Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AutoDox_Scraper.exe

Overview

General Information

Sample name:AutoDox_Scraper.exe
Analysis ID:1353679
MD5:9fb9817dbde58b64e92c19b3d73ddd08
SHA1:fd67f92d8887eb0222016a06e701e3323d64c472
SHA256:fefa41c8aaa06ff9b36170f032c1c4d400945e2f9ff77b7fe8cf4b3ae445dadc
Tags:AutodoxDiscordDoxbinexe
Infos:

Detection

Python Stealer, MicroClip
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected MicroClip
Machine Learning detection for sample
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • AutoDox_Scraper.exe (PID: 2364 cmdline: C:\Users\user\Desktop\AutoDox_Scraper.exe MD5: 9FB9817DBDE58B64E92C19B3D73DDD08)
    • AutoDox_Scraper.exe (PID: 5900 cmdline: C:\Users\user\Desktop\AutoDox_Scraper.exe MD5: 9FB9817DBDE58B64E92C19B3D73DDD08)
      • cmd.exe (PID: 6572 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: AutoDox_Scraper.exe PID: 5900JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
        Process Memory Space: AutoDox_Scraper.exe PID: 5900JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: AutoDox_Scraper.exe PID: 5900JoeSecurity_MicroClipYara detected MicroClipJoe Security
            Click to see the 1 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: AutoDox_Scraper.exeAvira: detected
            Antivirus detection for URL or domain
            Source: https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngzAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: AutoDox_Scraper.exeReversingLabs: Detection: 47%
            Source: AutoDox_Scraper.exeVirustotal: Detection: 36%Perma Link
            Machine Learning detection for sample
            Source: AutoDox_Scraper.exeJoe Sandbox ML: detected
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\LICENSE.txtJump to behavior
            Source: AutoDox_Scraper.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1652293332.0000025C75525000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmp, MSVCP140.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmp, MSVCP140.dll.0.dr
            Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
            Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903037256.0000020AA1C80000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB18E000.00000040.00000001.01000000.00000014.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1652127358.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000000.00000003.1652127358.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2909503557.00007FFDFAD30000.00000040.00000001.01000000.0000001D.sdmp
            Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB18E000.00000040.00000001.01000000.00000014.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000000.00000003.1652293332.0000025C75525000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB210000.00000040.00000001.01000000.00000014.sdmp
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086109B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F7820 FindFirstFileExW,FindClose,0_2_00007FF6085F7820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086109B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085F7820 FindFirstFileExW,FindClose,1_2_00007FF6085F7820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4A260 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,1_2_00007FFDFAD4A260
            Source: unknownDNS traffic detected: query: paste.bingner.com replaycode: Name error (3)
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownDNS traffic detected: queries for: paste.bingner.com
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: HTTPS://jo%40email.com:a%20secret
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1699143372.0000020AA4FD0000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696747305.0000020AA4FD6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:8080/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906667287.0000020AA5610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906367690.0000020AA52B2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA524A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA5208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683730692.0000020AA41E1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684717069.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1691421888.0000020AA43F3000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684045095.0000020AA41E1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683249817.0000020AA41E4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683214921.0000020AA41D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
            Source: AutoDox_Scraper.exe, 00000001.00000003.1684717069.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684045095.0000020AA41E1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA41D6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683094994.0000020AA4243000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683094994.0000020AA41F2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683773870.0000020AA4243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA524A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906367690.0000020AA52B2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA524A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907499313.0000020AA600C000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA524A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA5208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906838410.0000020AA5810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906749691.0000020AA5710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906749691.0000020AA5710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906749691.0000020AA5710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
            Source: AutoDox_Scraper.exe, 00000001.00000003.1688672766.0000020AA3E86000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1687516882.0000020AA3EA0000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684649603.0000020AA3EB6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904697594.0000020AA4520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904697594.0000020AA4520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1699405453.0000020AA4DF1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682179511.0000020AA3EBD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903817603.0000020AA3F20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://rfc3986.readthedocs.io/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1691421888.0000020AA43F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907009857.0000020AA5A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-4.3
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA425C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc3986#section-5
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA5162000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA5208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907499313.0000020AA6058000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907671337.0000020AA6100000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA524A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907293684.0000020AA5E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
            Source: AutoDox_Scraper.exe, 00000001.00000003.1696990243.0000020AA4DD9000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.EXAMPLE.org
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682402119.0000020AA3F0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
            Source: AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA4142000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA5208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)F
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656486507.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660193349.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1656061150.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4EC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
            Source: AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682179511.0000020AA3EBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
            Source: AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA4142000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xn--fiqs8s.icom.museum
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)z&
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4E63000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://binance.com)z
