      • Instruction ID: e77719614db9f91734030280d9ca4fc40bffc40972f4021d235afe28f403fffe
                                                                      • Opcode Fuzzy Hash: 724002600cbe678d67675c26a4b9d01a3a581ac24ce5a4d003aa2ea4fd4e8d68
                                                                      • Instruction Fuzzy Hash: 2D312C36B0AE8281EA188FA7E94407963B0FB85FB4F0440F3C91E47674DE7DE5659300
                                                                      Function 00007FFE1A46DEF0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$FormatMem_$Arg_CallocMemoryParseReallocStringTuplememcpy
                                                                      • String ID: Memory cannot be resized because this object doesn't own it$On:resize$excepted ctypes instance$minimum size is %zd
                                                                      • API String ID: 2473355626-828838525
                                                                      • Opcode ID: f9aa9f32a89cb61ee1bf144a1939b834fa7b6946bf1154725cfecb0d0dff8972
                                                                      • Instruction ID: 337c57de1948e70c734b7d9198e43b74b7c1939fd3d261d8f5b7658f5874cd54
                                                                      • Opcode Fuzzy Hash: f9aa9f32a89cb61ee1bf144a1939b834fa7b6946bf1154725cfecb0d0dff8972
                                                                      • Instruction Fuzzy Hash: 9A31D665B09E8681EA588B97E89017923B0FB89FA4F1014F3DA5E47774DF3DE4A88740
                                                                      Function 00007FFE1A502CE4 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 3436797354-393685449
                                                                      • Opcode ID: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                      • Instruction ID: dca6730d4a6efa993b9b6468a2a01a48de88fdd96f830897df1b38a13bf1b9c4
                                                                      • Opcode Fuzzy Hash: d5e0e3ab29c15918133307a59fdea49d8ed4f7431b693d67295d57de9f2acebd
                                                                      • Instruction Fuzzy Hash: C6D17072B0CB4186EB209F66D5402BE7BA4FB56BA8F1401B6DE4D57B66CF38E494C700
                                                                      Function 00007FFE1A46A9EC Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 165COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A4642D0: PyType_IsSubtype.PYTHON310 ref: 00007FFE1A4642DD
                                                                      • PyErr_SetString.PYTHON310(?,?,?,?,00007FFE1A4693F5,?), ref: 00007FFE1A46AA2D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_StringSubtypeType_
                                                                      • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance$not a ctype instance
                                                                      • API String ID: 468607378-2159251832
                                                                      • Opcode ID: 078e3cba5accd8bb6f0cb7d9ae53ec87ae75b9a08905c58a7c4965179d561b23
                                                                      • Instruction ID: 4f8bc7d1f8f148cfaf942602f46621fc23e3d7ef2c949ea98354e8416eebca15
                                                                      • Opcode Fuzzy Hash: 078e3cba5accd8bb6f0cb7d9ae53ec87ae75b9a08905c58a7c4965179d561b23
                                                                      • Instruction Fuzzy Hash: 31710365B08F8282EA149F57A5502B963B1EF85FE4F5840F3DE2D477B5DE2CE8618340
                                                                      Function 00007FFE1A46AE14 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Err_ParseSizeTuple_$FormatString
                                                                      • String ID: abstract class$is|Oz#$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes
                                                                      • API String ID: 2189051491-1121734848
                                                                      • Opcode ID: eb20fe7c4c5a5504974110eb64683ec67b99830cefe735b54df39372a46783c4
                                                                      • Instruction ID: adce2142917004702e660d9705811db58c93fbe95786913a30c878dc562e838a
                                                                      • Opcode Fuzzy Hash: eb20fe7c4c5a5504974110eb64683ec67b99830cefe735b54df39372a46783c4
                                                                      • Instruction Fuzzy Hash: 65614566B09E5284EB548B66E8446B827B4FB44FA4F5480B7DE1E17B64DF38E8A5C300
                                                                      Function 00007FFE1333696C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditErr_FreeMem_ParseSizeStringSys_Tuple_
                                                                      • String ID: et:gethostbyaddr$idna$socket.gethostbyaddr$unsupported address family
                                                                      • API String ID: 1738687268-1751716127
                                                                      • Opcode ID: 98229431cc72c5b60d3381cf1749f1d8899e3788f0b375b0806584a7f3bb12a3
                                                                      • Instruction ID: cf098dc7518b40dd049bf730e137d1fa639de10415616ebbb409868b75d0aae2
                                                                      • Opcode Fuzzy Hash: 98229431cc72c5b60d3381cf1749f1d8899e3788f0b375b0806584a7f3bb12a3
                                                                      • Instruction Fuzzy Hash: EE314361B08E8689EA608B17F8503B9A760FF94FE4F44C072DA6E67764DE3CD548C744
                                                                      Function 00007FFE13335AD8 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_Release$Size$Arg_BuildDeallocErr_Keywords_ParseStringTupleValue_
                                                                      • String ID: nbytes is greater than the length of the buffer$negative buffersize in recvfrom_into$w*|ni:recvfrom_into
                                                                      • API String ID: 252658603-4033050226
                                                                      • Opcode ID: 0705913c2ab680648754cd34ace5841cec028cadc2e91a03784a68f03b2e24d2
                                                                      • Instruction ID: 40bb55e5203ac775c6024bb3ec0220c0dce78fa073bb3da1e940884e4d79d830
                                                                      • Opcode Fuzzy Hash: 0705913c2ab680648754cd34ace5841cec028cadc2e91a03784a68f03b2e24d2
                                                                      • Instruction Fuzzy Hash: 40313C7160CF46C9EE148F52E4042B9B3A0FB69FA0F408176DAAD67AA4DF3DE548C704
                                                                      Function 00007FFE13336F8C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 44threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_AuditErr_FromLongLong_ParseRestoreSaveSizeStringSys_Tuple_getservbynamehtons
                                                                      • String ID: service/proto not found$socket.getservbyname$s|s:getservbyname
                                                                      • API String ID: 1135235387-1257235949
                                                                      • Opcode ID: f9a72f5dca326385be511bd19bd29fd47d34fef4b972b8e21db05dc1682558bc
                                                                      • Instruction ID: 4efd2e4630803191c217a6d9ff2369d97ebe0e1ccb90d378da4fec6615385da2
                                                                      • Opcode Fuzzy Hash: f9a72f5dca326385be511bd19bd29fd47d34fef4b972b8e21db05dc1682558bc
                                                                      • Instruction Fuzzy Hash: F2110025A08E4285EA008B17E844279A770FF55FE5F548071DA9D67674DF3DD449C708
                                                                      Function 00007FFE13334D44 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Bytes_FromSizegetsockopt$Arg_DeallocLongLong_ParseResizeStringTuple_
                                                                      • String ID: getsockopt buflen out of range$ii|i:getsockopt
                                                                      • API String ID: 3532181676-2750947780
                                                                      • Opcode ID: 3d9444d9b4fcf8c03ee1b15078595685ee80d71884746e4882ea7d307aa8481c
                                                                      • Instruction ID: a810df4c8dd3ecc75789a1ea6489b69c513178e90cf298b12cfa3fa080135bd9
                                                                      • Opcode Fuzzy Hash: 3d9444d9b4fcf8c03ee1b15078595685ee80d71884746e4882ea7d307aa8481c
                                                                      • Instruction Fuzzy Hash: 2D312D76A19E428BEB14CF26E44006AB7A0FB94F64B104175EA6E57A74DF3CD409CB04
                                                                      Function 00007FFE1A46AC88 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememcpy
                                                                      • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                                                      • API String ID: 111561578-4068157617
                                                                      • Opcode ID: 0d851123794c9fecfdb48870ace51dd7f7e5c66a42d52e57da738b3789f901d1
                                                                      • Instruction ID: 313f5a605a61e2bb8ee2209e0896155324c0e3ac1ee6d57f7cd28b1c8451358c
                                                                      • Opcode Fuzzy Hash: 0d851123794c9fecfdb48870ace51dd7f7e5c66a42d52e57da738b3789f901d1
                                                                      • Instruction Fuzzy Hash: 23310766B08F8281EA448F97E8445B823B1FB88FB5F5441B7DA2D47664DF3CE8648340
                                                                      Function 00007FFE13335778 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_Release$Arg_Err_FromKeywords_Long_ParseSizeSsize_tStringTuple
                                                                      • String ID: buffer too small for requested bytes$negative buffersize in recv_into$w*|ni:recv_into
                                                                      • API String ID: 1544103690-1758107600
                                                                      • Opcode ID: 89005228e4cea17376f97269b7d6abe6c5a932b6ab5e78d6a81b8059a174bdbb
                                                                      • Instruction ID: 565c7d700d41b3615a944c2b753e858a59a362ba23c12c96f131d00213c28cd6
                                                                      • Opcode Fuzzy Hash: 89005228e4cea17376f97269b7d6abe6c5a932b6ab5e78d6a81b8059a174bdbb
                                                                      • Instruction Fuzzy Hash: CA212B61B0CF46D9EB108B53E4542B9A360FF69FA4F408176D96EA76A0DF3CE548C708
                                                                      Function 00007FFE13332300 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 349153199-0
                                                                      • Opcode ID: d5afc085fc45b5ebf7f385d51367a3daf37747de06a3a545353276f58d4f11ca
                                                                      • Instruction ID: 80a408e8c8392e52c41f8d59d3fa033d966fff8901827e2e1b2e46da1103611c
                                                                      • Opcode Fuzzy Hash: d5afc085fc45b5ebf7f385d51367a3daf37747de06a3a545353276f58d4f11ca
                                                                      • Instruction Fuzzy Hash: EA816A21E08E038EF6549B27E4412B9E290AF65FA0F44C1B5D92DE76B6DF2CE445C708
                                                                      Function 00007FFE1A4511C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 349153199-0
                                                                      • Opcode ID: 0a7c2a273ccf2fb31476c989fa3f4045a3fb58dfaeba507e34ab3b8b5db9de69
                                                                      • Instruction ID: 47145aafcf32d96f4c4eae6e9bd54cd59bcd2b3d48e8848e70397b650e47c826
                                                                      • Opcode Fuzzy Hash: 0a7c2a273ccf2fb31476c989fa3f4045a3fb58dfaeba507e34ab3b8b5db9de69
                                                                      • Instruction Fuzzy Hash: 73817AA1F0CF8386F650BB6F94512B96690AF46FA0F5445F7E90D877B2DF2CE8618600
                                                                      Function 00007FFE1A50E350 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                      • API String ID: 0-3207858774
                                                                      • Opcode ID: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                      • Instruction ID: c6e9cfc319e700c11176eba58044ceb3b322e70b16d2dbd47a56526356985da1
                                                                      • Opcode Fuzzy Hash: 6f458657f8fae6e2f2557f40169539ea56a3e6fb73d2116d9b83691f1491e61c
                                                                      • Instruction Fuzzy Hash: 93916BA2B0CE8689EB118B22E5502BC77A2AB56FA4F5844F3DE4D037A5DF3CE505D350
                                                                      Function 00007FFE1A46B5D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 142COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CallObjectObject_
                                                                      • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                                                      • API String ID: 3040866976-3177377183
                                                                      • Opcode ID: 85f6d19f2941a13053b3be6d9e40da41c7ef65b28528ac02b615d0e339df0129
                                                                      • Instruction ID: ff4cde0c1767de9610494e6a04e8cef209823cf882c5a3013e0a75ca9c8afcb1
                                                                      • Opcode Fuzzy Hash: 85f6d19f2941a13053b3be6d9e40da41c7ef65b28528ac02b615d0e339df0129
                                                                      • Instruction Fuzzy Hash: 44513569B48F8281EE10AB57A9502B96371AF85FE4F4840F3DE2D477B5DF2CE4628340
                                                                      Function 00007FFE1A461420 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Unicode_$ConcatDict_FromInternStringTuple_Update
                                                                      • String ID: _be
                                                                      • API String ID: 1858819020-4071763053
                                                                      • Opcode ID: 2644032824a322e6a55126005bc4cd56508674a2ad6f6f14c3d1d539e4b28ebd
                                                                      • Instruction ID: 80d66932e281330a4aaa1536349c11b9a851482ca22516523ec405ab7843898e
                                                                      • Opcode Fuzzy Hash: 2644032824a322e6a55126005bc4cd56508674a2ad6f6f14c3d1d539e4b28ebd
                                                                      • Instruction Fuzzy Hash: 60511672B09F4681EB548F6AE85023873A0FB88FA4F5845B6CA5E43364DF3CE4A0C300
                                                                      Function 00007FFE1A50A13C Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$Name::operator+=
                                                                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                      • API String ID: 179159573-1464470183
                                                                      • Opcode ID: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                      • Instruction ID: 7c6e755051b59740a1e8bc0ab62e7da3a44f3def8af88fdd8b62a23549bdaa1c
                                                                      • Opcode Fuzzy Hash: 2fc61dd6c602e97fa3c1e55ca06bd20aebc659b0b394667bc2b1a0081ee2f141
                                                                      • Instruction Fuzzy Hash: CD516A32F1CE5299FB14CB66E9405BC23B1BB16BA4F5002B6EA0D12A68DF39E541C300
                                                                      Function 00007FFE13335D50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_Err_Release$Arg_CheckClockMonotonicParseSignalsSizeStringTime_Tuple_
                                                                      • String ID: timed out$y*|i:sendall
                                                                      • API String ID: 3554838567-3431350491
                                                                      • Opcode ID: ac67c6946d91571227878b9fc38b219e8b5b982bca3a3598a4433bfa94bd2057
                                                                      • Instruction ID: 9eec87c1b868b6ffe9e127de7b8640248d2a7e00d8411cda681b56acf3fc271d
                                                                      • Opcode Fuzzy Hash: ac67c6946d91571227878b9fc38b219e8b5b982bca3a3598a4433bfa94bd2057
                                                                      • Instruction Fuzzy Hash: E3411032608E86CAE7108F12E8446A9B764FB54FA4F148075DE5D67B74DF3CE4498708
                                                                      Function 00007FFE13335868 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Bytes_DeallocSizeStringTuple_$Arg_Err_FromPackParseResize
                                                                      • String ID: negative buffersize in recvfrom$n|i:recvfrom
                                                                      • API String ID: 3092067012-1867657612
                                                                      • Opcode ID: 83f9b58e137ff5b4d5c2a0cd64645913c7deeb5d8e7d1a3be8a56de5518b32cc
                                                                      • Instruction ID: 0a9a5cc2972ed28d0e0ebc9e35d134410b5cd9a9951f204da900bfd0116c1d2a
                                                                      • Opcode Fuzzy Hash: 83f9b58e137ff5b4d5c2a0cd64645913c7deeb5d8e7d1a3be8a56de5518b32cc
                                                                      • Instruction Fuzzy Hash: 7B311A75B09F46C5EA408B12E440179E7A0FFA4FA4F448075DA9E6A7A8DE3CE048C704
                                                                      Function 00007FFE1A46E104 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocObject_$Arg_AttrCallFromMethodParseTupleUnicode_Vectorcall
                                                                      • String ID: OO!