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906838410.0000020AA5810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://brotlipy.readthedocs.io/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682179511.0000020AA3DBC000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1687516882.0000020AA3D81000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1688672766.0000020AA3D81000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1680497948.0000020AA3E1B000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1680334307.0000020AA3EC3000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681006631.0000020AA3DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue42195.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903574878.0000020AA3C20000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://click.palletsprojects.com/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://codecov.io/gh/pypa/setuptools
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)z
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
            Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906838410.0000020AA5810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907499313.0000020AA600C000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1070423065340682260/NSkqqD4pRualsdsgtHRwyHudxAE-8lFPYrQ71eUDlu1RJcO
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://discord.com/channels/803025117553754132/815945031150993468
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disney.com)z$
            Source: AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683832185.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684717069.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA425C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686341416.0000020AA428E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA425C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686341416.0000020AA428E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
            Source: AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904697594.0000020AA4520000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686341416.0000020AA428E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42FE000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907293684.0000020AA5E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)z$
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://example.org
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)r
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904792759.0000020AA4620000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905331455.0000020AA4C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4E63000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696157117.0000020AA4E73000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KSCHdsc
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KSCHdsc)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KSCHdscz
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698512509.0000020AA5173000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906838410.0000020AA5810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/brotli
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906582226.0000020AA5510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662737741.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1662893852.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1662737741.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660880810.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1660672002.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661966431.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1655065171.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1655065171.0000025C75532000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1662201849.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1661828253.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1662479092.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, win32api.pyd.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/psf/black
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
            Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904792759.0000020AA4620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/discussions
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/issues
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903574878.0000020AA3C20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel/issues
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907671337.0000020AA6100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903197755.0000020AA36A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpstatuses.com/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2022-informational
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/discord/803025117553754132
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904697594.0000020AA4520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jo%40email.com:a%20secret
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
            Source: AutoDox_Scraper.exe, 00000001.00000003.1696747305.0000020AA4F72000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)g
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://origin.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://other.com
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)z&
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://packaging.python.org/installing/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paste.bingner.com/paste/fhvyp/raw
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paste.bingner.com/paste/fhvyp/rawz
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/setuptools
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907499313.0000020AA6080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngz
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/KSCHdsc/BlackCap-Inject/main/index.js
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/KSCHdsc/DestruCord-Inject/main/blackcap.gif
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://raw.githubusercontent.com/pypa/setuptools/main/docs/images/banner-640x320.svg
            Source: AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904792759.0000020AA4620000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905331455.0000020AA4C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907396141.0000020AA5F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)z
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://setuptools.pypa.io
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://setuptools.pypa.io/
            Source: AutoDox_Scraper.exe, 00000001.00000003.1679146942.0000020AA3E0F000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1687516882.0000020AA3DA2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682179511.0000020AA3DBC000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1679772509.0000020AA3DBC000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1679035054.0000020AA3E08000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1680497948.0000020AA3DBC000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1688672766.0000020AA3DA2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681006631.0000020AA3DA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1691277595.0000020AA443C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://setuptools.pypa.io/en/stable/history.html
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907009857.0000020AA5A10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/1838699
            Source: AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA425C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42FE000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA428D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1686341416.0000020AA428E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
            Source: AutoDox_Scraper.exe, 00000001.00000003.1698512509.0000020AA5173000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)z
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/security
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
            Source: AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4E63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906367690.0000020AA52B2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906224057.0000020AA5208000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-5.3
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/r
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uber.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyS
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
            Source: AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
            Source: AutoDox_Scraper.exe, 00000001.00000003.1684649603.0000020AA3EB6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
            Source: AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1664854524.0000025C75533000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75533000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/maps/search/google
            Source: AutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2911832290.00007FFDFB294000.00000004.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.openssl.org/H
            Source: AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
            Source: AutoDox_Scraper.exe, 00000001.00000003.1696747305.0000020AA4F72000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
            Source: AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
            Source: AutoDox_Scraper.exe, 00000001.00000003.1672384100.0000020AA3A54000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1672172162.0000020AA3A2D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1672429985.0000020AA3A47000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1672429985.0000020AA3A2D000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1672521421.0000020AA3A54000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1672172162.0000020AA3A47000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903197755.0000020AA3620000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)z
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)z

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTRMatched rule: Windows_Trojan_Jupyter_56152e31 Author: unknown
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608615D6C0_2_00007FF608615D6C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608614E200_2_00007FF608614E20
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F67800_2_00007FF6085F6780
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086009A00_2_00007FF6086009A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086109B40_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60860FA080_2_00007FF60860FA08
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086011C00_2_00007FF6086011C0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086131CC0_2_00007FF6086131CC
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608600BA40_2_00007FF608600BA4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608608BA00_2_00007FF608608BA0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F1B900_2_00007FF6085F1B90
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608618B680_2_00007FF608618B68
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608602C040_2_00007FF608602C04
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60860CC040_2_00007FF60860CC04
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086013C40_2_00007FF6086013C4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608612D300_2_00007FF608612D30
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608600DB00_2_00007FF608600DB0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086065600_2_00007FF608606560
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60860FA080_2_00007FF60860FA08
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608601E700_2_00007FF608601E70
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60860D7180_2_00007FF60860D718
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086067140_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608606F980_2_00007FF608606F98
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608600FB40_2_00007FF608600FB4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608604F500_2_00007FF608604F50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086158200_2_00007FF608615820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086028000_2_00007FF608602800
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F80A00_2_00007FF6085F80A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60860D0980_2_00007FF60860D098
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF60861509C0_2_00007FF60861509C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086067140_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085F1B901_2_00007FF6085F1B90
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608615D6C1_2_00007FF608615D6C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086009A01_2_00007FF6086009A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086109B41_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60860FA081_2_00007FF60860FA08
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086011C01_2_00007FF6086011C0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086131CC1_2_00007FF6086131CC
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608600BA41_2_00007FF608600BA4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608608BA01_2_00007FF608608BA0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608618B681_2_00007FF608618B68
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608602C041_2_00007FF608602C04
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60860CC041_2_00007FF60860CC04
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086013C41_2_00007FF6086013C4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608612D301_2_00007FF608612D30
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608600DB01_2_00007FF608600DB0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086065601_2_00007FF608606560
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60860FA081_2_00007FF60860FA08
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608614E201_2_00007FF608614E20
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608601E701_2_00007FF608601E70
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60860D7181_2_00007FF60860D718
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086067141_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608606F981_2_00007FF608606F98
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608600FB41_2_00007FF608600FB4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085F67801_2_00007FF6085F6780
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608604F501_2_00007FF608604F50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086158201_2_00007FF608615820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086028001_2_00007FF608602800
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085F80A01_2_00007FF6085F80A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60860D0981_2_00007FF60860D098
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF60861509C1_2_00007FF60861509C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086067141_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC1E1A01_2_00007FFDFAC1E1A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC218A01_2_00007FFDFAC218A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD71AEC1_2_00007FFDFAD71AEC
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD5B2F01_2_00007FFDFAD5B2F0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4FAC01_2_00007FFDFAD4FAC0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD65A901_2_00007FFDFAD65A90
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD6B4101_2_00007FFDFAD6B410
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4B3D81_2_00007FFDFAD4B3D8
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD801561_2_00007FFDFAD80156
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD6113C1_2_00007FFDFAD6113C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD669181_2_00007FFDFAD66918
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD768F01_2_00007FFDFAD768F0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD7A0B81_2_00007FFDFAD7A0B8
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD7C8601_2_00007FFDFAD7C860
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD608701_2_00007FFDFAD60870
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD56A001_2_00007FFDFAD56A00
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD6C9D01_2_00007FFDFAD6C9D0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD671AC1_2_00007FFDFAD671AC
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD561641_2_00007FFDFAD56164
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD7C1681_2_00007FFDFAD7C168
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD6A9701_2_00007FFDFAD6A970
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4E9701_2_00007FFDFAD4E970
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD74F401_2_00007FFDFAD74F40
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4C7501_2_00007FFDFAD4C750
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD7370C1_2_00007FFDFAD7370C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD757101_2_00007FFDFAD75710
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD566CC1_2_00007FFDFAD566CC
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4D8501_2_00007FFDFAD4D850
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD777E01_2_00007FFDFAD777E0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD627E81_2_00007FFDFAD627E8
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD5FFF01_2_00007FFDFAD5FFF0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD5E7901_2_00007FFDFAD5E790
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD56D5C1_2_00007FFDFAD56D5C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD524801_2_00007FFDFAD52480