                                                                      • API String ID: 3012979734-3205451899
                                                                      • Opcode ID: 978f69857f838898332f4fc91fac28383bcc59b722b7374346f7f096d1225fa0
                                                                      • Instruction ID: c84cebb449bbeed58b7a8e093b7fa1c0e1da87aebbace901111a14c94606c7bb
                                                                      • Opcode Fuzzy Hash: 978f69857f838898332f4fc91fac28383bcc59b722b7374346f7f096d1225fa0
                                                                      • Instruction Fuzzy Hash: C0214D75B0AF8281EB548BA3A94457963E0AF88FF0F1440F6E91D43764EE3CE9248700
                                                                      Function 00007FFE1A46E238 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 55memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                                                      • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                                                      • API String ID: 920172908-178309214
                                                                      • Opcode ID: 931a12e67ffed64f0fa10fcd86034d5280e799a70b5693590e45540e54f8af26
                                                                      • Instruction ID: 32abd29a2dc1967978d25727e394478e27baf6f09f3ecbfc45d9f64a45eb1e4b
                                                                      • Opcode Fuzzy Hash: 931a12e67ffed64f0fa10fcd86034d5280e799a70b5693590e45540e54f8af26
                                                                      • Instruction Fuzzy Hash: 9521FF65B1AE8281EA549B97E85103923B1EF88FB0F1454F7D91E47774DE3CE4A58300
                                                                      Function 00007FFE1A469FF4 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$DeallocString$Formatmemcpy
                                                                      • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                                                      • API String ID: 1948958528-1866040848
                                                                      • Opcode ID: 4a562d60013058a70671ffceeab1b3fd04f49d5ee63d2fc195c586830972b10d
                                                                      • Instruction ID: 14c8e4115d6ef0acc7f670a8f32aa1eaf2940eabbb76fde470426569a762e6cb
                                                                      • Opcode Fuzzy Hash: 4a562d60013058a70671ffceeab1b3fd04f49d5ee63d2fc195c586830972b10d
                                                                      • Instruction Fuzzy Hash: EC213976B08E8285EA508F6BE94017923B1FB84FB4F1450F3DA2E47675CF2DE4A58300
                                                                      Function 00007FFE13336B6C Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 52threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_AuditFreeMem_ParseRestoreSaveSizeSys_Tuple_gethostbyname
                                                                      • String ID: et:gethostbyname_ex$idna$socket.gethostbyname
                                                                      • API String ID: 646687969-574663143
                                                                      • Opcode ID: e04944e54b159d15b3f838a7bb3c102f2550a0bbcf1f8dac14eaea9ad7882caf
                                                                      • Instruction ID: 8ce9fb9973e4a0591323cf63f5c9d75b84d4d7d64a9fa3b20fc99d1af799195d
                                                                      • Opcode Fuzzy Hash: e04944e54b159d15b3f838a7bb3c102f2550a0bbcf1f8dac14eaea9ad7882caf
                                                                      • Instruction Fuzzy Hash: F0213321B18E4689EA209B13F8447A5A760FF98FE4F448071DD5E97735DE3CD145C704
                                                                      Function 00007FFE133376FC Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Arg_ErrnoFromParseSizeStringTuple_inet_pton
                                                                      • String ID: illegal IP address string passed to inet_pton$is:inet_pton$unknown address family
                                                                      • API String ID: 907464-903159468
                                                                      • Opcode ID: a8079a21e0b50c99603c320a764d5d457c7616c954cc9573fd85101aa73980cf
                                                                      • Instruction ID: 898d17ed1b74d03d315ee7aaaf02b0cc581a1f6fe0f13af8342897f3ce60b331
                                                                      • Opcode Fuzzy Hash: a8079a21e0b50c99603c320a764d5d457c7616c954cc9573fd85101aa73980cf
                                                                      • Instruction Fuzzy Hash: 14215025A18D4389EA51CB12E840479B371FFA4F74F5080B1E56EA6674CF3CE509C704
                                                                      Function 00007FFE13334AB4 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Eval_RestoreThread$ExceptionFetchMatchesResourceSaveUnraisableWarningWriteclosesocket
                                                                      • String ID: unclosed %R
                                                                      • API String ID: 1289403202-2306019038
                                                                      • Opcode ID: f525ec66818727f2993075017e3716c23507459d78dfccb63039af88b7442a7a
                                                                      • Instruction ID: 4788a3f34b45f542d25f3f57d07ef61e4b612db938dde3c157fb33704996c22a
                                                                      • Opcode Fuzzy Hash: f525ec66818727f2993075017e3716c23507459d78dfccb63039af88b7442a7a
                                                                      • Instruction Fuzzy Hash: A711F825A18E4286EB408B13E844169A760FB95FB4B145271DEBE676F4DF3CE488C704
                                                                      Function 00007FFE1A5088E4 Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                      • Instruction ID: 5edb52e80a2ea6c48b06a87e336af2d04224171a00d6df38fdc5c94caeafc803
                                                                      • Opcode Fuzzy Hash: 28d39e64d2900046752fe00e0d170ae61e4b908a297697eb59c3c366de5be272
                                                                      • Instruction Fuzzy Hash: 30616D62B08F5298FB01DBA2D9801FC37B1BB45BA8F4044B6DE4D2BAA9DF78D545C340
                                                                      Function 00007FFE1A462120 Relevance: 15.1, APIs: 10, Instructions: 137threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dict_Item$CallCheckDeallocErrorFunctionMakeObject_ResultState_ThreadTuple_UpdateWith
                                                                      • String ID:
                                                                      • API String ID: 2684862677-0
                                                                      • Opcode ID: 856ea5dd64bbe415ba62862e45a8be23e0cd1e6e66a2b038dae799195620899e
                                                                      • Instruction ID: dbea1df6ad4c24bb5dc8017423f914bcd805eec7265494aa70c54001c9622042
                                                                      • Opcode Fuzzy Hash: 856ea5dd64bbe415ba62862e45a8be23e0cd1e6e66a2b038dae799195620899e
                                                                      • Instruction Fuzzy Hash: 53514625B0AF8281EA449B67A8543B963A0BF89FB0F0840F6DD5E437B4DF3CE4658300
                                                                      Function 00007FFE13336498 Relevance: 15.1, APIs: 10, Instructions: 59networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Long$Err_FromLong_Socketclosesocket$CurrentDuplicateHandleInformationOccurredProcessWindows
                                                                      • String ID:
                                                                      • API String ID: 3394293678-0
                                                                      • Opcode ID: a4c258c7472d498bd9a96f069a80fd1fd034d6ef1d70bd76a161b75a88b61245
                                                                      • Instruction ID: 35cb6ee47a1253d2476b0e9ee24aed95abfc333d8ef77604fe73e963d782a1ec
                                                                      • Opcode Fuzzy Hash: a4c258c7472d498bd9a96f069a80fd1fd034d6ef1d70bd76a161b75a88b61245
                                                                      • Instruction Fuzzy Hash: B4215820E1DE428AFA645B23A858379A390AF68FB4F448375D87E567F4DF3CE0484604
                                                                      Function 00007FFE1A5031A0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 211107550-393685449
                                                                      • Opcode ID: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                      • Instruction ID: 1b3d195763d1f973c45b5a73e349ba37a2123806c372619782a4467c614aa48c
                                                                      • Opcode Fuzzy Hash: 1f2c6e9c8ad6c1917ecaa8d6efe9c468c91fc9baef10e6d9588306a72b9f3ebc
                                                                      • Instruction Fuzzy Hash: C9E18372B0CA818AE7109F66D5802BE7BA1FB46F68F1441B6DE9D47766CF38E485C700
                                                                      Function 00007FFE1A4635E0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 276threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyThreadState_Get.PYTHON310(?,?,00000000,00000000,00000000,00000001,?,00000000,00007FFE1A467CE3), ref: 00007FFE1A463601
                                                                      • _PyObject_MakeTpCall.PYTHON310(?,?,00000000,00000000,00000000,00000001,?,00000000,00007FFE1A467CE3), ref: 00007FFE1A463647
                                                                      • PyType_IsSubtype.PYTHON310(?,?,00000000,00000000,00000000,00000001,?,00000000,00007FFE1A467CE3), ref: 00007FFE1A4636D4
                                                                      • _Py_CheckFunctionResult.PYTHON310(?,?,00000000,00000000,00000000,00000001,?,00000000,00007FFE1A467CE3), ref: 00007FFE1A468164
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CallCheckFunctionMakeObject_ResultState_SubtypeThreadType_
                                                                      • String ID: has no _stginfo_
                                                                      • API String ID: 4250817624-2912685656
                                                                      • Opcode ID: e2aa2a9eeefd8cbb5df4c8954d2b4accec3eb59db5c4a84c875298857b9f2ca5
                                                                      • Instruction ID: 738803042bdeb89920373fc6883559b5dcc3c021e7ddd74367d94dd264e52f4d
                                                                      • Opcode Fuzzy Hash: e2aa2a9eeefd8cbb5df4c8954d2b4accec3eb59db5c4a84c875298857b9f2ca5
                                                                      • Instruction Fuzzy Hash: 73C13AB2B09F8685EA658F66E4503B923B4FB84FA4F5484B6CA5E43760DF3CE465C340
                                                                      Function 00007FFE1A46BB70 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc
                                                                      • String ID: P$wrong type
                                                                      • API String ID: 3617616757-281217272
                                                                      • Opcode ID: 8823a595e9dd6be5fb0eadc091558ae72853152819677045c15890fb8a65f521
                                                                      • Instruction ID: e4a9c47aca9423fe8d6fd859e367181e72a556951a3dc5495730db386faf8bc5
                                                                      • Opcode Fuzzy Hash: 8823a595e9dd6be5fb0eadc091558ae72853152819677045c15890fb8a65f521
                                                                      • Instruction Fuzzy Hash: F4716C21B49E8281FA549B17D99017927B0AF85FA0F4840F7DA6E4B7B5EF2CE526C340
                                                                      Function 00007FFE1A464148 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 131COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_ParseSizeTuple_$Err_Long_StringVoid$AttrAuditCallable_CheckObject_OccurredSequence_Sys_Tuple
                                                                      • String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
                                                                      • API String ID: 2570622991-2742191083
                                                                      • Opcode ID: cb456a2dd517227a38314da26b9ddb0b17341ba8ce78ccdf17b5af3eb13c7551
                                                                      • Instruction ID: 71a271df7abc36b89f064c05d756ade8db00ad00795b8241a5abceafd49950e3
                                                                      • Opcode Fuzzy Hash: cb456a2dd517227a38314da26b9ddb0b17341ba8ce78ccdf17b5af3eb13c7551
                                                                      • Instruction Fuzzy Hash: C65149A5B09E8280FE558B53955427923B1EF99FE4F5880F3DE2E477B6DE2CE4618300
                                                                      Function 00007FFE1A462480 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Object_$DeallocInstance
                                                                      • String ID: wrong type$z
                                                                      • API String ID: 4187442863-754830697
                                                                      • Opcode ID: df74c8d1136489613b0192a1189ba5809b3c5eae14013524b4ddb1f58e2519ce
                                                                      • Instruction ID: dd382f3be1f9bf01814fb4c5dfd151ed9d4462f4ecc903bb5955d9359e8e5574
                                                                      • Opcode Fuzzy Hash: df74c8d1136489613b0192a1189ba5809b3c5eae14013524b4ddb1f58e2519ce
                                                                      • Instruction Fuzzy Hash: E2513D25B0AE4290EA549B53E55427963B1AF88FB4F4454F3D92E877B1EF3CE865C300
                                                                      Function 00007FFE1A50BE24 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                      • API String ID: 2943138195-2239912363
                                                                      • Opcode ID: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                      • Instruction ID: 646410e229d86a5f4c1a7d0918e18fba25a94a735e4f2329ef9c37d88ed60513
                                                                      • Opcode Fuzzy Hash: e2dcc5ac231621b7bb9adceaede0f9dd180f9bba2b8fff5e7c5622460418e45f
                                                                      • Instruction Fuzzy Hash: C6513762F1CF4698FB118F62D9812BC77B1BB1AB64F4540B6CA4D13AA5DF7CA144C710
                                                                      Function 00007FFE1A4625B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CallDeallocFromFunctionLongLong_Object_SubtypeTraceback_Type_
                                                                      • String ID: GetResult$_ctypes/callproc.c
                                                                      • API String ID: 2023917323-4166898048
                                                                      • Opcode ID: f0126655cc8950be5b0f54082c3a5b1f531c06bdf583755ccad60bc5d080f089
                                                                      • Instruction ID: 6de17905b97d70dd8f605c4361e955d45a66315ba0bb388c346feeaa30f9beac
                                                                      • Opcode Fuzzy Hash: f0126655cc8950be5b0f54082c3a5b1f531c06bdf583755ccad60bc5d080f089
                                                                      • Instruction Fuzzy Hash: 61416A21F0AE8392FA54DB57A55027823B1AF54FA4F0844F3DA2E076B5EF3CE8648310
                                                                      Function 00007FFE1A452584 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$DescriptorErr_FastFileObject_Sequence_String
                                                                      • String ID: arguments 1-3 must be sequences$too many file descriptors in select()
                                                                      • API String ID: 3320488554-3996108163
                                                                      • Opcode ID: 17131bbc44f4b79e33089852271c129195f90b2412741ebf9987faf35f5f1577
                                                                      • Instruction ID: 5ffaf841d5c1e87b8c3f1b3427ddb903519a64a5501713bda901b8cfc85865db
                                                                      • Opcode Fuzzy Hash: 17131bbc44f4b79e33089852271c129195f90b2412741ebf9987faf35f5f1577
                                                                      • Instruction Fuzzy Hash: 6A314DB2B08F0191EA15AF26D55813873A4FB54FB0F1546B7EA6A077A4DF38E461C300
                                                                      Function 00007FFE13333A70 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 83networkthreadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CheckErr_Eval_SignalsThread$RestoreSaveconnect
                                                                      • String ID: 3'
                                                                      • API String ID: 1012362816-280543908
                                                                      • Opcode ID: 964b97621a2cf32c01eaca2eb4653114b01f3005116b6938c1732ed7ac4cd067
                                                                      • Instruction ID: 329c423b4c340dfa697297d6231bdb9448328c10e7200824b0eaa46faa8e3881
                                                                      • Opcode Fuzzy Hash: 964b97621a2cf32c01eaca2eb4653114b01f3005116b6938c1732ed7ac4cd067
                                                                      • Instruction Fuzzy Hash: 34312F21B0CF428AEB544F63A844179A690EF64FB4F04C175EE6EA6BB5DF3CE4448648
                                                                      Function 00007FFE1A469CCC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyObject_IsInstance.PYTHON310(?,?,00000000,00007FFE1A468CF8), ref: 00007FFE1A469CE7
                                                                      • PyObject_IsInstance.PYTHON310(?,?,00000000,00007FFE1A468CF8), ref: 00007FFE1A469D2F
                                                                      • PyErr_Format.PYTHON310(?,?,00000000,00007FFE1A468CF8), ref: 00007FFE1A469DC1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: InstanceObject_$Err_Format
                                                                      • String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
                                                                      • API String ID: 215623467-1082101171
                                                                      • Opcode ID: 68da8c84e4074c792c7d9b7b5f54d02a602db5bb5c3e13214e0faa670f7f064e
                                                                      • Instruction ID: cd7c8c0ae6236e5bc657956d7baeecb1f999d9d59f1167f694ff342fb44d5372
                                                                      • Opcode Fuzzy Hash: 68da8c84e4074c792c7d9b7b5f54d02a602db5bb5c3e13214e0faa670f7f064e
                                                                      • Instruction Fuzzy Hash: 0A311A69B09E82C1EA548B67E5401B867B1AF84FB4B1441F3DA2E877B5DF6CE8658300
                                                                      Function 00007FFE1A46D830 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$BuildDeallocFromLong_OccurredSsize_tStringTuple_Value
                                                                      • String ID: not a ctypes type or object$siN
                                                                      • API String ID: 1444022424-92050270
                                                                      • Opcode ID: 7ff888724c3747c091783a3f4802d67904fe1315851ab8dfd4a142182ebd7ba6
                                                                      • Instruction ID: caacfea605e0de7aa2c2a160b50e68165d7039adcf07f52f4ea736b2f9ab7cf5
                                                                      • Opcode Fuzzy Hash: 7ff888724c3747c091783a3f4802d67904fe1315851ab8dfd4a142182ebd7ba6
                                                                      • Instruction Fuzzy Hash: CE214F25B09E82C1EB548B67E59427923B0EF84FA4F0840F6D96E47774EF2CE8A58340
                                                                      Function 00007FFE13337894 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Time_$Err_FromSecondsString$MillisecondsObjectTimeval
                                                                      • String ID: Timeout value out of range$timeout doesn't fit into C timeval
                                                                      • API String ID: 4240314503-2798848688
                                                                      • Opcode ID: a023ee759d177d607bd5d82baea4b249498da50cb2a056a62a12f0392eaa6726
                                                                      • Instruction ID: c322feb6ffea536607b73ef2cf71b759679c711f2e41e35935f644e3669931fd
                                                                      • Opcode Fuzzy Hash: a023ee759d177d607bd5d82baea4b249498da50cb2a056a62a12f0392eaa6726
                                                                      • Instruction Fuzzy Hash: 9D111D32B08E4286FA118B27E840528A761FFA4FB5F049271DA7D5B7B4DF2CE489C304
                                                                      Function 00007FFE1A469F60 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                                                      • String ID: byte string too long$cannot delete attribute
                                                                      • API String ID: 1128862751-688604938
                                                                      • Opcode ID: 0f4bfa81cb26e5f3b47337bb7a1b1217ef9327f228de4a6500615601cdb19820
                                                                      • Instruction ID: 7768be190d6ca6f9237ab0d09a452c8b4a6b9594607796f379099f9570a4efa8
                                                                      • Opcode Fuzzy Hash: 0f4bfa81cb26e5f3b47337bb7a1b1217ef9327f228de4a6500615601cdb19820
                                                                      • Instruction Fuzzy Hash: 01015269B18E8281EB548B66D8504B92371FFC8FB4B5001F3D96D875B5DF6CD5688700
                                                                      Function 00007FFE13336F08 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 32threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_getprotobyname
                                                                      • String ID: protocol not found$s:getprotobyname
                                                                      • API String ID: 862796068-630402058
                                                                      • Opcode ID: 5481b61eda44c347f332d8b0963d03cdd85e01febd83b0ca680fb30b9bcf8349
                                                                      • Instruction ID: a90ed3df3facc89583cb6fc227c798922eff96528b898efe2073584b34d53cbe
                                                                      • Opcode Fuzzy Hash: 5481b61eda44c347f332d8b0963d03cdd85e01febd83b0ca680fb30b9bcf8349
                                                                      • Instruction Fuzzy Hash: 25014465A18E4389EA048B13E884039A7B0FF68FF5B4491B1D96E67B34DF3CE0588708
                                                                      Function 00007FFE133374B8 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 29stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: SizeString$Arg_Bytes_Err_FromParseTuple_inet_addrstrcmp
                                                                      • String ID: 255.255.255.255$illegal IP address string passed to inet_aton$s:inet_aton
                                                                      • API String ID: 717551241-4110412280
                                                                      • Opcode ID: 85c87bd6c563b56b96c64826978c44c426b9c64fd5223bc180bdd616d96a1fe4
                                                                      • Instruction ID: af69331876830fc00494f136063d07b161aeb7c601fb7ef3935e18e73249c5b9
                                                                      • Opcode Fuzzy Hash: 85c87bd6c563b56b96c64826978c44c426b9c64fd5223bc180bdd616d96a1fe4
                                                                      • Instruction Fuzzy Hash: 6B014461A08E0389EA009B27EC40179A770FFA1FB4F508171D67E566B4DF3DD449C704
                                                                      Function 00007FFE13337538 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_ReleaseString$Arg_Err_FromParseSizeTuple_Unicode_inet_ntoa
                                                                      • String ID: packed IP wrong length for inet_ntoa$y*:inet_ntoa
                                                                      • API String ID: 1492101624-3027498899
                                                                      • Opcode ID: a578b6b0b3d228ca99dc599ccd3b8ac44c162ad654da1d74dcaa0d9036efe889
                                                                      • Instruction ID: 4191bbf610cb8f4505d245bf11031c5a03f7b6ca7c2d0d5f17c7d5993d1b4914
                                                                      • Opcode Fuzzy Hash: a578b6b0b3d228ca99dc599ccd3b8ac44c162ad654da1d74dcaa0d9036efe889
                                                                      • Instruction Fuzzy Hash: 8A012C61A0CE478AEB119B16E844079A7A0FFA8F69B508071D66E57634CE3CE54DCB44
                                                                      Function 00007FFE1A465800 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 349153199-0
                                                                      • Opcode ID: 695c0c5139e9978a8d4aa59ca2ad0c9d9ae8471382ace2702bbc1bcc91a6c872
                                                                      • Instruction ID: 00110ac159ac96d09327b205da618a9d5883c3703ebcea7cf37393a1c325aa4b