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD5C4601_2_00007FFDFAD5C460
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD64DE01_2_00007FFDFAD64DE0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD5D5D01_2_00007FFDFAD5D5D0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD7AD8C1_2_00007FFDFAD7AD8C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE77B501_2_00007FFDFAE77B50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADE4B201_2_00007FFDFADE4B20
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE2FAE01_2_00007FFDFAE2FAE0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE3EAA01_2_00007FFDFAE3EAA0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADEFAB01_2_00007FFDFADEFAB0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE55A801_2_00007FFDFAE55A80
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADF6C401_2_00007FFDFADF6C40
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADEAC001_2_00007FFDFADEAC00
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE6FB701_2_00007FFDFAE6FB70
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE178D01_2_00007FFDFAE178D0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADE18D01_2_00007FFDFADE18D0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE1C8801_2_00007FFDFAE1C880
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE1BA501_2_00007FFDFAE1BA50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE54A401_2_00007FFDFAE54A40
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADD3A501_2_00007FFDFADD3A50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE7AA301_2_00007FFDFAE7AA30
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE119F01_2_00007FFDFAE119F0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE479D01_2_00007FFDFAE479D0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE469C01_2_00007FFDFAE469C0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE3B9B01_2_00007FFDFAE3B9B0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE2D9A01_2_00007FFDFAE2D9A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE7FF501_2_00007FFDFAE7FF50
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADD3F101_2_00007FFDFADD3F10
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE6FEF01_2_00007FFDFAE6FEF0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE4EEC01_2_00007FFDFAE4EEC0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE1AE901_2_00007FFDFAE1AE90
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADE7E901_2_00007FFDFADE7E90
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE6E0101_2_00007FFDFAE6E010
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADD2FB41_2_00007FFDFADD2FB4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE27D301_2_00007FFDFAE27D30
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE72D101_2_00007FFDFAE72D10
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADFACF01_2_00007FFDFADFACF0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAE73CD01_2_00007FFDFAE73CD0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: String function: 00007FF6085F2770 appears 82 times
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: String function: 00007FFDFADD9090 appears 60 times
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: String function: 00007FFDFADD8450 appears 45 times
            Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: win32ui.pyd.0.drStatic PE information: Resource name: RT_CURSOR type: 64-bit XCOFF executable or object module
            Source: win32ui.pyd.0.drStatic PE information: Resource name: None type: COM executable for DOS
            Source: python3.dll.0.drStatic PE information: No import functions for PE file found
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662737741.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1659812637.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1653836624.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1650957507.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662893852.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654688239.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654802435.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1661311044.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662737741.0000025C75532000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1656651004.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1652127358.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1661616394.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1660880810.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes311.dll0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1660672002.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom311.dll0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654922750.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1661966431.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshell.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654306827.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1653050111.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1661008432.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654426427.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1655065171.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1653394133.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1653199994.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1655065171.0000025C75532000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662201849.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1652293332.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654015262.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1653676854.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1661828253.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1654556911.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1652767879.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1662479092.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32gui.pyd0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000000.00000003.1652452190.0000025C75525000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exeBinary or memory string: OriginalFilename vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000001.00000002.2909852280.00007FFDFAD3B000.00000004.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000001.00000002.2911832290.00007FFDFB294000.00000004.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000001.00000002.2903037256.0000020AA1C80000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs AutoDox_Scraper.exe
            Source: AutoDox_Scraper.exe, 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamemsvcp140.dllT vs AutoDox_Scraper.exe
            Source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTRMatched rule: Windows_Trojan_Jupyter_56152e31 reference_sample = ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601, os = windows, severity = x86, creation_date = 2021-07-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Jupyter, fingerprint = 9cccc2e3d4cfe9ff090d02b143fa837f4da0c229426435b4e097f902e8c5fb01, id = 56152e31-77c6-49fa-bbc5-c3630f11e633, last_modified = 2021-08-23
            Source: libcrypto-1_1.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9987754672181373
            Source: libssl-1_1.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9903915229885057
            Source: python311.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9991954839341692
            Source: pythoncom311.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9892076567220544
            Source: sqlite3.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9975380917952014
            Source: _ec_ws.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9978176497186495
            Source: _imaging.cp311-win_amd64.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9979985834478022
            Source: _webp.cp311-win_amd64.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.991678192284689
            Source: _brotli.cp311-win_amd64.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9940745418233082
            Source: _openssl.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9989500035072951
            Source: _rust.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9958863384955752
            Source: unicodedata.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.994346768783542
            Source: shell.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9908831870719178
            Source: win32ui.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9937741537846482
            Source: classification engineClassification label: mal88.troj.winEXE@6/113@1/0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F74B0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6085F74B0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4A6F0 GetDiskFreeSpaceExW,_invalid_parameter_noinfo_noreturn,1_2_00007FFDFAD4A6F0
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7024:120:WilError_03
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642Jump to behavior
            Source: AutoDox_Scraper.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA633C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: AutoDox_Scraper.exeReversingLabs: Detection: 47%
            Source: AutoDox_Scraper.exeVirustotal: Detection: 36%
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile read: C:\Users\user\Desktop\AutoDox_Scraper.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\AutoDox_Scraper.exe C:\Users\user\Desktop\AutoDox_Scraper.exe
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Users\user\Desktop\AutoDox_Scraper.exe C:\Users\user\Desktop\AutoDox_Scraper.exe
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Users\user\Desktop\AutoDox_Scraper.exe C:\Users\user\Desktop\AutoDox_Scraper.exeJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: AutoDox_Scraper.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: AutoDox_Scraper.exeStatic file information: File size 22072739 > 1048576
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: AutoDox_Scraper.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: AutoDox_Scraper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1652293332.0000025C75525000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmp, MSVCP140.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: AutoDox_Scraper.exe, AutoDox_Scraper.exe, 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmp, MSVCP140.dll.0.dr
            Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
            Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\python3.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1659959071.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903037256.0000020AA1C80000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB18E000.00000040.00000001.01000000.00000014.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: AutoDox_Scraper.exe, 00000000.00000003.1652127358.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000000.00000003.1652127358.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, VCRUNTIME140.dll.0.dr
            Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2909503557.00007FFDFAD30000.00000040.00000001.01000000.0000001D.sdmp
            Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1q 5 Jul 2022built on: Thu Aug 18 20:15:42 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB18E000.00000040.00000001.01000000.00000014.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: AutoDox_Scraper.exe, 00000000.00000003.1652293332.0000025C75525000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: AutoDox_Scraper.exe, 00000001.00000002.2910837813.00007FFDFB210000.00000040.00000001.01000000.00000014.sdmp
            Source: AutoDox_Scraper.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: AutoDox_Scraper.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: AutoDox_Scraper.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: AutoDox_Scraper.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: AutoDox_Scraper.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: MSVCP140.dll.0.drStatic PE information: 0xD1597DCD [Sat Apr 19 15:44:13 2081 UTC]
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC1E1A0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,1_2_00007FFDFAC1E1A0
            Source: AutoDox_Scraper.exeStatic PE information: section name: _RDATA
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
            Source: libffi-8.dll.0.drStatic PE information: section name: UPX2
            Source: mfc140u.dll.0.drStatic PE information: section name: .didat
            Source: _rust.pyd.0.drStatic PE information: section name: UPX2
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086410E4 push rcx; retn 0000h0_2_00007FF6086410ED
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086410CC push rbp; retn 0000h0_2_00007FF6086410CD
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086410E4 push rcx; retn 0000h1_2_00007FF6086410ED
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086410CC push rbp; retn 0000h1_2_00007FF6086410CD
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D4F44 push 6FFDC5CAh; ret 1_2_00007FFDFA9D4F4A
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D4A94 push 6FFDC5D5h; iretd 1_2_00007FFDFA9D4A9A
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D7679 push 6FFDC5D5h; iretd 1_2_00007FFDFA9D767F
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D4F90 push 6FFDC5C3h; iretd 1_2_00007FFDFA9D4F96
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D73CB push 60F5C5F1h; iretd 1_2_00007FFDFA9D73D3
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D7929 push 6FFDC5CAh; ret 1_2_00007FFDFA9D792F
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D45E6 push 60F5C5F1h; iretd 1_2_00007FFDFA9D45EE
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFA9D7975 push 6FFDC5C3h; iretd 1_2_00007FFDFA9D797B
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC28F28 push rsp; iretq 1_2_00007FFDFAC28F29
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC27F53 push rbp; iretq 1_2_00007FFDFAC27F54
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25F56 push r12; ret 1_2_00007FFDFAC25F6E
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25EFA push r12; ret 1_2_00007FFDFAC25F07
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25CE0 push r10; retf 1_2_00007FFDFAC25CE2
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25CE5 push r8; ret 1_2_00007FFDFAC25CEB
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC2930D push rsp; ret 1_2_00007FFDFAC2930E
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25CFE push rdx; ret 1_2_00007FFDFAC25D01
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25D06 push r12; ret 1_2_00007FFDFAC25D08
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25EAD push rsp; iretd 1_2_00007FFDFAC25EAE
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25EBC push rsi; ret 1_2_00007FFDFAC25EBD
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC282C4 push rdi; iretd 1_2_00007FFDFAC282C6
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC28077 push r12; iretd 1_2_00007FFDFAC2808B
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC2767B push r12; ret 1_2_00007FFDFAC276BF
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC2685F push rsi; ret 1_2_00007FFDFAC26896
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC27630 push rbp; retf 1_2_00007FFDFAC27649
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25C31 push r10; ret 1_2_00007FFDFAC25C33
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25E58 push rdi; iretd 1_2_00007FFDFAC25E5A
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC25DF7 push r10; retf 1_2_00007FFDFAC25DFA
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: initial sampleStatic PE information: section name: UPX0
            Source: initial sampleStatic PE information: section name: UPX1
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\psutil\_psutil_windows.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_win32sysloader.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_chacha20.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_webp.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\MSVCP140.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\libssl-1_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_strxor.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32trace.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA1.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2s.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32api.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA256.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_keccak.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_cffi_backend.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32crypt.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_ARC4.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ecb.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\libffi-8.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Math\_modexp.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aes.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Protocol\_scrypt.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ocb.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32com\shell\shell.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA224.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32gui.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ofb.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cast.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\mfc140u.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aesni.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_clmul.