                                                                      • Opcode Fuzzy Hash: 695c0c5139e9978a8d4aa59ca2ad0c9d9ae8471382ace2702bbc1bcc91a6c872
                                                                      • Instruction Fuzzy Hash: 5E81AE21F08E4386FA549BB7944127962B0AF85FB1F1440F7D92C837B6DE3CE8658782
                                                                      Function 00007FFE1A46F900 Relevance: 13.6, APIs: 9, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_$FreeMalloc$memcpy$Err_Memory
                                                                      • String ID:
                                                                      • API String ID: 3409580572-0
                                                                      • Opcode ID: 2d51fdbd9facb0d8b5915381ff0e0b6207c6e6c46aa95778c3d7b48436f5c971
                                                                      • Instruction ID: e1b702b2dc17b115b206d0c6157525a4ef24027b328b6051517107f8f4365989
                                                                      • Opcode Fuzzy Hash: 2d51fdbd9facb0d8b5915381ff0e0b6207c6e6c46aa95778c3d7b48436f5c971
                                                                      • Instruction Fuzzy Hash: 10510F12B19FC592EB598F2595403B86360FB59F64F0492B6CFAD072A6DF38A1B58310
                                                                      Function 00007FFE13334424 Relevance: 13.6, APIs: 9, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$ErrorFromLastLongclosesocket$CheckHandleInformationLong_SignalsStringWindowsmemset
                                                                      • String ID:
                                                                      • API String ID: 205095079-0
                                                                      • Opcode ID: 43e2987a347d55eb668104df084fc3c93700d5182306fe8b0ba7e01045d3a364
                                                                      • Instruction ID: 2ae78f8a5d548d275cfa91bd0ffa69f8f1ce81f9b5fb8f46df3460d4793fcb64
                                                                      • Opcode Fuzzy Hash: 43e2987a347d55eb668104df084fc3c93700d5182306fe8b0ba7e01045d3a364
                                                                      • Instruction Fuzzy Hash: 74414A36A0CF8685EA649B13E4403BAE3A0FF99FA4F448075DA5D67B65DF3CD0458704
                                                                      Function 00007FFE1A505F0A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                      • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                      • API String ID: 1852475696-928371585
                                                                      • Opcode ID: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                      • Instruction ID: bd1cd6ad80056afa06b0d0298426ab08cdc4f2d848016eed9c963a81c2fa56bd
                                                                      • Opcode Fuzzy Hash: 7f6c35cefbfcfc98e88ebc0aa35afe6c2c6ede9eabcdb344d1914a97fbaad475
                                                                      • Instruction Fuzzy Hash: FC518F62B1DE4692EE20CB26E5905BD6361FB45FA8F5084F2DA8D07A75EF7CE505C300
                                                                      Function 00007FFE1A50E148 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$Name::operator+=
                                                                      • String ID: {for
                                                                      • API String ID: 179159573-864106941
                                                                      • Opcode ID: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                      • Instruction ID: 0f5f329ec3c0fb5d48b5ab8ed631240f811006f417f0b5376236bf97a4391045
                                                                      • Opcode Fuzzy Hash: edc966f78679f2c80b6a90da374f91d2d358e76260b44eb27b7c84d8a506cb89
                                                                      • Instruction Fuzzy Hash: EA5139B2B0CE86A9E7118F26D5413FC67A1EB46B68F4480B2EA4C47BA5DF7CD654C310
                                                                      Function 00007FF7A6A26390 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A2642F
                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A2647F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide
                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                      • API String ID: 626452242-27947307
                                                                      • Opcode ID: bf4685ee628fa4f9c0bf20aff60ff83333daa86c88ecf486454ea334ff95322c
                                                                      • Instruction ID: 18fa7283f09f22a400db301dbfa04fe16602ec9617d6a6d692ab8cd915f182bb
                                                                      • Opcode Fuzzy Hash: bf4685ee628fa4f9c0bf20aff60ff83333daa86c88ecf486454ea334ff95322c
                                                                      • Instruction Fuzzy Hash: 0341B13260AB8282D620EF21AC5096BF6A6FB94F94F955135DE8D53BB4EF3CE011C710
                                                                      Function 00007FF7A6A25D00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7A6A268F0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                        • Part of subcall function 00007FF7A6A329BC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A6A34C9C), ref: 00007FF7A6A32A29
                                                                        • Part of subcall function 00007FF7A6A329BC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7A6A34C9C), ref: 00007FF7A6A32A44
                                                                      • GetStartupInfoW.KERNEL32 ref: 00007FF7A6A25D87
                                                                        • Part of subcall function 00007FF7A6A34BFC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A34C10
                                                                        • Part of subcall function 00007FF7A6A32570: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7A6A325D7
                                                                      • GetCommandLineW.KERNEL32 ref: 00007FF7A6A25E0F
                                                                      • CreateProcessW.KERNEL32 ref: 00007FF7A6A25E51
                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF7A6A25E65
                                                                      • GetExitCodeProcess.KERNEL32 ref: 00007FF7A6A25E75
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                      • API String ID: 1742298069-3524285272
                                                                      • Opcode ID: 373b3e8cc1eb22f577014b8311e17748376db8fb731b9fc5a1d19a15b41eafec
                                                                      • Instruction ID: 51e9eb4b755bdf8853ab2b52fb8b9b310c14cf89ceaf210a004d751f8475e9e1
                                                                      • Opcode Fuzzy Hash: 373b3e8cc1eb22f577014b8311e17748376db8fb731b9fc5a1d19a15b41eafec
                                                                      • Instruction Fuzzy Hash: 7E418332A0978186D724EB64E8556ABF3A1FF94B50F814139E69E07BB6EF3CD0448B50
                                                                      Function 00007FFE1A5068AC Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A506931
                                                                      • GetLastError.KERNEL32(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A50693F
                                                                      • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A506958
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A50696A
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A5069B0
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FFE1A506A6B,?,?,00000000,00007FFE1A50689C,?,?,?,?,00007FFE1A5065E5), ref: 00007FFE1A5069BC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                      • String ID: api-ms-
                                                                      • API String ID: 916704608-2084034818
                                                                      • Opcode ID: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                      • Instruction ID: 88316b39a0793a53df88dc9f630f84d663b02c91de1440634da93de6e00e6cbd
                                                                      • Opcode Fuzzy Hash: 45bb9c456b18d615664943834e4003b355ea3ec7f5874fc1f64106649d67ca5c
                                                                      • Instruction Fuzzy Hash: 4A318021B1EF4291EE119B079A002B96294BF46FB0F6949F6DD1D0ABA4EF7CE144C310
                                                                      Function 00007FFE1A46438C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$AttrCallable_CheckErr_LookupObject_String
                                                                      • String ID: restype must be a type, a callable, or None
                                                                      • API String ID: 1528254987-4008198047
                                                                      • Opcode ID: de2527f899149651cd7c5f6f0d1348bce5802bdd662a87155ffaa7f79032b17d
                                                                      • Instruction ID: 0a58d17134b85df146717b835da2448a05bfac6a9c5f8919fab88fb199cae8fb
                                                                      • Opcode Fuzzy Hash: de2527f899149651cd7c5f6f0d1348bce5802bdd662a87155ffaa7f79032b17d
                                                                      • Instruction Fuzzy Hash: 7E313966B09E8281FE558B67A65433823B1BF54FB4F2440F2CA1E476B2DF2DE4758300
                                                                      Function 00007FFE1A46B50C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CharErr_Unicode_Wide$FormatString
                                                                      • String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
                                                                      • API String ID: 530648689-1577475929
                                                                      • Opcode ID: a661871a00cbd8f2811844498c3ac99684b7d47287e61f0f82bd225205817212
                                                                      • Instruction ID: b2cdf880add419dc6f69891e87db46f4461ace3c65cb2051cef8ed3984504b51
                                                                      • Opcode Fuzzy Hash: a661871a00cbd8f2811844498c3ac99684b7d47287e61f0f82bd225205817212
                                                                      • Instruction Fuzzy Hash: 03114D65B49F8282EA50CB57E4402792371FB84FE4F9494F3D92E477B4DE2DE4668300
                                                                      Function 00007FFE1A46EB58 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Long$Long_MaskUnsigned
                                                                      • String ID: _ctypes/cfield.c pymem$unicode string or integer address expected instead of %s instance
                                                                      • API String ID: 1805849926-901310697
                                                                      • Opcode ID: 97469b77b8f9be3a31c8a82b615cdb33605f736ae25a11cbfe468a8087faf290
                                                                      • Instruction ID: a950a7e57c5dd9f23bd93e84d6eab69166168aa774c007f19cdb88ab2f0b5a3d
                                                                      • Opcode Fuzzy Hash: 97469b77b8f9be3a31c8a82b615cdb33605f736ae25a11cbfe468a8087faf290
                                                                      • Instruction Fuzzy Hash: B1111AA5B0AE42C1EA648F57E84567823B0AF88FB4F5444F7C91E47374DE3CE4648300
                                                                      Function 00007FFE13335614 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Bytes_SizeString$Arg_DeallocErr_FromParseResizeTuple_
                                                                      • String ID: negative buffersize in recv$n|i:recv
                                                                      • API String ID: 1342606314-3647384195
                                                                      • Opcode ID: ae451e979028c13db66443e18ad555648066ea7401b2aee7db3c13db3b750e80
                                                                      • Instruction ID: 0a1b36d5f86a2223b67879ce58af18b2a14b725f0b31951a6936df51f80f0685
                                                                      • Opcode Fuzzy Hash: ae451e979028c13db66443e18ad555648066ea7401b2aee7db3c13db3b750e80
                                                                      • Instruction Fuzzy Hash: 94113D65A09E42C9FE108B52E40457AE760FFA4FA4F049172D95D6A7B4DF7CE048CB04
                                                                      Function 00007FFE1A46F510 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_$CharFormatStringUnicode_Wide
                                                                      • String ID: one character unicode string expected$unicode string expected instead of %s instance
                                                                      • API String ID: 3624372013-2255738861
                                                                      • Opcode ID: 4ec90ee0fcda86d720f2d3dd4eaeb338fcf97c6fe847daaeb7fbab893f61c1fd
                                                                      • Instruction ID: bb6779f0296397de73048fca760287caff79cfb03b603f7f04869123f0978e68
                                                                      • Opcode Fuzzy Hash: 4ec90ee0fcda86d720f2d3dd4eaeb338fcf97c6fe847daaeb7fbab893f61c1fd
                                                                      • Instruction Fuzzy Hash: C011076AB09E8681EB448F66E9441382370FB89FB4F5450B3D95E47675CE2CE8648700
                                                                      Function 00007FFE1A46DC44 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
                                                                      • String ID: <no description>$|i:FormatError
                                                                      • API String ID: 935104296-1632374824
                                                                      • Opcode ID: ae2a3e3d7810cbe8b5e1d388a1290b2cf62895a8f4eec3b0704cd899090d099a
                                                                      • Instruction ID: ac748328c454d24db397b41473f61c95eb6acdc88f0801b629c2cbaac9b85e5c
                                                                      • Opcode Fuzzy Hash: ae2a3e3d7810cbe8b5e1d388a1290b2cf62895a8f4eec3b0704cd899090d099a
                                                                      • Instruction Fuzzy Hash: 800169A5B09E86C2EA548F63B90407962B1AF88FB0B1452F2D97E433F4DF2CD4648600
                                                                      Function 00007FFE1A46DCD4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
                                                                      • String ID: O&:FreeLibrary
                                                                      • API String ID: 204461231-2600264430
                                                                      • Opcode ID: e9e87786d3b7cf9423ab55f62eb958795121b2b1bd753bd212fff7caec6f0ec9
                                                                      • Instruction ID: aa466926284417cbdc1f8fde61e5bfa74c3e298ab26c8561255a73b7500bbbef
                                                                      • Opcode Fuzzy Hash: e9e87786d3b7cf9423ab55f62eb958795121b2b1bd753bd212fff7caec6f0ec9
                                                                      • Instruction Fuzzy Hash: 0101DB25B09E8792EB509BA3A8444792370EFC4FB5B5450F2DA9E47674DE2CE4A98300
                                                                      Function 00007FFE13337438 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_DeallocErr_ParseSizeStringTuple_if_nametoindex
                                                                      • String ID: O&:if_nametoindex$no interface with this name
                                                                      • API String ID: 3052430728-3835682882
                                                                      • Opcode ID: e026dcb563e0df01f72e14d6a0c3fe94de4010cd6d94e3fa4825030877b9dc2b
                                                                      • Instruction ID: d9b987b70868e10fce89d346ebd71f2c5c79d2f7b1230a9de3110fc496256d7c
                                                                      • Opcode Fuzzy Hash: e026dcb563e0df01f72e14d6a0c3fe94de4010cd6d94e3fa4825030877b9dc2b
                                                                      • Instruction Fuzzy Hash: 8E014864A08E0399EB118F63E894579A760FFA8F74F108471D56E56734DF3CE4888708
                                                                      Function 00007FFE1A46A960 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: String$Size$AttrBuildBytes_Err_FromObject_Value_
                                                                      • String ID: O(O(NN))$__dict__$ctypes objects containing pointers cannot be pickled
                                                                      • API String ID: 1770468409-724424928
                                                                      • Opcode ID: 5835acb70b1cdd8657103eff01fe12a96a0d5ce8700e560981c4e7379d111307
                                                                      • Instruction ID: feb5828b841d28a0f0417f872233fc4e8eb066073c2755814a119e0844b47ccd
                                                                      • Opcode Fuzzy Hash: 5835acb70b1cdd8657103eff01fe12a96a0d5ce8700e560981c4e7379d111307
                                                                      • Instruction Fuzzy Hash: 1A01D369B09E8281EA019B97E45407963B0FB88FA8F5444F3DE5D47274DE3CE5688200
                                                                      Function 00007FFE133371B4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                      • String ID: htons: Python int too large to convert to C 16-bit unsigned integer$htons: can't convert negative Python int to C 16-bit unsigned integer$i:htons
                                                                      • API String ID: 1102113319-997571130
                                                                      • Opcode ID: 59fc447ae3104a97a1f11f9be9c466e883b4386f35df6e63ead78fa640ee22eb
                                                                      • Instruction ID: 3cdef1db440c289b9a4974d234de060ded4abfe78e4a544c4aeca01f471d4257
                                                                      • Opcode Fuzzy Hash: 59fc447ae3104a97a1f11f9be9c466e883b4386f35df6e63ead78fa640ee22eb
                                                                      • Instruction Fuzzy Hash: D9F06D20E0CE0399EA058B17EC80078A3A0BF65FA5F90C0B1D96EEA570CE2CE449D308
                                                                      Function 00007FFE1333782C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 26networkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_Err_FromLongLong_ParseSizeStringTuple_Unsignedhtons
                                                                      • String ID: i:ntohs$ntohs: Python int too large to convert to C 16-bit unsigned integer$ntohs: can't convert negative Python int to C 16-bit unsigned integer
                                                                      • API String ID: 1102113319-2476431691
                                                                      • Opcode ID: 7f5bc0dc660033cc886ebd74c15108f7088b2d4ef95c272559391fc29ebaac56
                                                                      • Instruction ID: 20f3802495f10d9c25e33990e909b13dd9d8dc9697a99d764ca436c3651c9831
                                                                      • Opcode Fuzzy Hash: 7f5bc0dc660033cc886ebd74c15108f7088b2d4ef95c272559391fc29ebaac56
                                                                      • Instruction Fuzzy Hash: 4AF06220E08E4399EE149B13E881178A3A0FF64F66F90C4B2D56EAF570CE3CE448D308
                                                                      Function 00007FFE1A5027CC Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort$AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1501936508-0
                                                                      • Opcode ID: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                      • Instruction ID: 47ef0c653916a15149fcbb8f72d48e3042ded81818af20bd2d1d737d57c96d53
                                                                      • Opcode Fuzzy Hash: ad7bbbe6b4c289a22ae1e43e79ef4439cf3ee9b14764b2eff01f06dd25f3f236
                                                                      • Instruction Fuzzy Hash: BC518C61F0EF4291EA658B57964463DA395AF46FE0F0988FBDB4D067A5DF3CE4818300
                                                                      Function 00007FFE1A5025E8 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort$AdjustPointer
                                                                      • String ID:
                                                                      • API String ID: 1501936508-0
                                                                      • Opcode ID: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                      • Instruction ID: 0313455d718bd80e0950d267e912fd77e79d09b95085191bdfffecd24d313407
                                                                      • Opcode Fuzzy Hash: d386002f74db6febb42ef9b4bac4e43e25a554ab645870d9c47f674d5a84533b
                                                                      • Instruction Fuzzy Hash: E3519C61B0EE4281EA669B13924463D6794AF66FE4F0984FBCF4E067B5DF3CE4428300
                                                                      Function 00007FFE1A462880 Relevance: 12.1, APIs: 8, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Tuple_
                                                                      • String ID:
                                                                      • API String ID: 828192933-0
                                                                      • Opcode ID: 260dd919d04a12d52b850fc433647d962490dc81248c72f481b6248faeb48928
                                                                      • Instruction ID: 546627b18fa28d857a5473c59618b454377cd1f262c3b349251b9e257c9756ed
                                                                      • Opcode Fuzzy Hash: 260dd919d04a12d52b850fc433647d962490dc81248c72f481b6248faeb48928
                                                                      • Instruction Fuzzy Hash: 0B415036F09F4281EA659B57A94423963A0BB89FA4F1801F6DD5E53764EF3CE864C700
                                                                      Function 00007FFE1A463DAC Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocDict_$Object_$AttrCallContainsErr_ErrorItemMakeOccurredState_ThreadUpdateWith
                                                                      • String ID:
                                                                      • API String ID: 4191123644-0
                                                                      • Opcode ID: 37b25129572d56af5e209b9dd537e762dda2142b9a9600d5243f7ad24e191cb2
                                                                      • Instruction ID: 74e92b21f247474b7f63eaa6ca9fb19ed6811f57cd335413a5a5a378a6d73264
                                                                      • Opcode Fuzzy Hash: 37b25129572d56af5e209b9dd537e762dda2142b9a9600d5243f7ad24e191cb2
                                                                      • Instruction Fuzzy Hash: 1141F635B09F8281FA958B67A9442B923B0AF45FB5F4841F6C96E476B4DF2CF4A48310
                                                                      Function 00007FFE1A464B58 Relevance: 12.1, APIs: 8, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc
                                                                      • String ID:
                                                                      • API String ID: 3617616757-0
                                                                      • Opcode ID: 653c1dbf14252d20880f343312dd9d4cfc8eb31284f75e679a4cb5271b1b47cf
                                                                      • Instruction ID: 6c4a1087afa73bc4a907f5e054028f59266431aede4a09fc1d565d16ac3a42b3
                                                                      • Opcode Fuzzy Hash: 653c1dbf14252d20880f343312dd9d4cfc8eb31284f75e679a4cb5271b1b47cf
                                                                      • Instruction Fuzzy Hash: B5312F76F09D0181FF588FA2DA5437823B9AB59F7AF1444F6CA1E860A2CF2D99248300
                                                                      Function 00007FFE1A505520 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader_local_unwind
                                                                      • String ID: MOC$RCC$csm$csm
                                                                      • API String ID: 2627209546-1441736206
                                                                      • Opcode ID: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                      • Instruction ID: 1758713247aa8e0c1992511bf64ba4049e174c5861cfa275b553098870f1becd
                                                                      • Opcode Fuzzy Hash: 385ada566cdd30ad99b7ac5e1d5c8025a7264eea7c22efa234297d7bd0e399d8
                                                                      • Instruction Fuzzy Hash: E7517172B0DA1186EA609F36920137D76A1FF46FA8F1484F3EA4D46765DF3CE4818B01
                                                                      Function 00007FFE1A46BDF8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc
                                                                      • String ID: wrong type
                                                                      • API String ID: 3617616757-2191655096
                                                                      • Opcode ID: 5067f860cfda727525ad9a3feb9641704e88a886963064d75def82d3d3487281
                                                                      • Instruction ID: 4e65e4b91aa8bec768f847999835535483db0acd0820ec903aa4fc774d78e0a1
                                                                      • Opcode Fuzzy Hash: 5067f860cfda727525ad9a3feb9641704e88a886963064d75def82d3d3487281
                                                                      • Instruction Fuzzy Hash: 0F513B21B49E8281EA549B67E54013963B1AF84FA0F4454F3DA1E877B5EF2CE872C740
                                                                      Function 00007FFE1A50D740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::atol
                                                                      • String ID: `template-parameter$void
                                                                      • API String ID: 2130343216-4057429177
                                                                      • Opcode ID: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                      • Instruction ID: bf8466d2648908bf942b09efa718e358e5017838c22f6437c8463cc42048686f
                                                                      • Opcode Fuzzy Hash: 2821a58495c29764098872c6b010649cccddcb6c42941e500fb92a9452cac6b1
                                                                      • Instruction Fuzzy Hash: 9B414B62F0CF5688FB009BA6D9512BD23B1BF06BA8F5400B6CE0D17A65DF7CA509C340
                                                                      Function 00007FF7A6A2B840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8C5
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8D3
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B8FD
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B943
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7A6A2BAF2,?,?,?,00007FF7A6A2B7EC,?,?,?,?,00007FF7A6A2B515), ref: 00007FF7A6A2B94F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: 48b67a74d85e31ea8ec5d20d3c27ddec44294363bcc338e396e2b3cfbbcdd5fe
                                                                      • Instruction ID: 44475ae4e06f8e82f66c96dd16599941b15907c6e4f2694c4f06bde8f87c3c87
                                                                      • Opcode Fuzzy Hash: 48b67a74d85e31ea8ec5d20d3c27ddec44294363bcc338e396e2b3cfbbcdd5fe
                                                                      • Instruction Fuzzy Hash: E531C562B0BA4286EE11AB22AC00D76A295BF55FA8FDB0535DE1D17770FF3CE0508320
                                                                      Function 00007FFE1A508624 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                      • API String ID: 2943138195-2211150622
                                                                      • Opcode ID: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                      • Instruction ID: 5f8d66afc1fe08a68e77c32d29439026ca4c0311b82a64cb2419592df27fd6b8
                                                                      • Opcode Fuzzy Hash: 16d5b7056506ac1aa3be62c87a897449e0af35361c1a5b370ad614f7e7c3f2e7
                                                                      • Instruction Fuzzy Hash: 4C414A72B0CF4688FB028B26D9406BC3BB1BB0AB68F4441B2DA4D13768DF3CA544C750
                                                                      Function 00007FFE1A50A31C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: char $int $long $short $unsigned
                                                                      • API String ID: 2943138195-3894466517
                                                                      • Opcode ID: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                      • Instruction ID: 95f632c85c99973083f7f265d79f434f2ee6c8e252d97f6bf4163bdef76b31a3
                                                                      • Opcode Fuzzy Hash: 1a667bf595c3f0eddcec5e75b1b20bf055c895b242c78c01af1086ecda962d52
                                                                      • Instruction Fuzzy Hash: 6F417B72B1CE5689E7118F6AE9441BC37B1BB0AB64F4482F2CB0C12BA8DF3C9544C710
                                                                      Function 00007FF7A6A268F0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A2692A
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?), ref: 00007FF7A6A269B0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                      • API String ID: 1717984340-876015163
                                                                      • Opcode ID: 3aafe192094937aaaf8429a9d9dfc84865d4b16f162db952763c6ab80b752e43
                                                                      • Instruction ID: 62d7794163218d92b918af89f13480e92f08b12a6850726365a8708f8226f61b
                                                                      • Opcode Fuzzy Hash: 3aafe192094937aaaf8429a9d9dfc84865d4b16f162db952763c6ab80b752e43
                                                                      • Instruction Fuzzy Hash: 2C219325B0AA8281EB11EB29FC0046BE761EB88FD4B994531DB4C53B79FF2CE5518710
                                                                      Function 00007FFE1A451090 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocModule_State
                                                                      • String ID:
                                                                      • API String ID: 1903735390-0
                                                                      • Opcode ID: b70ead6c4f6d0bc33db7f7d360b1085df2f8b8156efbe9c4888d8ffe5bf90243
                                                                      • Instruction ID: 01c4509dfeef6febdf767e0db8f010a5a58cc098269e5f7028dcd691e9f247b9
                                                                      • Opcode Fuzzy Hash: b70ead6c4f6d0bc33db7f7d360b1085df2f8b8156efbe9c4888d8ffe5bf90243
                                                                      • Instruction Fuzzy Hash: BC21F8B1F09F8282EE69BF77996413922E4EF59F78F5480F2D64E46564CF2DA461C300
                                                                      Function 00007FFE1A46D90C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Arg_FormatNumber_OccurredSsize_tTupleUnpack
                                                                      • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                                                      • API String ID: 169608245-1446499295
                                                                      • Opcode ID: eac2d90a113cccc6431d0733b7c65b5a8e008306fe017748408ac72bf9b28b76
                                                                      • Instruction ID: 7c8709039dfcddc20e08e7bfab6a71544eb74a305abea2393df9bba9efb7aa14
                                                                      • Opcode Fuzzy Hash: eac2d90a113cccc6431d0733b7c65b5a8e008306fe017748408ac72bf9b28b76
                                                                      • Instruction Fuzzy Hash: 93212826719E4281EB109B63D44027863A0FBC8FB4F5506B6DAAD873A0EF7CD568C300
                                                                      Function 00007FFE1A46B8F4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyDict_GetItemWithError.PYTHON310(?,?,00000000,00007FFE1A4684B6), ref: 00007FFE1A46B935
                                                                      • PyErr_Occurred.PYTHON310(?,?,00000000,00007FFE1A4684B6), ref: 00007FFE1A46B944
                                                                      • PyErr_Format.PYTHON310(?,?,00000000,00007FFE1A4684B6), ref: 00007FFE1A46B975
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Dict_ErrorFormatItemOccurredWith
                                                                      • String ID: not enough arguments$required argument '%S' missing
                                                                      • API String ID: 62204369-3448764933
                                                                      • Opcode ID: cb3f55833037cd011e3ead7e68d678fb0721fd3c8a12dc37b30af6105a71656b
                                                                      • Instruction ID: 28166b0d1a68741f09798f0b444f238ec343565529f0bd16b5ed6d3605b48c17
                                                                      • Opcode Fuzzy Hash: cb3f55833037cd011e3ead7e68d678fb0721fd3c8a12dc37b30af6105a71656b
                                                                      • Instruction Fuzzy Hash: D3114C25B4AE8281EA558F57E540138A370EF84FE4F2894F2CA6D07774DF3CE4668700
                                                                      Function 00007FFE1A46EAA8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CharErr_FormatUnicode_Wide
                                                                      • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                                                      • API String ID: 2195588020-2061977717
                                                                      • Opcode ID: 927c769d6cf1f2c515e0b36d9d569cbb609d7734d011bda820a197404d03d8c1
                                                                      • Instruction ID: fb668144e2e930997bafbcfb8a52d690f9097f3bed3d6fd078fbefcf3329bc63
                                                                      • Opcode Fuzzy Hash: 927c769d6cf1f2c515e0b36d9d569cbb609d7734d011bda820a197404d03d8c1
                                                                      • Instruction Fuzzy Hash: 87119D64B09E8281EA508B57E84113523A0FF88FF4F2452B7EE2E43BB4DE7CE4658300
                                                                      Function 00007FFE13336ABC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditFreeMem_ParseSizeSys_Tuple_
                                                                      • String ID: et:gethostbyname$idna$socket.gethostbyname
                                                                      • API String ID: 3195760359-1353326193
                                                                      • Opcode ID: 962fe94ee7a13641432fd05f7aa2c2a2fef7170eefa66cbd92d158d0eb2e9408
                                                                      • Instruction ID: e5e2379ff603b30d5ddd1b0c513eaafed9720de791eeb5845b9875ef3b7b4167
                                                                      • Opcode Fuzzy Hash: 962fe94ee7a13641432fd05f7aa2c2a2fef7170eefa66cbd92d158d0eb2e9408
                                                                      • Instruction Fuzzy Hash: 77114261B0CE4299EA508B13E8801A5A760FF68FF4F448071D96EA7675DE3CE545CB08
                                                                      Function 00007FFE133377BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                      • String ID: expected int, %s found
                                                                      • API String ID: 3347179618-1178442907
                                                                      • Opcode ID: ac24ca51170a63c4af01985fee6e3b6bec0a86800c7888914f1b8f119ddcdbb0
                                                                      • Instruction ID: 429b49f16023933cd17c9f19056884bc6b9795d3288ef1b0270a99665ffe3f85
                                                                      • Opcode Fuzzy Hash: ac24ca51170a63c4af01985fee6e3b6bec0a86800c7888914f1b8f119ddcdbb0
                                                                      • Instruction Fuzzy Hash: 96F08121E08F028AEA159B27E844178A7A0BF68F71F148575D53E672B0CF3CE48D8308
                                                                      Function 00007FFE13337144 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_LongLong_Unsigned$FormatFromOccurredhtonl
                                                                      • String ID: expected int, %s found
                                                                      • API String ID: 3347179618-1178442907
                                                                      • Opcode ID: 173264ef50ba5d6b72f28103e618304f983dc5ff254c4ebe02928e6154d066f0
                                                                      • Instruction ID: f5cef225b7bc7d79021fb5d9979b5e3e7ecbeb5cccd60c6be4cee582bbc814cf
                                                                      • Opcode Fuzzy Hash: 173264ef50ba5d6b72f28103e618304f983dc5ff254c4ebe02928e6154d066f0
                                                                      • Instruction Fuzzy Hash: A3F08122E08F429AEB149B23E844179A760BF68F75F148575C52E676B0CF3CE48D8308
                                                                      Function 00007FFE1A5062D0 Relevance: 9.1, APIs: 6, Instructions: 84stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                      • String ID:
                                                                      • API String ID: 3741236498-0
                                                                      • Opcode ID: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                      • Instruction ID: 19b99fe084e5dedf67dbaabba4116567ebae6fdae817410542fc4cb14a6d8281
                                                                      • Opcode Fuzzy Hash: 6447550c70440ae48e9dc09acfbe7fa3055870e3a5d625089a78ddc05dba8847
                                                                      • Instruction Fuzzy Hash: D031A121B1DB9190EA118B27A9045BD7390BB0AFF4B6945F6DE2D037A0DE39D442C350
                                                                      Function 00007FFE1A46BFC4 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocDict_$CallErr_FormatFromItemLong_MakeObject_State_SubtypeThreadType_Unicode_Voidstrchr
                                                                      • String ID:
                                                                      • API String ID: 2095050978-0
                                                                      • Opcode ID: 81b9c6c3e129479da600e75450a2198ae52805b30b8a44eb4517562420bb6b58
                                                                      • Instruction ID: d177b55af6db3c3ee5594824fc32678c6808a6366f4eec000fdffc2ce879caf7
                                                                      • Opcode Fuzzy Hash: 81b9c6c3e129479da600e75450a2198ae52805b30b8a44eb4517562420bb6b58
                                                                      • Instruction Fuzzy Hash: D9313E66F0AF4281EE549BA7A55413962B1AF48FF0F1844F2DE2D477A5DF3DE8608304
                                                                      Function 00007FFE13333C98 Relevance: 9.0, APIs: 6, Instructions: 34threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Restore$Err_ErrorFromLastSaveWindowsioctlsocket
                                                                      • String ID:
                                                                      • API String ID: 863680558-0
                                                                      • Opcode ID: 3e82287d503ae1b492a5fd0c303be04e5a7e0774e2b505a9d8835caa94dc4d88
                                                                      • Instruction ID: 6ef9b8a2dd7a2eeb4820df58c6958f93021a62d62edd5315cc7f10f2c16b2c31
                                                                      • Opcode Fuzzy Hash: 3e82287d503ae1b492a5fd0c303be04e5a7e0774e2b505a9d8835caa94dc4d88
                                                                      • Instruction Fuzzy Hash: AA014F21B18F4286E3109B67E844029AAA0FF98FF1B508170E92E97B34DE3CD4D98714
                                                                      Function 00007FFE13336420 Relevance: 9.0, APIs: 6, Instructions: 33threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_LongThread$Err_ErrorLastLong_OccurredRestoreSaveclosesocket
                                                                      • String ID:
                                                                      • API String ID: 586723380-0
                                                                      • Opcode ID: dcde00a5102474fa53e95d272241988d587e48e4888c8782cd2820dde24e142e
                                                                      • Instruction ID: 9b8cf653bb0d4997b003062b4c5324d1b396cb8e05825f83f62a883aeb2e52a2
                                                                      • Opcode Fuzzy Hash: dcde00a5102474fa53e95d272241988d587e48e4888c8782cd2820dde24e142e
                                                                      • Instruction Fuzzy Hash: 5D013650E1CE024DFA4457A3A9880349790AF38FB1F0486B4C93E673F4DE3CA0C85219
                                                                      Function 00007FFE1A5038A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 2889003569-2084237596
                                                                      • Opcode ID: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                      • Instruction ID: c9e61cb6b22ed3791b5badbfb49ded022c29da103619b177bd42fdd539e53ddf
                                                                      • Opcode Fuzzy Hash: 63425386b35f735f5eb303e83bfbe55818570f32e5447e3767ff35a3eaf3afb3
                                                                      • Instruction Fuzzy Hash: A2918F73B08B858AE710CB66E9802BD7BA0F745BA8F1441AAEF8D17765DF38D195C700
                                                                      Function 00007FFE1A50BB70 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                      • API String ID: 2943138195-757766384
                                                                      • Opcode ID: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                      • Instruction ID: 7609fe71f7dc39ba3e1057d383d2c99989b8fb53955a13bd763d9b456696760a
                                                                      • Opcode Fuzzy Hash: 8ec89114dc1e92fb087ff84a90b975bd849231731579a14e6ae3ff20f009c8f1
                                                                      • Instruction Fuzzy Hash: D7714CB2B0CE4684EB148F26DA951BC66A5BB06FA4F4545F7DA4D07AB9DF3CE250C300
                                                                      Function 00007FFE1A503690 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CallEncodePointerTranslator
                                                                      • String ID: MOC$RCC
                                                                      • API String ID: 2889003569-2084237596
                                                                      • Opcode ID: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                      • Instruction ID: aff6c9e4d9a80398a8a81c9936202d4054776776852a104f3382a9aff2efa0d4
                                                                      • Opcode Fuzzy Hash: bda6881e4fb6ddd96fb50e60b72b5d1eaa618bcc944dda4a5bc0b193bb5b3b27
                                                                      • Instruction Fuzzy Hash: C4616C76A09B858AE724CF66D1403BE7BA0FB45BA8F1441A6EF4D13B65CF38E145C700
                                                                      Function 00007FFE1A461FC0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyMem_Malloc.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00007FFE1A4634B6), ref: 00007FFE1A46200D
                                                                      • PyMem_Free.PYTHON310(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00007FFE1A4634B6), ref: 00007FFE1A4620FB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_$FreeMalloc
                                                                      • String ID: %zd)$%zd,
                                                                      • API String ID: 3308143561-2233965340
                                                                      • Opcode ID: 5d3a544d40be431777f22e6b6d0c932b3fc66177c8cbc81da6e0854301d62791
                                                                      • Instruction ID: 92b6b078720c57726ef80c5cc41dba0aec2d75d0ca908b832d4963e9f9a918b7
                                                                      • Opcode Fuzzy Hash: 5d3a544d40be431777f22e6b6d0c932b3fc66177c8cbc81da6e0854301d62791
                                                                      • Instruction Fuzzy Hash: 9441CE66B0DBC291EB018F16A4102B9A7A1EB49FF4F8801B2DA6D473A1EF3DD456C300
                                                                      Function 00007FFE1A461D54 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$CallDict_MakeMallocMem_Object_State_ThreadUpdate
                                                                      • String ID: X{}
                                                                      • API String ID: 2132986372-2140212134
                                                                      • Opcode ID: 1db0609401bfa6f24e1d6477b8911ce9166bd1435a5217ac91940b170ccae63a
                                                                      • Instruction ID: 594eb047417749a42704739bff7c911488d5196dbf748cb416950c44f1d23466
                                                                      • Opcode Fuzzy Hash: 1db0609401bfa6f24e1d6477b8911ce9166bd1435a5217ac91940b170ccae63a
                                                                      • Instruction Fuzzy Hash: 0B214F31B09F8280EA588B67E94417963A4AF45FB0F0841F6DA6E477B5DE3CE4618300
                                                                      Function 00007FFE1A46A33C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$FormatInstanceObject_String
                                                                      • String ID: Pointer does not support item deletion$expected %s instead of %s
                                                                      • API String ID: 341772743-2046472288
                                                                      • Opcode ID: 50b7da5d8fc31d35383397ebd4c24d79e4a6f1c6e36357d9ff3e36d044abf5d4
                                                                      • Instruction ID: 41138c363c5bcba042843c261de9938b54173e7a89b8125c9c1ec6c3190135fa
                                                                      • Opcode Fuzzy Hash: 50b7da5d8fc31d35383397ebd4c24d79e4a6f1c6e36357d9ff3e36d044abf5d4
                                                                      • Instruction Fuzzy Hash: 27210865B09E8281EA549B67E8500B923B0FB85FE4F1455F3DE2E477B6DE3CE4A18200
                                                                      Function 00007FFE1A46DB6C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                                                      • String ID: OO:CopyComPointer
                                                                      • API String ID: 1908940310-822416302
                                                                      • Opcode ID: 43b6c045fbc962edecd0023d21be5c8685505487c3e1e16c13a6f9cc87ce70ee
                                                                      • Instruction ID: 430c1f5a999c9863e571338d3c4bba1ef04b43cc60f2c4a8352116ceaab6ca1b
                                                                      • Opcode Fuzzy Hash: 43b6c045fbc962edecd0023d21be5c8685505487c3e1e16c13a6f9cc87ce70ee
                                                                      • Instruction Fuzzy Hash: 10213236B09F4685EB158FB298401BD2371BB48FB8F0845B3DA6D57668CE3CE4A98340
                                                                      Function 00007FFE1A465688 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dict_Err_NextString
                                                                      • String ID: args not a tuple?$too many initializers
                                                                      • API String ID: 1977209248-2791065560
                                                                      • Opcode ID: 40ef30878746c9bb891a526aec61a71148d8de2771755a6fd1552cebfba2ec4d
                                                                      • Instruction ID: db78ee1c824d74b0c203bb6c8c7f8eb3cd3639e424a5c24b5a8310756a237027
                                                                      • Opcode Fuzzy Hash: 40ef30878746c9bb891a526aec61a71148d8de2771755a6fd1552cebfba2ec4d
                                                                      • Instruction Fuzzy Hash: 82212C65B08E8281EA508B56E5403B96370EB44FF4F1446F3D96D83AF9CF6CD4A58640
                                                                      Function 00007FFE1A46E01C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                                                      • String ID: ctypes.set_errno
                                                                      • API String ID: 928689845-1564666054
                                                                      • Opcode ID: 2debfe8a38c558e25e427f93be628a976c1015c4ab9edec313d2f5ad85348a86
                                                                      • Instruction ID: 4c57afbe87cf8ae91864ae1b5db80ce3fb04fe5efa8761b4a3b29fb65a8d3492
                                                                      • Opcode Fuzzy Hash: 2debfe8a38c558e25e427f93be628a976c1015c4ab9edec313d2f5ad85348a86
                                                                      • Instruction Fuzzy Hash: 091177A1B19E5281EB544B92E88507923B0EF85FA0F5450F6DD1D473B0DE2DD9A58740
                                                                      Function 00007FFE1A46E0C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                                                      • String ID: ctypes.set_last_error
                                                                      • API String ID: 928689845-913187751
                                                                      • Opcode ID: 0ce0ef7b6c31cb38b66a10875a3656d80b3d70d0f6d47bfed2bed983abb0a406
                                                                      • Instruction ID: 5c4ea403eba0855dfe0f70f26e93a583caa1d04792ac3d95b2d7bad9584c365e
                                                                      • Opcode Fuzzy Hash: 0ce0ef7b6c31cb38b66a10875a3656d80b3d70d0f6d47bfed2bed983abb0a406
                                                                      • Instruction Fuzzy Hash: B61173A1B19E5281EA548B93E8851B923B0EF85FA0F4440F6DE1D473B0DF2DE9A58740
                                                                      Function 00007FFE1A46B804 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_FormatSubtypeType_Unicode_strchr
                                                                      • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                                                      • API String ID: 3500358371-2360062653
                                                                      • Opcode ID: 8e0b770ef08d19d184e794c9d31c98dc2fc1f62e03699224ff351d809f5fd76a