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_elementtree.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD2.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cbc.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA512.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_cpuid_c.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des3.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\python311.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD4.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA384.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_Salsa20.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\win32ui.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD5.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cfb.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pywintypes311.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_brotli.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_x25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pythoncom311.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ctr.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_portable.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_poly1305.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed448.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\LICENSE.txtJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F3DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6085F3DF0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\_win32sysloader.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\_elementtree.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_chacha20.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD2.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_webp.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA512.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\win32trace.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des3.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD4.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA384.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_keccak.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\win32ui.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_ARC4.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Math\_modexp.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_openssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_x25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\win32com\shell\shell.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA224.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cast.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\mfc140u.dllJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_poly1305.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed448.pydJump to dropped file
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeAPI coverage: 4.4 %
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086109B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085F7820 FindFirstFileExW,FindClose,0_2_00007FF6085F7820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6086109B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6086109B4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085F7820 FindFirstFileExW,FindClose,1_2_00007FF6085F7820
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608606714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF608606714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD4A260 FindFirstFileExW,FindClose,wcscpy_s,_invalid_parameter_noinfo_noreturn,1_2_00007FFDFAD4A260
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFADDF490 GetSystemInfo,1_2_00007FFDFADDF490
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware)
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6340000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxtray
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vboxservice
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6340000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qemu-ga
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareuser
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6340000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmusrvc
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvc
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtoolsd
            Source: AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683832185.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684717069.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllwwx
            Source: AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMwarent
            Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608609AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF608609AE4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC1E1A0 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,1_2_00007FFDFAC1E1A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086125A0 GetProcessHeap,0_2_00007FF6086125A0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608609AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF608609AE4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085FAE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6085FAE00
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085FB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6085FB69C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085FB880 SetUnhandledExceptionFilter,0_2_00007FF6085FB880
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF608609AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF608609AE4
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085FAE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6085FAE00
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085FB69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6085FB69C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FF6085FB880 SetUnhandledExceptionFilter,1_2_00007FF6085FB880
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAC23058 IsProcessorFeaturePresent,00007FFE1A4519C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFE1A4519C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAC23058
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 1_2_00007FFDFAD93714 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAD93714
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Users\user\Desktop\AutoDox_Scraper.exe C:\Users\user\Desktop\AutoDox_Scraper.exeJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DOF_PROGMAN
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6086189B0 cpuid 0_2_00007FF6086189B0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: GetLocaleInfoEx,FormatMessageA,1_2_00007FFDFAD5290C
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: ___lc_locale_name_func,GetLocaleInfoEx,1_2_00007FFDFAD6F7C0
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\PIL VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\certifi VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\_ctypes.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\_bz2.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\_lzma.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pyexpat.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\_socket.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\select.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\_queue.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pywintypes311.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pythoncom311.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\win32api.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpkni30s81 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI23642 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeQueries volume information: C:\Users\user\Desktop\AutoDox_Scraper.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF6085FB580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6085FB580
            Source: C:\Users\user\Desktop\AutoDox_Scraper.exeCode function: 0_2_00007FF608614E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF608614E20

            Stealing of Sensitive Information

            barindex
            Yara detected MicroClip
            Source: Yara matchFile source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTR
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected MicroClip
            Source: Yara matchFile source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTR
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: Process Memory Space: AutoDox_Scraper.exe PID: 5900, type: MEMORYSTR

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
            Valid Accounts1
            Native API            		Path Interception12
            Process Injection            		12
            Process Injection            		OS Credential Dumping2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Deobfuscate/Decode Files or Information            		LSASS Memory21