                                                                      • Instruction ID: 20a123e26ebb07d08afed791082bc589ffd07d125b78d8d6cd2cde75b2f22071
                                                                      • Opcode Fuzzy Hash: 8e0b770ef08d19d184e794c9d31c98dc2fc1f62e03699224ff351d809f5fd76a
                                                                      • Instruction Fuzzy Hash: 4E11FE25B48E8281EA549B67E84027823B0EF85FA8F5850F3DD1D476B5DF3CE465C740
                                                                      Function 00007FFE1A46C0E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_FormatSubtypeType_Unicode_strchr
                                                                      • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                                                      • API String ID: 3500358371-1038790478
                                                                      • Opcode ID: 0c1146253e6eaaaa919a9e5101da22becf1f218286d778bc1600679a92d16e82
                                                                      • Instruction ID: eba73bd67df1129535107cbedecd6425ae30b28a3cbea4774c18940b794c4272
                                                                      • Opcode Fuzzy Hash: 0c1146253e6eaaaa919a9e5101da22becf1f218286d778bc1600679a92d16e82
                                                                      • Instruction Fuzzy Hash: AF11FBA5F09E8291EE149B6398502B423A0AF99FA4F4440F3C91E472B1EF2CE8658745
                                                                      Function 00007FFE13335C50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Buffer_ErrorLastRelease$Arg_CheckErr_FromLong_ParseSignalsSizeSsize_tTuple_
                                                                      • String ID: y*|i:send
                                                                      • API String ID: 3302300731-3140140677
                                                                      • Opcode ID: 9ef127b377e6f80717c9197eb44539f3ff6fac11afc469a7884062c12b7fcd19
                                                                      • Instruction ID: 672c1a51b4c9c26bbff13b230dfc3f0fc3361955d26b62e04fe2e38540b7f0f6
                                                                      • Opcode Fuzzy Hash: 9ef127b377e6f80717c9197eb44539f3ff6fac11afc469a7884062c12b7fcd19
                                                                      • Instruction Fuzzy Hash: CA111C72608F458AE7108F52E4443AAB7A0FB98B98F104172DA9D97764DF3DD548CB44
                                                                      Function 00007FFE1A4656DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Dict_Err_ItemUnraisableWrite
                                                                      • String ID: on calling _ctypes.DictRemover
                                                                      • API String ID: 2766432985-2232269487
                                                                      • Opcode ID: e3bb88b436c808a8d6b62466e2a6e547d1313f165b8750445e399d7f1b70e2c3
                                                                      • Instruction ID: 9df6d3b96033f00aaf7ed800a0dd16201fa6c010526c18210e17044cfc1db82c
                                                                      • Opcode Fuzzy Hash: e3bb88b436c808a8d6b62466e2a6e547d1313f165b8750445e399d7f1b70e2c3
                                                                      • Instruction Fuzzy Hash: 6B016D7AB0AE02C1EA5D8FB6D95437822B1AF94F75F1405F2C92D4A1B0CF2DD8619380
                                                                      Function 00007FFE1A464E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyObject_GetAttrString.PYTHON310(?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464EA0
                                                                      • PyDict_New.PYTHON310(?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464EB2
                                                                      • PyErr_NewException.PYTHON310(?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464ED0
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653CE
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653E3
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4653FB
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46541E
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465444
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46546A
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465490
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4654B6
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4654DC
                                                                        • Part of subcall function 00007FFE1A4653A8: PyType_Ready.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465502
                                                                        • Part of subcall function 00007FFE1A4653A8: PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465528
                                                                        • Part of subcall function 00007FFE1A4653A8: PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46554E
                                                                        • Part of subcall function 00007FFE1A4653A8: PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465574
                                                                        • Part of subcall function 00007FFE1A4653A8: PyModule_AddType.PYTHON310(?,?,?,00007FFE1A464EEA,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46559A
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F39
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F71
                                                                        • Part of subcall function 00007FFE1A464F18: PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464F97
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FB6
                                                                        • Part of subcall function 00007FFE1A464F18: PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FD9
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A464FF8
                                                                        • Part of subcall function 00007FFE1A464F18: PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46501E
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A46503D
                                                                        • Part of subcall function 00007FFE1A464F18: PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465063
                                                                        • Part of subcall function 00007FFE1A464F18: PyModule_AddObjectRef.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A465082
                                                                        • Part of subcall function 00007FFE1A464F18: PyLong_FromLong.PYTHON310(?,?,?,00007FFE1A464F04,?,?,00000000,00007FFE1A464E78), ref: 00007FFE1A4650A8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Module_ReadyType_$Object$FromLongLong_$Type$AttrDict_Err_ExceptionObject_String
                                                                      • String ID: _unpickle$ctypes.ArgumentError
                                                                      • API String ID: 4217053054-165408235
                                                                      • Opcode ID: e1842b95ea9a8d9577c219e0817e896479c3e2e7d35d4c7ce31fdc373fa24878
                                                                      • Instruction ID: 03deb5127f8a646f81ca375e57ffc801e3cb9dc00f2f4139c1e994a6415276bd
                                                                      • Opcode Fuzzy Hash: e1842b95ea9a8d9577c219e0817e896479c3e2e7d35d4c7ce31fdc373fa24878
                                                                      • Instruction Fuzzy Hash: 9F01DA24F1AF4381FE599BA3A95413522A56F49F71F5409F7C82D437B1EEBCE4B18210
                                                                      Function 00007FFE1A46B2DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FormatFromUnicode_$Dealloc
                                                                      • String ID: %s(%R)$<%s object at %p>
                                                                      • API String ID: 1714529502-296555854
                                                                      • Opcode ID: 8282f8f9e7971e483feb74c1bb2541ac17a6a42b6884d75faa0feefceb87eaf3
                                                                      • Instruction ID: f13464c408b2f85da64e9eb02b035c6751a49c4b85d7f5c64d912fdc69c305dd
                                                                      • Opcode Fuzzy Hash: 8282f8f9e7971e483feb74c1bb2541ac17a6a42b6884d75faa0feefceb87eaf3
                                                                      • Instruction Fuzzy Hash: CA010C66B19E86C1EA548B57E58017963B0FB58FE4B4890B6CE1D073B5DE38E8A5C300
                                                                      Function 00007FFE1A46C8AC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_File_ObjectPrintS_vsnprintfStringSys_Write
                                                                      • String ID: stderr
                                                                      • API String ID: 1103062482-1769798200
                                                                      • Opcode ID: 2296bcd74dd1bb020ae133aad5f926a4cb22a7118644a7b9f3efaa0a3f7e32db
                                                                      • Instruction ID: b27c5ea21bd5d6664ec4d90f9361824a8ef3c299a6d078a524d560c6b2ea362a
                                                                      • Opcode Fuzzy Hash: 2296bcd74dd1bb020ae133aad5f926a4cb22a7118644a7b9f3efaa0a3f7e32db
                                                                      • Instruction Fuzzy Hash: 0F010826B19E8182EA208B52F8993B973B4FB98F60F4401B6C99D47374DF3CE169C650
                                                                      Function 00007FFE1A46F484 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Format$memcpy
                                                                      • String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
                                                                      • API String ID: 437140070-1985973764
                                                                      • Opcode ID: b479e6c739023fff5eb3e21608782db4c2918b6f528dc39cec49d2076ef81d98
                                                                      • Instruction ID: 391fd20621d3f285f4f8892c829024059b73efb307b484b9bea683fe8201fbb7
                                                                      • Opcode Fuzzy Hash: b479e6c739023fff5eb3e21608782db4c2918b6f528dc39cec49d2076ef81d98
                                                                      • Instruction Fuzzy Hash: 79012165F09E8685EA508B57D8812782370EBA5F74F6052F3C56E536F1CE2CA0698300
                                                                      Function 00007FFE1A46D784 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditErr_StringSubtypeSys_Type_
                                                                      • String ID: (O)$ctypes.addressof$invalid type
                                                                      • API String ID: 288810468-3457326693
                                                                      • Opcode ID: 31af9faf201b5cf045f9c8d91b2f0f18951826f4bc9d5660ac394f03dd287168
                                                                      • Instruction ID: 66adae1349d39e11346e8f9c0f1942430a75e5526ce36ab1ddf69781cfdf94c7
                                                                      • Opcode Fuzzy Hash: 31af9faf201b5cf045f9c8d91b2f0f18951826f4bc9d5660ac394f03dd287168
                                                                      • Instruction Fuzzy Hash: BDF01255B09E4781FB149BA7E8910742365EF84FB4F4450F3C91D8B271EE2CE5B58340
                                                                      Function 00007FFE1A451120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Module_$FromInternObjectStateStringUnicode_
                                                                      • String ID: close$error
                                                                      • API String ID: 4029360594-371397155
                                                                      • Opcode ID: 2e1e793836c847dcc07dda9d65d842cb9246a3b96f2a853b4a1d3163582bc4b3
                                                                      • Instruction ID: 73bd49f3140b8faed79f56023ec27003ba3e274d3a336c4af6ee21b777724f4d
                                                                      • Opcode Fuzzy Hash: 2e1e793836c847dcc07dda9d65d842cb9246a3b96f2a853b4a1d3163582bc4b3
                                                                      • Instruction Fuzzy Hash: F5F0DAA1F08F4791EA11AB7BB9540752360AF49FA4F4441F3D91D467B0EE2CF464C300
                                                                      Function 00007FFE133321B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Capsule_Pointer
                                                                      • String ID: _socket.CAPI
                                                                      • API String ID: 2597503022-3774308389
                                                                      • Opcode ID: 3df3a4d0675f396c6e3e0212ca7458341213e2739777011c209b6469353341b4
                                                                      • Instruction ID: abc744863ea80c976ecb6fb02d84b422a4d5cf51ba93e23522eeb3c080985ca3
                                                                      • Opcode Fuzzy Hash: 3df3a4d0675f396c6e3e0212ca7458341213e2739777011c209b6469353341b4
                                                                      • Instruction Fuzzy Hash: 3FF01731D09D46C9E6594B6BDC5803CE360BB64F70B18C1B0CA3EAA670CE3CE489C318
                                                                      Function 00007FF7A6A343BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: e93266dcea166d612d818a2edff697e83dd5ae4dc9f6bd616123d7cc6ba02ee9
                                                                      • Instruction ID: 2c3d3e09389676bc68506dff892852a78868e7028192c3aedfd478136d4676be
                                                                      • Opcode Fuzzy Hash: e93266dcea166d612d818a2edff697e83dd5ae4dc9f6bd616123d7cc6ba02ee9
                                                                      • Instruction Fuzzy Hash: 78F03065A1AA0282EB586F20EC98B76D350EF84F44FC51035D60F465B0EF2CE449C360
                                                                      Function 00007FFE1A46D1F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditParseSys_Tuple
                                                                      • String ID: (O)$O&:PyObj_FromPtr$ctypes.PyObj_FromPtr
                                                                      • API String ID: 3491098224-1450318991
                                                                      • Opcode ID: 450c18379f4cbd85097806379ec6e8fa1a742835ad2a2833967405a666f9baac
                                                                      • Instruction ID: 1e9f7e9cc9d4dd365a05f13ea0f8f4878c9d22913284bacf435045e5ce74d9d5
                                                                      • Opcode Fuzzy Hash: 450c18379f4cbd85097806379ec6e8fa1a742835ad2a2833967405a666f9baac
                                                                      • Instruction Fuzzy Hash: A6F01261B08E87D1EA548B93EC801B52370FB81F65F9010F3DA4D47574DE2CE5AAC740
                                                                      Function 00007FFE13334060 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                      • String ID: (is)$host not found
                                                                      • API String ID: 3413694139-3306034047
                                                                      • Opcode ID: ca8109a2df64e3df4213b27e36b148ae7c644aa59b926cad7ead494ecc637f22
                                                                      • Instruction ID: f572d6dda2abbbf7dcc63df3e302a16cc8cc6ddc7f36f92374c0614a3b222cee
                                                                      • Opcode Fuzzy Hash: ca8109a2df64e3df4213b27e36b148ae7c644aa59b926cad7ead494ecc637f22
                                                                      • Instruction Fuzzy Hash: 00E01261F1DF4789FF158BA3A8041B5A390AF68F71F4480B5C82E6A374DE3CE4898348
                                                                      Function 00007FFE13334014 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: BuildDeallocErr_ObjectSizeValue_
                                                                      • String ID: (is)$getaddrinfo failed
                                                                      • API String ID: 3413694139-582941868
                                                                      • Opcode ID: 6469e54e6531ffdb1de6c29f92da29bbcc03698caf1b65743a758ff703ee59ac
                                                                      • Instruction ID: b4b45306b7e5a31167341e634feaf1b950e05e373832208aec24fe2bfe20798f
                                                                      • Opcode Fuzzy Hash: 6469e54e6531ffdb1de6c29f92da29bbcc03698caf1b65743a758ff703ee59ac
                                                                      • Instruction Fuzzy Hash: 79E0ED61F09E4789EF159B63A8080B5A390AF68F75F0480B5C83D6A270DE3DE489C308
                                                                      Function 00007FFE1A509FA4 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::$Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 826178784-0
                                                                      • Opcode ID: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                      • Instruction ID: eedfc7d7aa5fe2710cb9c2deb7d4e516c1edf607ed02f0c212675147c5dbb8ee
                                                                      • Opcode Fuzzy Hash: 7682a6ebcb32bf14f43659220100a1b4a5a4a6e3db385e7ce84af32120df353b
                                                                      • Instruction Fuzzy Hash: 3D413922B0CE9688E710CB22DA901BC37A4BB16FA0B5441F3DA4D537A4DF38E955C300
                                                                      Function 00007FFE1A463BD0 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Dict_FromItemSizeStringUnicode_
                                                                      • String ID:
                                                                      • API String ID: 1315862103-0
                                                                      • Opcode ID: 99031edc8ce34e56276f5c0c81931c3a6ff7817c573d249dc6e588bd1ee95661
                                                                      • Instruction ID: 6b10503ba8aee614cf28fee54fc72129fe93831937787afffc5253781e91ad31
                                                                      • Opcode Fuzzy Hash: 99031edc8ce34e56276f5c0c81931c3a6ff7817c573d249dc6e588bd1ee95661
                                                                      • Instruction Fuzzy Hash: D6213266B0DE82C1FA558F67A95403963B0AF45FB0F1844F6DA1E477A5DF2DF8209300
                                                                      Function 00007FFE1A4526D4 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931114121.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931096853.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931136045.00007FFE1A453000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931157295.00007FFE1A455000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931176809.00007FFE1A456000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a450000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: List_$DeallocItem
                                                                      • String ID:
                                                                      • API String ID: 1559017468-0
                                                                      • Opcode ID: 02a56d324a9c99cc3126ec893ad9dbe1c2afe2b22024179922031beb7f68207c
                                                                      • Instruction ID: 1a41e0fc85700e8a8f9b07c8b2297480eb87a816f051f0eae7bd97a7cc14b663
                                                                      • Opcode Fuzzy Hash: 02a56d324a9c99cc3126ec893ad9dbe1c2afe2b22024179922031beb7f68207c
                                                                      • Instruction Fuzzy Hash: EB2177B2B18E5296EA15AF27A54427967A0FB48FA1F4840B7DB4D42364DF3CE1A6C340
                                                                      Function 00007FF7A6A43844 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _set_statfp
                                                                      • String ID:
                                                                      • API String ID: 1156100317-0
                                                                      • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                      • Instruction ID: 3d77bbef826ce88f34598f582180e1c4b27f678f33a39fe4be3490279779d84f
                                                                      • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                      • Instruction Fuzzy Hash: 1011E723E3EA0341F794312ADC4EF77D1516F54B70FD60634E67E8A2F6AE1CA8409120
                                                                      Function 00007FFE1A464A80 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc
                                                                      • String ID:
                                                                      • API String ID: 3617616757-0
                                                                      • Opcode ID: af0f89ece7e46b178eb49cc81c4b6749a05fcdec0742548db50f9c0b26ea8175
                                                                      • Instruction ID: c1fc5feeb2d3e8407a20a50880c7899cf76ebf46ef8bd9c4b7f82a49a98f5618
                                                                      • Opcode Fuzzy Hash: af0f89ece7e46b178eb49cc81c4b6749a05fcdec0742548db50f9c0b26ea8175
                                                                      • Instruction Fuzzy Hash: 7B211D72B09E4294EF558FB2DA4437C23B5BB55F78F1440F2C91E871A2CF6D68A49314
                                                                      Function 00007FFE13336300 Relevance: 7.5, APIs: 5, Instructions: 39threadnetworkCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Arg_DuplicateParseRestoreSaveSizeSocketTuple_
                                                                      • String ID:
                                                                      • API String ID: 3898289384-0
                                                                      • Opcode ID: 94e5467f8a0f4c55c5377293fbb6459154868d39943b61240b6720ce7289c87f
                                                                      • Instruction ID: eb5ab0091f5240b584717a560afd2c5fda8f694964b48fe058361aa50e6ee4eb
                                                                      • Opcode Fuzzy Hash: 94e5467f8a0f4c55c5377293fbb6459154868d39943b61240b6720ce7289c87f
                                                                      • Instruction Fuzzy Hash: 8B116925A1DF8289EA109763E4843B9B360FFA8FB0F404171D96D57774DF3CE0498604
                                                                      Function 00007FFE133363AC Relevance: 7.5, APIs: 5, Instructions: 34threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Err_Long_OccurredRestoreSaveshutdown
                                                                      • String ID:
                                                                      • API String ID: 24305128-0
                                                                      • Opcode ID: f71b193a9b9afbf9df59ae315ab54bdb54dd44e049814e6b597a2587ff9705d2
                                                                      • Instruction ID: 93967dbcafc42e55b2634f43d19ce402279e1b0e522650985cc2f05f8520cc40
                                                                      • Opcode Fuzzy Hash: f71b193a9b9afbf9df59ae315ab54bdb54dd44e049814e6b597a2587ff9705d2
                                                                      • Instruction Fuzzy Hash: E4011265F18F528AE6149F63B584039A360EF68FB0B048570DA6E57774CF7CE4899308
                                                                      Function 00007FFE1A504044 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A506710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A50239E), ref: 00007FFE1A50671E
                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A5041C3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort
                                                                      • String ID: $csm$csm
                                                                      • API String ID: 4206212132-1512788406
                                                                      • Opcode ID: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                      • Instruction ID: 943c29e3784ab2171389fc1c80ad8a2a21018b4f9516b7a6498e5e240e43bc72
                                                                      • Opcode Fuzzy Hash: a1e41bd14f4dc8a012b9b6851bae8dba3a2639313cd67671a1d4b299b7556132
                                                                      • Instruction Fuzzy Hash: 8371A13270CA8286D7608B12D6507BD7FA0FB16FA8F0481B6EF8C07AA6CB28D451C740
                                                                      Function 00007FFE1A503E1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A506710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A50239E), ref: 00007FFE1A50671E
                                                                      • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A503F13
                                                                      • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFE1A503F23
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                      • String ID: csm$csm
                                                                      • API String ID: 4108983575-3733052814
                                                                      • Opcode ID: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                      • Instruction ID: de0d346edcd9bbb7c407fd47791ed7382e9ca5391cbc5c5cbf27d0f0c3da4cf3
                                                                      • Opcode Fuzzy Hash: 723d316c6bb1492db26d318ced58129fbbb71e04f86aecbd325fb3d3c805e488
                                                                      • Instruction Fuzzy Hash: 48513D32A0CA8286EB648F26964427D76A0FB56FB5F1441B7DB8D47AE6CF3CE451C700
                                                                      Function 00007FFE1A50A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: NameName::
                                                                      • String ID: %lf
                                                                      • API String ID: 1333004437-2891890143
                                                                      • Opcode ID: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                      • Instruction ID: 308295ef2e4306c2877293928210d8ea2f073f02419503d6206b98110f97e239
                                                                      • Opcode Fuzzy Hash: f37b8968dc856f8c22d72c120ca4476383f363961e161f929d9d255907aecf6d
                                                                      • Instruction Fuzzy Hash: 5931A272B0CE8185EA20CB26A95027E6761FB46F94F4482F3EA9D47665CF3CD541C740
                                                                      Function 00007FFE1A46A854 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_Stringmemcpy
                                                                      • String ID: abstract class
                                                                      • API String ID: 4155950771-1623945838
                                                                      • Opcode ID: a78e23d4962bb6cd030e99ab16b39ff453505bd43d513433001f58a9a797e2c3
                                                                      • Instruction ID: e9204db3d048333566625b3f1d87cc4cb5bcf0583ddd30728f922576fea328e0
                                                                      • Opcode Fuzzy Hash: a78e23d4962bb6cd030e99ab16b39ff453505bd43d513433001f58a9a797e2c3
                                                                      • Instruction Fuzzy Hash: FB213936B05F4282EA558F67A45413873B4FB88FA4F1845B6DE6E477A4DF38E4618340
                                                                      Function 00007FFE1A461B2C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A463830: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE1A46387B
                                                                      • PyUnicode_FromStringAndSize.PYTHON310 ref: 00007FFE1A461B90
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FromSizeStringUnicode___stdio_common_vsprintf
                                                                      • String ID: :%x$ctypes object structure too deep
                                                                      • API String ID: 1484205955-3091822184
                                                                      • Opcode ID: bba4aebe1664af8786cb1a6e0e237aa3848b677bbc3a45c028ed981a7eae4c42
                                                                      • Instruction ID: 34be88823f85844530b73b451881f83de83ea50953c83315f29947793e97f96c
                                                                      • Opcode Fuzzy Hash: bba4aebe1664af8786cb1a6e0e237aa3848b677bbc3a45c028ed981a7eae4c42
                                                                      • Instruction Fuzzy Hash: EB215E36718EC691EA208B16E4402B973B0FB88FA0F8451B7DA8D47B64DF3CE165C740
                                                                      Function 00007FFE13334964 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatFromLongLong_RestoreSaveSignalsSys_connect
                                                                      • String ID: connect_ex$socket.connect
                                                                      • API String ID: 3879675179-935070752
                                                                      • Opcode ID: 00071ab73dd0e788985b66020f723eef424d78f554ac4716d67f1b1ccfe08ed2
                                                                      • Instruction ID: dd8bd8d579b8a3ff047d0e8d9d80d5370074e7b273859cc2098f6a16bbd039b1
                                                                      • Opcode Fuzzy Hash: 00071ab73dd0e788985b66020f723eef424d78f554ac4716d67f1b1ccfe08ed2
                                                                      • Instruction Fuzzy Hash: 34115225B0CE8289EA608B53F8117A6A3A0FF64FA0F448072EE9D67675EE2CD144C744
                                                                      Function 00007FFE1A46A7BC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditErr_StringSys_
                                                                      • String ID: abstract class$ctypes.cdata
                                                                      • API String ID: 1384585920-3531133667
                                                                      • Opcode ID: 837e7a77ad6bd9fc138e419f62513356a4c9ae3033ab7ce27d16caa328e1ddbd
                                                                      • Instruction ID: a77bf096f849543c0efcdb65be6bf9c7e731d3e99435a6e6c4fe649eb9367b34
                                                                      • Opcode Fuzzy Hash: 837e7a77ad6bd9fc138e419f62513356a4c9ae3033ab7ce27d16caa328e1ddbd
                                                                      • Instruction Fuzzy Hash: 1F013C21B19F8282EA548B53E55417967B0FB88FE4F0880F6DA1D97724DF3CD861C300
                                                                      Function 00007FFE1A462530 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • bytes or integer address expected instead of %s instance, xrefs: 00007FFE1A466FC7
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Long$Bytes_Long_MaskStringUnsigned
                                                                      • String ID: bytes or integer address expected instead of %s instance
                                                                      • API String ID: 3464282214-706233300
                                                                      • Opcode ID: c9aeb9c2d5500f31c94bb8ba169b44f20e677d5a799ad32133f5e603c2af7101
                                                                      • Instruction ID: 588a4682c3f36dc83ae29429faf64d0a684a6260d1a79d5a48ca8e8c09f758f1
                                                                      • Opcode Fuzzy Hash: c9aeb9c2d5500f31c94bb8ba169b44f20e677d5a799ad32133f5e603c2af7101
                                                                      • Instruction Fuzzy Hash: 1601057AB09E8291EA509F57E8546382370FB88FA4F1088B3DA5E47370CE3CE4658300
                                                                      Function 00007FF7A6A22C60 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF7A6A2275B,?,?,?,?,?,?), ref: 00007FF7A6A22C91
                                                                        • Part of subcall function 00007FF7A6A21CA0: GetLastError.KERNEL32(?,?,00000000,00007FF7A6A264D3,?,?,?,?,?,?,?,?,?,?,?,00007FF7A6A21023), ref: 00007FF7A6A21CC7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastModuleName
                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                      • API String ID: 2776309574-1977442011
                                                                      • Opcode ID: 0d9cf3d378679dbd1fb9667d51636abfbc077fd3e3b2f18ab7ad8f803b545e00
                                                                      • Instruction ID: 075fd2c6e540535d615a18cb3fb56d03c9fb02ea70c22a3de2efedf8bc13ab97
                                                                      • Opcode Fuzzy Hash: 0d9cf3d378679dbd1fb9667d51636abfbc077fd3e3b2f18ab7ad8f803b545e00
                                                                      • Instruction Fuzzy Hash: 8F019E20F5A64280FA61B731DC06BB79292BF48FC4FC20031D94E966B6FE1CF5458620
                                                                      Function 00007FFE1A464D38 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                                                      • String ID: function name must be string, bytes object or integer
                                                                      • API String ID: 2115587880-3177123413
                                                                      • Opcode ID: b8d69d66602aeacc1244655cb42dcc5e26baf7e5fcb16dc7b70d6fc186f6ef51
                                                                      • Instruction ID: 763dd1f3a3a10f87df2c6d536b1226f21422ee1533ccfaf202da584d0edca397
                                                                      • Opcode Fuzzy Hash: b8d69d66602aeacc1244655cb42dcc5e26baf7e5fcb16dc7b70d6fc186f6ef51
                                                                      • Instruction Fuzzy Hash: 7B01A426F1AE4681FF154F77E8441B822A5EF89F74F1480F2C55D876B1EE3DA4A18300
                                                                      Function 00007FFE1A46DD60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditDeallocFromLongLong_Sys_
                                                                      • String ID: ctypes.get_errno
                                                                      • API String ID: 2276389247-2892954555
                                                                      • Opcode ID: 04566ddc82211517b1b655ad1a51e5cd08f56ff33628f192832f7efe3bada2e9
                                                                      • Instruction ID: d8acc395661f36e85091bf266356b96ed0a9630cb7ac0a4429a4f97c4b2d4440
                                                                      • Opcode Fuzzy Hash: 04566ddc82211517b1b655ad1a51e5cd08f56ff33628f192832f7efe3bada2e9
                                                                      • Instruction Fuzzy Hash: 68F08621B19E8281EB04AF57E98017562A0AFD4FA0F4440F2D95E43774DE3CD5A48700
                                                                      Function 00007FFE1A46DDE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditDeallocFromLongLong_Sys_
                                                                      • String ID: ctypes.get_last_error
                                                                      • API String ID: 2276389247-1232113872
                                                                      • Opcode ID: ddea6fa0e520786efcaffebb9d160de3154ee51ce8310e9096c69a12a24cd86d
                                                                      • Instruction ID: 7f9d505b886416406dd759ea5d343ce71fb78724467383286726b5d35fe66685
                                                                      • Opcode Fuzzy Hash: ddea6fa0e520786efcaffebb9d160de3154ee51ce8310e9096c69a12a24cd86d
                                                                      • Instruction Fuzzy Hash: 7CF08621F19E8281EB049B67E94417962A1AFD4FA0F4440B2D95E43764DE2CD5A48700
                                                                      Function 00007FFE1A46DA7C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditCheckFunctionParseResultState_Sys_ThreadTuplememset
                                                                      • String ID: O&O!$ctypes.call_function
                                                                      • API String ID: 516073128-313584727
                                                                      • Opcode ID: a21317263870951fbac73bc6e0ba72c9b8325fb3fb24515e72e71c3df528cfc0
                                                                      • Instruction ID: 944335bc29bffe02052bd458e995e76118153f6191ca4e675a39393d0faa0543
                                                                      • Opcode Fuzzy Hash: a21317263870951fbac73bc6e0ba72c9b8325fb3fb24515e72e71c3df528cfc0
                                                                      • Instruction Fuzzy Hash: 35011B76B28E8681E700CB52E8897BA67A0FB84BA5F4001B3D99C43674DF3CE559C740
                                                                      Function 00007FFE1A46D9E8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Arg_AuditCheckFunctionParseResultState_Sys_ThreadTuplememset
                                                                      • String ID: O&O!$ctypes.call_function
                                                                      • API String ID: 516073128-313584727
                                                                      • Opcode ID: e268e5a8f3db2f45def53c9816bdb2ab0a8536be65b537ab8a17214030eec3df
                                                                      • Instruction ID: 89c7b5afcbfcb54f205695d8d762dc7ecf434af8ce5cb68ad8e87d75054a0a82
                                                                      • Opcode Fuzzy Hash: e268e5a8f3db2f45def53c9816bdb2ab0a8536be65b537ab8a17214030eec3df
                                                                      • Instruction Fuzzy Hash: 1D012D76B1CF8681EB008B52E8457BA6760FB88BA4F4042B3D99C43674DF7CE559C740
                                                                      Function 00007FFE1A464968 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_Long$Long_MaskOccurredStringUnsigned
                                                                      • String ID: cannot be converted to pointer
                                                                      • API String ID: 361506457-3065012988
                                                                      • Opcode ID: 81242fba0ed7ed1f24fa4744b62a879862097fb4e30da8f7dd6c27e9aadd5be2
                                                                      • Instruction ID: 81dd35407d95550f23d03979a56d18fce98e02aef14dddb73e2594b29d029c79
                                                                      • Opcode Fuzzy Hash: 81242fba0ed7ed1f24fa4744b62a879862097fb4e30da8f7dd6c27e9aadd5be2
                                                                      • Instruction Fuzzy Hash: 66012C65B09E8681EE648B67E98073823B1EF88FB4F1494F3D95D077B5DE2CE4A48300
                                                                      Function 00007FFE1A462420 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_String
                                                                      • String ID: _type_ must be a type$_type_ must have storage info
                                                                      • API String ID: 1259552197-214983684
                                                                      • Opcode ID: cec5e89437fa31a8854e594d503930adff6af3e57429f55253c73a0a7fd43a35
                                                                      • Instruction ID: c8d26627c2565460a64b36cb6ceb4c23e91aa24e19f1fb9d190d70ba57b060e9
                                                                      • Opcode Fuzzy Hash: cec5e89437fa31a8854e594d503930adff6af3e57429f55253c73a0a7fd43a35
                                                                      • Instruction Fuzzy Hash: 62014F69F09F4291EA589B57D4502742271BF45FB0F6041F3D92D536B0DF3DA5658300
                                                                      Function 00007FFE1A46B16C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Callable_CheckDeallocErr_String
                                                                      • String ID: the errcheck attribute must be callable
                                                                      • API String ID: 3907376375-3049503998
                                                                      • Opcode ID: 2cba9770467de7cb10880ad80f5b9d45a1e06d91d81f9f5a4d558906db3fc007
                                                                      • Instruction ID: 119ea89316f6258a665d967c2b734b403b252671b9fcf14438445e48d62416b8
                                                                      • Opcode Fuzzy Hash: 2cba9770467de7cb10880ad80f5b9d45a1e06d91d81f9f5a4d558906db3fc007
                                                                      • Instruction Fuzzy Hash: EFF03C65B19E8291EA588B66E95417463B0FF88FF4F1481F2DA2D87664DF2CE8668300
                                                                      Function 00007FFE1A502400 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A506710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A50239E), ref: 00007FFE1A50671E
                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A50243E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abortterminate
                                                                      • String ID: MOC$RCC$csm
                                                                      • API String ID: 661698970-2671469338
                                                                      • Opcode ID: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                      • Instruction ID: 7e0b1cb0463263df28d839e723f889725097258fe45da5b0bdd27cca7ff95f18
                                                                      • Opcode Fuzzy Hash: b838753ef247b2fc749e3877e0128dea9035de62b0ba29f15289213c97603889
                                                                      • Instruction Fuzzy Hash: 0BF0AF36A0CA4282EB505F26E28007C3661FB49FA0F1850F3DB4807672CF7CD4D0C611
                                                                      Function 00007FFE1A469994 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$Long_OccurredStringVoid
                                                                      • String ID: integer expected
                                                                      • API String ID: 1621529885-2140524511
                                                                      • Opcode ID: 618c319c9de7922ae92c64fee56c398ded7edde1b75144e2383f363d8546f464
                                                                      • Instruction ID: a4e8f203c74d9184d0f1dac4c8965b2968248d178db54c930a93c1aab2c916d2
                                                                      • Opcode Fuzzy Hash: 618c319c9de7922ae92c64fee56c398ded7edde1b75144e2383f363d8546f464
                                                                      • Instruction Fuzzy Hash: 40F03069B09E8381EE548B57E9841796371AF88FF0F1494F2D95D47775DE2CE4A88300
                                                                      Function 00007FFE1A50E9E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __C_specific_handler.LIBVCRUNTIME ref: 00007FFE1A50E9F0
                                                                        • Part of subcall function 00007FFE1A50EC30: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FFE1A50ECF0
                                                                        • Part of subcall function 00007FFE1A50EC30: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FFE1A50E9F5), ref: 00007FFE1A50ED3F
                                                                        • Part of subcall function 00007FFE1A506710: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE1A50239E), ref: 00007FFE1A50671E
                                                                      • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFE1A50EA1A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
                                                                      • String ID: csm$f
                                                                      • API String ID: 2451123448-629598281
                                                                      • Opcode ID: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                      • Instruction ID: e755468ba77a810feec6a7152a79b0cbc31307e80d24ba22e5dec0cacd9402cc
                                                                      • Opcode Fuzzy Hash: c9fb23446a5b638453e0304dd207887769bfaeb8010eb75ee95ffcfd07f137de
                                                                      • Instruction Fuzzy Hash: D7E06C75E1CB4141D7205B66B24513D6695BF1AF74F2440FADE4807656CE3CD8D08601
                                                                      Function 00007FFE13335BFC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • <socket object, fd=%ld, family=%d, type=%d, proto=%d>, xrefs: 00007FFE13335C15
                                                                      • no printf formatter to display the socket descriptor in decimal, xrefs: 00007FFE13335C3B
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_FormatFromStringUnicode_
                                                                      • String ID: <socket object, fd=%ld, family=%d, type=%d, proto=%d>$no printf formatter to display the socket descriptor in decimal
                                                                      • API String ID: 1884982852-285600062
                                                                      • Opcode ID: b0276bca1904d823c32b4aefda0a40b3eeef289f352164fa4c2060ff8b4b8fc5
                                                                      • Instruction ID: 95e2f3e6e5604e4e091a36f40b56ac5b671f29ec3c3c3f5a2795bc9a2a370546
                                                                      • Opcode Fuzzy Hash: b0276bca1904d823c32b4aefda0a40b3eeef289f352164fa4c2060ff8b4b8fc5
                                                                      • Instruction Fuzzy Hash: E9F0FEB5E08D02DAEE109B16D4500286760FB64FBCF608771D93D676F0DF2DE44A8708
                                                                      Function 00007FFE1A467DAA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FFE1A467DC6
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_FormatFreeMem_
                                                                      • String ID: second item in _fields_ tuple (index %zd) must be a C type
                                                                      • API String ID: 3237669406-2717732800
                                                                      • Opcode ID: 117288b2283cfe3d0982d2caaa9ba3a7616f632becaa413df003f7aa6716024c
                                                                      • Instruction ID: 5dbb28586dc2da4fec0b40820970ff8adcc2b068dd9e1b020bfb37c5d1765063
                                                                      • Opcode Fuzzy Hash: 117288b2283cfe3d0982d2caaa9ba3a7616f632becaa413df003f7aa6716024c
                                                                      • Instruction Fuzzy Hash: FDE04C68B09D8392E9149BA7A8940382360BF85FB5F1151F3D82E576B18E3CB5259201
                                                                      Function 00007FFE1A509CC0 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                      • Instruction ID: 7c21c6194f344e7dbefec45f19faf2cd0c5fae1228fd8d678d6a9d50b883a88c
                                                                      • Opcode Fuzzy Hash: f50f9f5b0f4c072e52125a456639a7d4e2bd829a5a5137cb56b4f6bb80237050
                                                                      • Instruction Fuzzy Hash: 8E913A62F0CE96C9F7118B62D9403BC2BB1BB06B68F5440F7DA4D576A9DF78A845C340
                                                                      Function 00007FF7A6A40C9C Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                      • String ID:
                                                                      • API String ID: 72036449-0
                                                                      • Opcode ID: d9c2c809c88bc492fb083569f0100690a84594dd7041139d92feabbe1811d0c6
                                                                      • Instruction ID: 66a60b86618b2cf777d0592809b114de0253663d5b248ba4426695bdf0c8f599
                                                                      • Opcode Fuzzy Hash: d9c2c809c88bc492fb083569f0100690a84594dd7041139d92feabbe1811d0c6
                                                                      • Instruction Fuzzy Hash: B451B436F0A60286F7697B288C4DB7BE580DF41F14F9B4434CA29472F5EE2CB844A661
                                                                      Function 00007FFE1A50A44C Relevance: 6.1, APIs: 4, Instructions: 134COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+$NameName::
                                                                      • String ID:
                                                                      • API String ID: 168861036-0
                                                                      • Opcode ID: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                      • Instruction ID: e19ff38147d37b3763b0332b6057d3efa3cfa6e04751ef18c4683969978c72fa
                                                                      • Opcode Fuzzy Hash: fdc850366a52cc8509fdc883a27d076c67a20e363f2b2ed3a2a440fa302089d7
                                                                      • Instruction Fuzzy Hash: 7B5157B2F1CE5688EB108F22E9403BD37B1BB56B68F5441B2DA0E47AA5DF39E541C340
                                                                      Function 00007FF7A6A30004 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                      • String ID:
                                                                      • API String ID: 2780335769-0
                                                                      • Opcode ID: 90fdda550965b32b3b7c957f91a0516d48632c54475047bf9b5b79af1da324ef
                                                                      • Instruction ID: a26bc6217ae7c369a5b8cfeaff9e4c274c926a224ba886674348f48600a6a829
                                                                      • Opcode Fuzzy Hash: 90fdda550965b32b3b7c957f91a0516d48632c54475047bf9b5b79af1da324ef
                                                                      • Instruction Fuzzy Hash: 5E518E36F156418AFB18EFB1DC407BEA3A1AB48F58F964035DE1D476A8EF38D4808720
                                                                      Function 00007FFE1A50C87C Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID:
                                                                      • API String ID: 2943138195-0
                                                                      • Opcode ID: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                      • Instruction ID: ff5c0cbc4c893d9cad88f4747c0f6da9922c467a26f9445843aebcbd3b02c817
                                                                      • Opcode Fuzzy Hash: 010c9cc7b649f2daabbc83b7255f351f4a32df461fe661a6f710ba75eaae01a6
                                                                      • Instruction Fuzzy Hash: 834177B2B08F8589FB01CF65E8413BC37B0BB46B68F5484A6DA4D577A9DF38A541C310