            Security Software Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Non-Application Layer Protocol            		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
            Domain AccountsAtLogon Script (Windows)Logon Script (Windows)21
            Obfuscated Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
            Application Layer Protocol            		Data Encrypted for ImpactDNS ServerEmail Addresses
            Local AccountsCronLogin HookLogin Hook11
            Software Packing            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names
            Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA Secrets35
            System Information Discovery            		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            AutoDox_Scraper.exe48%ReversingLabsWin64.Trojan.Generic
            AutoDox_Scraper.exe36%VirustotalBrowse
            AutoDox_Scraper.exe100%AviraTR/PSW.Agent.bgfqf
            AutoDox_Scraper.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cast.pyd4%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD4.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD5.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA1.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA224.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA256.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA384.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA512.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_keccak.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_poly1305.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Math\_modexp.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Protocol\_scrypt.pyd4%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_strxor.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\MSVCP140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imaging.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingcms.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingtk.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_webp.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_asyncio.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_brotli.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_bz2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_ctypes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_decimal.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_elementtree.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_hashlib.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_lzma.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_multiprocessing.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_overlapped.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_queue.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_socket.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_sqlite3.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_ssl.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_uuid.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\_win32sysloader.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_openssl.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\libffi-8.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\libssl-1_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\markupsafe\_speedups.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\mfc140u.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\psutil\_psutil_windows.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\pyexpat.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\python3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI23642\python311.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            paste.bingner.com3%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://tiktok.com)0%Avira URL Cloudsafe
            https://coinbase.com)0%Avira URL Cloudsafe
            https://discord.com)0%Avira URL Cloudsafe
            https://ebay.com)z$0%Avira URL Cloudsafe
            https://discord.com)z0%Avira URL Cloudsafe
            https://paypal.com)0%Avira URL Cloudsafe
            https://discord.com/api/v9/users/0%Avira URL Cloudsafe
            https://xbox.com)0%Avira URL Cloudsafe
            https://youtube.com)0%Avira URL Cloudsafe
            https://blog.jaraco.com/skeleton0%Avira URL Cloudsafe
            https://twitch.com)z0%Avira URL Cloudsafe
            https://crunchyroll.com)0%Avira URL Cloudsafe
            https://gmail.com)z0%Avira URL Cloudsafe
            https://discord.com/api/v9/users/0%VirustotalBrowse
            https://paypal.com)z0%Avira URL Cloudsafe
            https://blog.jaraco.com/skeleton0%VirustotalBrowse
            https://coinbase.com)z0%Avira URL Cloudsafe
            https://ebay.com)0%Avira URL Cloudsafe
            https://roblox.com)z0%Avira URL Cloudsafe
            https://hbo.com)z0%Avira URL Cloudsafe
            http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
            https://binance.com)z0%Avira URL Cloudsafe
            https://playstation.com)0%Avira URL Cloudsafe
            https://sellix.io)0%Avira URL Cloudsafe
            https://telegram.com)z0%Avira URL Cloudsafe
            http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%VirustotalBrowse
            https://pornhub.com)z0%Avira URL Cloudsafe
            https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
            https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngz100%Avira URL Cloudmalware
            https://netflix.com)0%Avira URL Cloudsafe
            https://gmail.com)0%Avira URL Cloudsafe
            https://outlook.com)0%Avira URL Cloudsafe
            https://w3c.github.io/html/sec-forms.html#multipart-form-data0%Avira URL Cloudsafe
            https://binance.com)0%Avira URL Cloudsafe
            https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngz3%VirustotalBrowse
            https://epicgames.com)z0%Avira URL Cloudsafe
            https://youtube.com)z0%Avira URL Cloudsafe
            https://w3c.github.io/html/sec-forms.html#multipart-form-data0%VirustotalBrowse
            https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png0%Avira URL Cloudsafe
            https://spotify.com)0%Avira URL Cloudsafe
            https://spotify.com)z0%Avira URL Cloudsafe
            HTTPS://jo%40email.com:a%20secret0%Avira URL Cloudsafe
            https://yahoo.com)z0%Avira URL Cloudsafe
            https://steam.com)0%Avira URL Cloudsafe
            https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).png2%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            paste.bingner.com
            		unknown
            		unknowntrueunknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.dabeaz.com/ply)FAutoDox_Scraper.exe, 00000001.00000002.2906422499.0000020AA530C000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://github.com/giampaolo/psutil/issues/875.AutoDox_Scraper.exe, 00000001.00000003.1698512509.0000020AA5173000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://cloud.google.com/appengine/docs/standard/runtimesAutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://coinbase.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  https://img.shields.io/pypi/pyversions/setuptools.svgAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                    		high
                    https://discord.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    https://img.shields.io/pypi/v/setuptools.svgAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                      		high
                      https://tiktok.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://stackoverflow.com/questions/1838699AutoDox_Scraper.exe, 00000001.00000002.2907009857.0000020AA5A10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://ebay.com)z$AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://docs.python.org/library/unittest.htmlAutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://discord.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://wheel.readthedocs.io/en/stable/news.htmlAutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://www.apache.org/licenses/LICENSE-2.0AutoDox_Scraper.exe, 00000000.00000003.1664854524.0000025C75533000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75533000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                		high
                                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64AutoDox_Scraper.exe, 00000001.00000003.1686588875.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1683832185.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684717069.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685641484.0000020AA41B1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whiteAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                    		high