                                                                      Function 00007FFE13333B8C Relevance: 6.1, APIs: 4, Instructions: 66threadtimeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSaveTime_Timeval_noraiseselect
                                                                      • String ID:
                                                                      • API String ID: 2889695022-0
                                                                      • Opcode ID: 8247d159f57c85fc47a0ccf06ff55173202fc27072eac768854e7e8203c09b73
                                                                      • Instruction ID: 627d6c16c9a6818fca6bffa424f4e76bbc94d103d4cfc2260eb7c23e836e4d7b
                                                                      • Opcode Fuzzy Hash: 8247d159f57c85fc47a0ccf06ff55173202fc27072eac768854e7e8203c09b73
                                                                      • Instruction Fuzzy Hash: 2F21B17270CF858AE6608B16E8403AAE360FB95BB4F108231DBAD57BA4DF7DD445C708
                                                                      Function 00007FFE1A46B38C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Mem_$DeallocFreeMallocmemcpy
                                                                      • String ID:
                                                                      • API String ID: 1346496523-0
                                                                      • Opcode ID: 09cd148e06525423ca6fdc7bdaeea8d178cf12330d08560611c452af8600b210
                                                                      • Instruction ID: c99a869ccff8b2e0aebb09eae71ce5dd68cbc6c11e33120cb37dd1c0c3e69a92
                                                                      • Opcode Fuzzy Hash: 09cd148e06525423ca6fdc7bdaeea8d178cf12330d08560611c452af8600b210
                                                                      • Instruction Fuzzy Hash: 83213B72B09F8282EA549B17A94013D22B0FF48FA4B0444F7DA1E07765EF3CE8A2C300
                                                                      Function 00007FFE1A46487C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Descr_Dict_ItemString
                                                                      • String ID:
                                                                      • API String ID: 975051370-0
                                                                      • Opcode ID: 10a791b5f7c298b21560b0b87faa3e8afad00ccfe4cc43d7285d76518010f88c
                                                                      • Instruction ID: a41242ea71e2a305cd3ef95f1ec0b5d948f866eb64e168331eaee55160d6f2c2
                                                                      • Opcode Fuzzy Hash: 10a791b5f7c298b21560b0b87faa3e8afad00ccfe4cc43d7285d76518010f88c
                                                                      • Instruction Fuzzy Hash: 42115425B0DE8185EE548B53E6503392271EF49FE4F0845B2DE6D83B66DF3CD4618200
                                                                      Function 00007FFE1A461360 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A461CF8: PyThreadState_Get.PYTHON310(?,?,?,?,00000000,00007FFE1A46138D,?,?,00000000,00007FFE1A4612DA), ref: 00007FFE1A461D05
                                                                        • Part of subcall function 00007FFE1A461CF8: _PyObject_MakeTpCall.PYTHON310 ref: 00007FFE1A461D41
                                                                      • PyWeakref_NewProxy.PYTHON310(?,?,00000000,00007FFE1A4612DA), ref: 00007FFE1A4613AA
                                                                      • PyDict_SetItem.PYTHON310(?,?,00000000,00007FFE1A4612DA), ref: 00007FFE1A4613CB
                                                                      • _Py_Dealloc.PYTHON310(?,?,00000000,00007FFE1A4612DA), ref: 00007FFE1A46686B
                                                                      • _Py_Dealloc.PYTHON310(?,?,00000000,00007FFE1A4612DA), ref: 00007FFE1A46687A
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$CallDict_ItemMakeObject_ProxyState_ThreadWeakref_
                                                                      • String ID:
                                                                      • API String ID: 2576100542-0
                                                                      • Opcode ID: 750665e4395f7a1f80563c62926872de9804c11ffc6bb29ae58d6164d434b593
                                                                      • Instruction ID: 1626e718e4d13c2970ace92665bcf956286769d58a67de5e34f4c2c23a945f54
                                                                      • Opcode Fuzzy Hash: 750665e4395f7a1f80563c62926872de9804c11ffc6bb29ae58d6164d434b593
                                                                      • Instruction Fuzzy Hash: B2116D22B09F8285EA544F57A84007963B4EB89FE0F1845F2DE6E477A5CF3CE8618300
                                                                      Function 00007FFE13334C84 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Err_RestoreSaveStringgetsocknamememset
                                                                      • String ID:
                                                                      • API String ID: 772546412-0
                                                                      • Opcode ID: 49b28dbafa387ad1215f07d86a85549622e226536939488c78001633e0ee6221
                                                                      • Instruction ID: 9e33c7450a7ccff6cad00a5d6dc56c07998df7432f9bb2ad289f3758b96f4406
                                                                      • Opcode Fuzzy Hash: 49b28dbafa387ad1215f07d86a85549622e226536939488c78001633e0ee6221
                                                                      • Instruction Fuzzy Hash: FE11362560CF8686EA709B52F4403AAF361FF58BA4F008172D99D67A65DF3CD145CB04
                                                                      Function 00007FFE13334BC4 Relevance: 6.0, APIs: 4, Instructions: 43threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$Err_RestoreSaveStringgetpeernamememset
                                                                      • String ID:
                                                                      • API String ID: 1387529023-0
                                                                      • Opcode ID: 6b6f56178a4cc6c55970c65048cd5a9e6faf7cee1dac423c982dfd799eaa9efe
                                                                      • Instruction ID: e10ade52840adf6cc53f72fbbf75bc8833d332dd56e553d53080dfa8a5e8f9d6
                                                                      • Opcode Fuzzy Hash: 6b6f56178a4cc6c55970c65048cd5a9e6faf7cee1dac423c982dfd799eaa9efe
                                                                      • Instruction Fuzzy Hash: 9411362560CF8285EA309B52F4403AAF361FBA8FA4F008172DA9D67A65DF3CD145CB04
                                                                      Function 00007FFE1A46C3CC Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dealloc$Object_Track
                                                                      • String ID:
                                                                      • API String ID: 887704541-0
                                                                      • Opcode ID: f103a8382c84f6592912ba2ebbba444a017d2316beaf823d7289fdf9a3b07014
                                                                      • Instruction ID: 92c4b2b7ec4c23a221cfd77c9e76c0722b85ab68c1fc61072242e47b6b14bcfe
                                                                      • Opcode Fuzzy Hash: f103a8382c84f6592912ba2ebbba444a017d2316beaf823d7289fdf9a3b07014
                                                                      • Instruction Fuzzy Hash: C401AC36F4BE4681EE598FE7A95413823A4EF88F74F1804F2C91E436618E2DA8658344
                                                                      Function 00007FFE13334844 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Eval_Thread$RestoreSave_errnoclosesocket
                                                                      • String ID:
                                                                      • API String ID: 1624953543-0
                                                                      • Opcode ID: 5529201ed1357033c246aa0479ec5be037d464bcafb8549e637b99e7a244702a
                                                                      • Instruction ID: d6c20a5bfb044bc2ead016bca5535ef2ce3b17302174f428f0d7a7037cae761e
                                                                      • Opcode Fuzzy Hash: 5529201ed1357033c246aa0479ec5be037d464bcafb8549e637b99e7a244702a
                                                                      • Instruction Fuzzy Hash: 09F06D25A18F4186E6145B67A844038B760FF68FB1B088370DA7E2BBF4CF3CD4868304
                                                                      Function 00007FFE1A46C848 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: State_$EnsureInitializeInitializedRelease
                                                                      • String ID:
                                                                      • API String ID: 2621580956-0
                                                                      • Opcode ID: 0eeb62402b2c4b2d4e76e5f6e09482d8d6df67c1062aa96a96b1d733fb42a3b4
                                                                      • Instruction ID: d5d1d6a6b045ada8491a3af7d2de9c1a4dfca83e6da4d7d5cfd771045d6b6f2e
                                                                      • Opcode Fuzzy Hash: 0eeb62402b2c4b2d4e76e5f6e09482d8d6df67c1062aa96a96b1d733fb42a3b4
                                                                      • Instruction Fuzzy Hash: 43F05425B09F9182E7405BA3B844039A264FB88FE0F5854B6EE9D53735DE3CD4A18704
                                                                      Function 00007FFE1333721C Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DecodeDefaultErr_ErrnoFromLongLong_Unicode_Unsignedif_indextoname
                                                                      • String ID:
                                                                      • API String ID: 1147600871-0
                                                                      • Opcode ID: 6d48fe8f77225dbacd959d9b24e2bc67c474598b9b8ffd3ecb1dd1db36651389
                                                                      • Instruction ID: ec06ed8076691bf437822de26d37ae10c56a7815f199457364f08c934a180a60
                                                                      • Opcode Fuzzy Hash: 6d48fe8f77225dbacd959d9b24e2bc67c474598b9b8ffd3ecb1dd1db36651389
                                                                      • Instruction Fuzzy Hash: 1EF01825B1CE4289FA619B26E854379A3A0BFA8F74F404171E46E963B4DF3CD1098704
                                                                      Function 00007FFE1A504710 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: abort$CreateFrameInfo
                                                                      • String ID: csm
                                                                      • API String ID: 2697087660-1018135373
                                                                      • Opcode ID: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                      • Instruction ID: c3090eab012bee12285d80d98a2eaf696ebf7f1cadfbc6ee65b1b7380b95058b
                                                                      • Opcode Fuzzy Hash: f6943bea1c78c8542bb5a279c29cdd6a6ec40214996e776607272464948ef889
                                                                      • Instruction Fuzzy Hash: A1514F7671CB4186D6609B16E14027E7BB5FB8AFA0F1405B6DB8D07B66CF38D491CB00
                                                                      Function 00007FF7A6A375A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 10171db44824e7aed66aadb47685b839cf68eb4b5ed4ffdec3fa763084f2c821
                                                                      • Instruction ID: 526f12ef3ad16fd8a79d49a1d207ec2c2bb462ad46256b8d05b8cc83cc5083a8
                                                                      • Opcode Fuzzy Hash: 10171db44824e7aed66aadb47685b839cf68eb4b5ed4ffdec3fa763084f2c821
                                                                      • Instruction Fuzzy Hash: EC41B432B1AB4182D7119F25E8547AAA761FB84B94FC14031EE4D877A4EF3CD441C754
                                                                      Function 00007FFE1A509BAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Name::operator+
                                                                      • String ID: void$void
                                                                      • API String ID: 2943138195-3746155364
                                                                      • Opcode ID: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                      • Instruction ID: 034ee115d4797f50a897dd60a58d56332164fd87dc58581a0c7afa835b1accaf
                                                                      • Opcode Fuzzy Hash: ff67bb32e799e4a453516f5f2b265aba841f0c9d9f12838b8a28f15594d75a10
                                                                      • Instruction Fuzzy Hash: 82313662F1CE5588FB00CBA6E9410FC37B0BB49B58B4405B6DE4E63B69DF389144C750
                                                                      Function 00007FF7A6A39DCC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID: :
                                                                      • API String ID: 1611563598-336475711
                                                                      • Opcode ID: 358c29e057310b9dbf87ce8832f648ffc8418adb857075593b89f77cac0e1683
                                                                      • Instruction ID: 49124165707eccda3e0ad5fac3595e0faa89910109b2efda3295e337e03184e0
                                                                      • Opcode Fuzzy Hash: 358c29e057310b9dbf87ce8832f648ffc8418adb857075593b89f77cac0e1683
                                                                      • Instruction Fuzzy Hash: 0321E476A0974181EB28AB15D84866FB3A2FB88F44FD68035D68D032A4FF7CE945C760
                                                                      Function 00007FFE133340AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE133379F4: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE13337A38
                                                                      • PyErr_SetString.PYTHON310(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFE1333361D), ref: 00007FFE13334187
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_String__stdio_common_vsscanf
                                                                      • String ID: %X:%X:%X:%X:%X:%X%c$bad bluetooth address
                                                                      • API String ID: 3283897942-3956635471
                                                                      • Opcode ID: 6b7bbb419bf90f4ec54ce449d6e930bc43729797437c72d35fdfa9a7b92bef43
                                                                      • Instruction ID: 4b1619c17b62b348e4c090f6a4f0cbecb6393ed4b796a6ae1fd941dd4cc0936e
                                                                      • Opcode Fuzzy Hash: 6b7bbb419bf90f4ec54ce449d6e930bc43729797437c72d35fdfa9a7b92bef43
                                                                      • Instruction Fuzzy Hash: 9421BE7671CE819ADB40CB02E8881ACB3A6F754BE1F418136EAAC57B68DF3DD854C710
                                                                      Function 00007FF7A6A39B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Stringtry_get_function
                                                                      • String ID: LCMapStringEx
                                                                      • API String ID: 2588686239-3893581201
                                                                      • Opcode ID: 3f234b750bb92135ac9219f32761e9075403fa9e411f89d648a1ab2314d2fb3a
                                                                      • Instruction ID: e1219de0bf5c6cfc9da3da482b35e50c67b23d3bd5f4fc8ffe9bb9f00772e213
                                                                      • Opcode Fuzzy Hash: 3f234b750bb92135ac9219f32761e9075403fa9e411f89d648a1ab2314d2fb3a
                                                                      • Instruction Fuzzy Hash: 74113E35608B8186D764DB06F8406AAB7A0FBC9B90F544136EE8D43B29EF3CD4408B40
                                                                      Function 00007FF7A6A398F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: CompareStringtry_get_function
                                                                      • String ID: CompareStringEx
                                                                      • API String ID: 3328479835-2590796910
                                                                      • Opcode ID: a838e128e0648ed7ac64152a332a0c27ddcf91e5e1ecd772518943caff99cc0e
                                                                      • Instruction ID: e95aa8d02e8ff17d32db7d7379bc9e0fa861e030212fcd4283f852f30f51ede8
                                                                      • Opcode Fuzzy Hash: a838e128e0648ed7ac64152a332a0c27ddcf91e5e1ecd772518943caff99cc0e
                                                                      • Instruction Fuzzy Hash: E2113E36A09B8086D764DB05F8406AAF7A0FBC8B80F544136EE8D43B29EF3CD4408B40
                                                                      Function 00007FFE1A462F10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_String
                                                                      • String ID: abstract class
                                                                      • API String ID: 1259552197-1623945838
                                                                      • Opcode ID: 526be4034b820c9e52a735480f0d18f6a85869d2fe8ad447ba33eace3de6d796
                                                                      • Instruction ID: 1ea8c2425a4f777f7da9430db07b58cca4b7aae8a5542bbd1782e88739c2b055
                                                                      • Opcode Fuzzy Hash: 526be4034b820c9e52a735480f0d18f6a85869d2fe8ad447ba33eace3de6d796
                                                                      • Instruction Fuzzy Hash: F7115221B19F4386EB588B67A95417962F4BF8DFA0F1451F2D95E873A4EF3CD0648700
                                                                      Function 00007FFE1A50604F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FileHeader$ExceptionRaise
                                                                      • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                      • API String ID: 3685223789-3176238549
                                                                      • Opcode ID: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                      • Instruction ID: 86bf4d54b3ebdc5f41106ced5c3cad9905c63fcaf38bbb3185447705a2d3f7d3
                                                                      • Opcode Fuzzy Hash: d06b4d24d7aa4607bffac334420f89fbd77c373aef9fdd9199db5b082a62258c
                                                                      • Instruction Fuzzy Hash: D1018CA5B2DE4691EE008B16E9601BC6321FF91FA4F8050F2E54E07AB6EFACD404C700
                                                                      Function 00007FFE1A46ED48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_FormatLongLong_
                                                                      • String ID: one character bytes, bytearray or integer expected
                                                                      • API String ID: 832222675-2748977362
                                                                      • Opcode ID: 8b4d8a292adaf2b222958399f556eb67eedac0f5757c842e3e81ff03a3009389
                                                                      • Instruction ID: 99c6fde271f9ed4ceb851bd26ec26af56625e7b6948d915e35e25866325b4e72
                                                                      • Opcode Fuzzy Hash: 8b4d8a292adaf2b222958399f556eb67eedac0f5757c842e3e81ff03a3009389
                                                                      • Instruction Fuzzy Hash: C3114CA6B09E8381EB658B2BD54117927B0EF85FA4F1844F2CA5D47371CE2CE4A5C301
                                                                      Function 00007FFE1A5063F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                      • Instruction ID: d7aa532075cd2bc2e06708e4d0d3fb5e2435da9f917edc17bc77e81aabfdf1d1
                                                                      • Opcode Fuzzy Hash: 04e89f2c23f7d49b97199698fdfbf86ccf7878464e1c577e170b006b6ea557c8
                                                                      • Instruction Fuzzy Hash: 58115B32A0CB8182EB118F16F540269B7A5FB89F94F6842B6DE8C07B69EF7CC5518700
                                                                      Function 00007FFE1A46A0D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • PyErr_SetString.PYTHON310 ref: 00007FFE1A46A0F9
                                                                        • Part of subcall function 00007FFE1A46A9EC: PyErr_SetString.PYTHON310(?,?,?,?,00007FFE1A4693F5,?), ref: 00007FFE1A46AA2D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_String
                                                                      • String ID: NULL pointer access$Pointer does not support item deletion
                                                                      • API String ID: 1450464846-1262937747
                                                                      • Opcode ID: cf7a6c95a3cae51aa3eb2f2a76c3157fcdc68f1ccfb3e8406084a369a191322c
                                                                      • Instruction ID: 56602a02ae3340fc9798254e583ff9136b4351748636ed1e899e1c43c1fbfc39
                                                                      • Opcode Fuzzy Hash: cf7a6c95a3cae51aa3eb2f2a76c3157fcdc68f1ccfb3e8406084a369a191322c
                                                                      • Instruction Fuzzy Hash: FF012761B08F8681DA449B57A8904B92374FB85FE4F1081B3EE5E57BA5CE2CD5648340
                                                                      Function 00007FFE133348B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE13333570: PyErr_Format.PYTHON310 ref: 00007FFE133337C7
                                                                      • PySys_Audit.PYTHON310 ref: 00007FFE1333490C
                                                                        • Part of subcall function 00007FFE13333A70: PyEval_SaveThread.PYTHON310 ref: 00007FFE13333A8E
                                                                        • Part of subcall function 00007FFE13333A70: connect.WS2_32 ref: 00007FFE13333AA1
                                                                        • Part of subcall function 00007FFE13333A70: PyEval_RestoreThread.PYTHON310 ref: 00007FFE13333AAC
                                                                        • Part of subcall function 00007FFE13333A70: WSAGetLastError.WS2_32 ref: 00007FFE13333ABA
                                                                        • Part of subcall function 00007FFE13333A70: WSAGetLastError.WS2_32 ref: 00007FFE13333AC6
                                                                        • Part of subcall function 00007FFE13333A70: PyErr_CheckSignals.PYTHON310 ref: 00007FFE13333AD3
                                                                        • Part of subcall function 00007FFE13333A70: WSASetLastError.WS2_32 ref: 00007FFE13333B10
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$Err_Eval_Thread$AuditCheckFormatRestoreSaveSignalsSys_connect
                                                                      • String ID: connect$socket.connect
                                                                      • API String ID: 2206401578-326844852
                                                                      • Opcode ID: abbc5935f74ef70b0cd9da9885d33e209b325534e8d2620e9e7c1fa6b8891838
                                                                      • Instruction ID: 83dc5fc5f893357b8f5e452c044f068a778b2ba751e1a707fd9ed09f4c139f53
                                                                      • Opcode Fuzzy Hash: abbc5935f74ef70b0cd9da9885d33e209b325534e8d2620e9e7c1fa6b8891838
                                                                      • Instruction Fuzzy Hash: 5311526170CE4289FA208B13F8407A6A360FF65FA0F448072DE5D67765EE3CE145C744
                                                                      Function 00007FFE1A46E928 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FFE1A46EC18: PyType_IsSubtype.PYTHON310(?,?,?,?,00007FFE1A46E825), ref: 00007FFE1A46EC25
                                                                      • PyErr_SetString.PYTHON310 ref: 00007FFE1A46E964
                                                                        • Part of subcall function 00007FFE1A46A9EC: PyErr_SetString.PYTHON310(?,?,?,?,00007FFE1A4693F5,?), ref: 00007FFE1A46AA2D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_String$SubtypeType_
                                                                      • String ID: can't delete attribute$not a ctype instance
                                                                      • API String ID: 3320257282-2740123057
                                                                      • Opcode ID: c74a807a203b7de0b261816b350f5cc9ca22296f4b37b8a272b2a39a70e024b4
                                                                      • Instruction ID: 4dbe3b6d4a343842e54b41c820e4444cab8e0e48b91b5e795ed242fe80f06c3a
                                                                      • Opcode Fuzzy Hash: c74a807a203b7de0b261816b350f5cc9ca22296f4b37b8a272b2a39a70e024b4
                                                                      • Instruction Fuzzy Hash: 501115A1B08F8181EA60CB67E44107963B4FB88FE4B5042B2EEAD57B68DF28D5658700
                                                                      Function 00007FFE1A4695AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_ItemSequence_String
                                                                      • String ID: args not a tuple?
                                                                      • API String ID: 138718260-274370407
                                                                      • Opcode ID: 8df7c5eb64c86461ab5710fd6b6742d20501527845f328b9d8bc7b43c6c269b7
                                                                      • Instruction ID: afe71b173063e7957c7113d2153378aed8ce9d8e430095bcf349f42464db97f5
                                                                      • Opcode Fuzzy Hash: 8df7c5eb64c86461ab5710fd6b6742d20501527845f328b9d8bc7b43c6c269b7
                                                                      • Instruction Fuzzy Hash: AC019235B09F8285E6048B56E4801797370FB44FB0F5452B2EA7D877A5CF28D4A2C300
                                                                      Function 00007FFE1A46938C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_String
                                                                      • String ID: Array does not support item deletion$invalid index
                                                                      • API String ID: 1450464846-799983634
                                                                      • Opcode ID: 6c8783f23962bd5731013e76f01afede45a67896543403de091c566849b667cd
                                                                      • Instruction ID: 2ac18b2abbb32c0b0c545ff39a5b943f6ef6768183cba7b51222bb626be56394
                                                                      • Opcode Fuzzy Hash: 6c8783f23962bd5731013e76f01afede45a67896543403de091c566849b667cd
                                                                      • Instruction Fuzzy Hash: CE014865B18E8681DA00CB97D8904B82278FB98FE4F5111F3E96E977A2DF3DE1618340
                                                                      Function 00007FF7A6A3A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1927109956.00007FF7A6A21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A6A20000, based on PE: true
                                                                      • Associated: 00000004.00000002.1926981513.00007FF7A6A20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927239164.00007FF7A6A45000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A57000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A5A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927326148.00007FF7A6A66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1927636830.00007FF7A6A68000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ff7a6a20000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: :
                                                                      • API String ID: 3215553584-336475711
                                                                      • Opcode ID: a7a626b1d5751b2d450cbbf5567bd50dec9d39dc7df76c83fe3caaf000a3f2e8
                                                                      • Instruction ID: 6e6d292b507fd2e3e4dcb0a8e0af0bb71e58f329fab0ddcf1ca2ff125208cd94
                                                                      • Opcode Fuzzy Hash: a7a626b1d5751b2d450cbbf5567bd50dec9d39dc7df76c83fe3caaf000a3f2e8
                                                                      • Instruction Fuzzy Hash: 5801FD6690960282F725BF60A856A7FB3A0EF48B08FC20035D60E462A1EF3CE1058A30
                                                                      Function 00007FFE1A46427C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: DeallocErr_Object_StringSubtypeType_
                                                                      • String ID: expected CData instance
                                                                      • API String ID: 1004461360-1581534645
                                                                      • Opcode ID: e26d02f22c3492ab1bf19d6cf85197706354a43e5d4a71fe4d6d3dbf5354960e
                                                                      • Instruction ID: ccfdc2c2df617139df7f5dd518155b0308c27deea977ea823aaa4dff9beb71a6
                                                                      • Opcode Fuzzy Hash: e26d02f22c3492ab1bf19d6cf85197706354a43e5d4a71fe4d6d3dbf5354960e
                                                                      • Instruction Fuzzy Hash: 05011AA6B09F42C1FA558B67A89003823B4AB49FA4F5405F2C92E873B1DE2DE5758310
                                                                      Function 00007FFE1A46B458 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AttrEqualGenericObject_StringUnicode_
                                                                      • String ID: _fields_
                                                                      • API String ID: 947992268-3196300388
                                                                      • Opcode ID: 09985de64b75e69028d34924aac225e8239a08274b95fb32eddf8857ccf1cc7a
                                                                      • Instruction ID: b7faf88f502c9cc922b307db069851bb7fe472d127255c81c091f31425582b16
                                                                      • Opcode Fuzzy Hash: 09985de64b75e69028d34924aac225e8239a08274b95fb32eddf8857ccf1cc7a
                                                                      • Instruction Fuzzy Hash: F2F0F411B58E8281E6509F67AD403795660AF45FF0F6495F2EE6D877B4CF2CD8618700
                                                                      Function 00007FFE1A46B21C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Dict_Err_ItemString
                                                                      • String ID: abstract class
                                                                      • API String ID: 960913676-1623945838
                                                                      • Opcode ID: 9de3f8c70a3c6ee8fb7715cbd296c57ba0a225a0fffe472590f6dfe171961a0a
                                                                      • Instruction ID: 835604eb2276c1e17aaeeb14ca224785ae37a494b0d3dec4a25855e132a44b48
                                                                      • Opcode Fuzzy Hash: 9de3f8c70a3c6ee8fb7715cbd296c57ba0a225a0fffe472590f6dfe171961a0a
                                                                      • Instruction Fuzzy Hash: 3CF0E125B49E4280EA549B67E89407922B0AF85FF4F5452F3D93D476B1DE2CE4668300
                                                                      Function 00007FFE1A46C2B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditBytes_FromSizeStringSys_
                                                                      • String ID: ctypes.string_at
                                                                      • API String ID: 1783689829-1910480597
                                                                      • Opcode ID: 2057401bada4da8a7bf89bb14568cd576d4e644a7a45f7016cda1baa0f7b2ac1
                                                                      • Instruction ID: 6abc6c4742ae9c0d32f8514a7af193953fcb9cc89526292c66971eb7c9459ff8
                                                                      • Opcode Fuzzy Hash: 2057401bada4da8a7bf89bb14568cd576d4e644a7a45f7016cda1baa0f7b2ac1
                                                                      • Instruction Fuzzy Hash: 8EF03061F08D8684EB204B97B94417566619F58FF4F5093F3D93E975F4DD2CD4604208
                                                                      Function 00007FFE1A46C30C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: AuditCharFromSys_Unicode_Wide
                                                                      • String ID: ctypes.wstring_at
                                                                      • API String ID: 614261396-2169766756
                                                                      • Opcode ID: b0524031cd05b6285eb1e601863089768cb7c50a35e5232dc8eaa982ccceec78
                                                                      • Instruction ID: b95f456d4d87776d2e177504d177d57137ad9e4a6e0848e492996fed2090a876
                                                                      • Opcode Fuzzy Hash: b0524031cd05b6285eb1e601863089768cb7c50a35e5232dc8eaa982ccceec78
                                                                      • Instruction Fuzzy Hash: 30F03011B1898291DE104BA7F9440B65221AF48FB4F5852B3D93EC75F4DE2CD5A48204
                                                                      Function 00007FFE1333384C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931020549.00007FFE13331000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE13330000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931000556.00007FFE13330000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931039791.00007FFE13338000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931060752.00007FFE13340000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931079495.00007FFE13342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe13330000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_String
                                                                      • String ID: getsockaddrlen: bad family$getsockaddrlen: unknown BT protocol
                                                                      • API String ID: 1450464846-3381576205
                                                                      • Opcode ID: 4390e777f619f428e82ab41ec729cd625384752b6421c9fb09d1ca6f6b7a61ec
                                                                      • Instruction ID: 8aeb9c06429557221f4bdf8d2b3980043bbc7604cb1c131c0e26ace817be2490
                                                                      • Opcode Fuzzy Hash: 4390e777f619f428e82ab41ec729cd625384752b6421c9fb09d1ca6f6b7a61ec
                                                                      • Instruction Fuzzy Hash: 7EF0FFB190890299F7258F0BC44427CA2A0EB64F76F94C4B1C51DAE7B0CF6CE4989709
                                                                      Function 00007FFE1A461F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FromLong_Ssize_t
                                                                      • String ID: this type has no size
                                                                      • API String ID: 168540982-982649334
                                                                      • Opcode ID: 056f01a8074e7a1b295219d01dcdcbaeefd6939773ce1673f0c593461f6dae2b
                                                                      • Instruction ID: 8cc9c06a14a3c7c7c321281b3252f3a5ae8dfcedac63d391dc211d04839c50e1
                                                                      • Opcode Fuzzy Hash: 056f01a8074e7a1b295219d01dcdcbaeefd6939773ce1673f0c593461f6dae2b
                                                                      • Instruction Fuzzy Hash: DCF01C60B19D43C1FA189B63995103823709FC8FB4F1410F3CD2E8B2B1DE2CE8A48240
                                                                      Function 00007FFE1A46DE10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: PrintableUnicode_
                                                                      • String ID: '$\
                                                                      • API String ID: 1291510985-1366717710
                                                                      • Opcode ID: 90ba50dddf373a3bf7f3bb9bb78306e06462ffc7d4ae6341645dea46e40eb244
                                                                      • Instruction ID: 538460e48592a97e089a00f295d34819d0d128fc1203093be10f24a9627d3903
                                                                      • Opcode Fuzzy Hash: 90ba50dddf373a3bf7f3bb9bb78306e06462ffc7d4ae6341645dea46e40eb244
                                                                      • Instruction Fuzzy Hash: 48E08621F19E4546FB940627E84437611625B94B70F9E51F2D5FD472E1CD3CD8E94700
                                                                      Function 00007FFE1A46E8DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: FormatFromUnicode_
                                                                      • String ID: <Field type=%s, ofs=%zd, size=%zd>$<Field type=%s, ofs=%zd:%zd, bits=%zd>
                                                                      • API String ID: 3889672380-2914491812
                                                                      • Opcode ID: 19106137a22db15faf5e06962682c0595abb236670aa1733a61fed3c23b09174
                                                                      • Instruction ID: 6685997b98d462b5268d6d377f8a772cf2a8c708ddf93daf1145ac0e5a18b080
                                                                      • Opcode Fuzzy Hash: 19106137a22db15faf5e06962682c0595abb236670aa1733a61fed3c23b09174
                                                                      • Instruction Fuzzy Hash: DDE0E5AAB04E95C1DBA88B4AD8814783760FB95F68BA100E7CA4C43370CF39E976C740
                                                                      Function 00007FFE1A463A58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Err_$OccurredString
                                                                      • String ID: PyObject is NULL
                                                                      • API String ID: 114435612-3221357749
                                                                      • Opcode ID: cb997f47c80bbb16f1dcf358a7bcf20ef9cf63e5fa3e8186e7c220f4d9be6fd4
                                                                      • Instruction ID: 459949f9a76d5272c6a53c1544ef26891e23786ff8d1cac585880c138129c8fc
                                                                      • Opcode Fuzzy Hash: cb997f47c80bbb16f1dcf358a7bcf20ef9cf63e5fa3e8186e7c220f4d9be6fd4
                                                                      • Instruction Fuzzy Hash: 00E09264B0AE8290EE555B67989053823A0AF88F65BA458F6C90E46370DE2DB1659300
                                                                      Function 00007FFE1A46DECC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Capsule_FreeMem_Pointer
                                                                      • String ID: _ctypes pymem
                                                                      • API String ID: 1268649101-201515578
                                                                      • Opcode ID: 3ce39ffbd8ccc44dc57a7f9727cb428ce3a6074878bf124ee72c41ec5353e186
                                                                      • Instruction ID: 8b364ed7545daa80a050948371b336a472ca6b8fdab2bc4178030a3dae687520
                                                                      • Opcode Fuzzy Hash: 3ce39ffbd8ccc44dc57a7f9727cb428ce3a6074878bf124ee72c41ec5353e186
                                                                      • Instruction Fuzzy Hash: 84C01224F0BE82C2ED08AB87AC882301260AF94F21F8044F6C00E06230DE2CA1BA8300
                                                                      Function 00007FFE1A46F350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931215335.00007FFE1A461000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FFE1A460000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931198241.00007FFE1A460000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931238448.00007FFE1A470000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931258894.00007FFE1A477000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931280068.00007FFE1A47B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a460000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: Capsule_FreeMem_Pointer
                                                                      • String ID: _ctypes/cfield.c pymem
                                                                      • API String ID: 1268649101-2578739719
                                                                      • Opcode ID: f393dda760cfacbf731ddb6b4562603b23ae51208b9288b768ead9a349ed9e6e
                                                                      • Instruction ID: 6c85d19c5c5fbd864131f56cb73de4bda0b9e110ce6edd6dfc5841813aed3799
                                                                      • Opcode Fuzzy Hash: f393dda760cfacbf731ddb6b4562603b23ae51208b9288b768ead9a349ed9e6e
                                                                      • Instruction Fuzzy Hash: D3C01214F0BE8292ED08AB93A84923412A17F84F21F9044FAC00D07230EE2CA1BA8300
                                                                      Function 00007FFE1A50672C Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FFE1A5065B9,?,?,?,?,00007FFE1A50FB22,?,?,?,?,?), ref: 00007FFE1A50674B
                                                                      • SetLastError.KERNEL32(?,?,?,00007FFE1A5065B9,?,?,?,?,00007FFE1A50FB22,?,?,?,?,?), ref: 00007FFE1A5067D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000004.00000002.1931386064.00007FFE1A501000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFE1A500000, based on PE: true
                                                                      • Associated: 00000004.00000002.1931371100.00007FFE1A500000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931409696.00007FFE1A511000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931425936.00007FFE1A516000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                      • Associated: 00000004.00000002.1931443216.00007FFE1A517000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_4_2_7ffe1a500000_X4KSeQkYJT.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 1452528299-0
                                                                      • Opcode ID: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                      • Instruction ID: 0667fa53b8f9d4c6a427086a68db0987b6a2ef0e47ba16f4d58108bc1a92f980
                                                                      • Opcode Fuzzy Hash: c7aaac8a80d8b30c274ca3e3b7c59e83a4e0092024cc1b5b0b7c72c8c7be0031
                                                                      • Instruction Fuzzy Hash: 82110324F0DE5282FA54972399441392692AF4AFF0F2446F6D96E07BF5DE7CE841C720