                                    https://paypal.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    https://github.com/pypa/packagingAutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904792759.0000020AA4620000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://refspecs.linuxfoundation.org/elf/gabi4AutoDox_Scraper.exe, 00000001.00000002.2904792759.0000020AA4620000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905331455.0000020AA4C10000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://pypi.org/project/setuptoolsAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                          		high
                                          https://github.com/pypa/setuptools/workflows/tests/badge.svgAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                            		high
                                            https://tools.ietf.org/html/rfc7230#section-3.2.2AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://discord.com/api/v9/users/AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ipinfo.io/jsonAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://xbox.com)AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://youtube.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://blog.jaraco.com/skeletonAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://twitch.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://goo.gl/zeJZlAutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tools.ietf.org/html/rfc3610AutoDox_Scraper.exe, 00000001.00000002.2906367690.0000020AA52B2000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://curl.haxx.se/rfc/cookie_spec.htmlAutoDox_Scraper.exe, 00000001.00000002.2906838410.0000020AA5810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeAutoDox_Scraper.exe, 00000001.00000002.2906749691.0000020AA5710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdAutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                          		high
                                                          https://crunchyroll.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          https://gmail.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          http://httpbin.org/AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://paypal.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            https://coinbase.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/LinkAutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/pypa/wheelAutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.python.org/dev/peps/pep-0427/AutoDox_Scraper.exe, 00000000.00000003.1667004724.0000025C75528000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerAutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903060201.0000020AA1D35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ebay.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low
                                                                    https://httpbin.org/AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4468000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906076200.0000020AA517A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.apache.org/licenses/AutoDox_Scraper.exe, 00000000.00000003.1664723451.0000025C75525000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                        		high
                                                                        https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainAutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                          		high
                                                                          https://roblox.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          http://tools.ietf.org/html/rfc3986#section-5AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA425C000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA425C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlAutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA4142000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • 0%, Virustotal, Browse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://hbo.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            https://binance.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            https://playstation.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6348000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		low
                                                                            http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cryptography.io/en/latest/installation/AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                		high
                                                                                https://sellix.io)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://github.com/pypa/setuptools/issues/417#issuecomment-392298401AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://wiki.debian.org/XDGBaseDirectorySpecification#stateAutoDox_Scraper.exe, 00000001.00000003.1684649603.0000020AA3EB6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2903480517.0000020AA3A20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tools.ietf.org/html/rfc6125#section-6.4.3AutoDox_Scraper.exe, 00000001.00000002.2907293684.0000020AA5E00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://telegram.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		low
                                                                                      https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-moduleAutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4E63000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA41A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/jaraco/jaraco.functools/issues/5AutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2906582226.0000020AA5510000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://pornhub.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmAutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA4142000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.rfc-editor.org/info/rfc7253AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                		high
                                                                                                https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.AutoDox_Scraper.exe, 00000001.00000002.2903648545.0000020AA3D4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://packaging.python.org/installing/AutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                    		high
                                                                                                    https://mahler:8092/site-updates.pyAutoDox_Scraper.exe, 00000001.00000003.1696747305.0000020AA4F72000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4F0E000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		low
                                                                                                    https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngzAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • 3%, Virustotal, Browse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://cryptography.io/METADATA.0.drfalse
                                                                                                      		high
                                                                                                      https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyAutoDox_Scraper.exe, 00000001.00000002.2907195416.0000020AA5C10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-errorAutoDox_Scraper.exe, 00000001.00000002.2907098931.0000020AA5B10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                            		high
                                                                                                            https://docs.python.org/3/library/re.html#re.subAutoDox_Scraper.exe, 00000001.00000002.2903906085.0000020AA4020000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42FE000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1685359724.0000020AA42B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://netflix.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		low
                                                                                                              https://gmail.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		low
                                                                                                              https://gist.github.com/XVilka/8346728AutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://outlook.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2AutoDox_Scraper.exe, 00000001.00000002.2905237345.0000020AA4B10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1691277595.0000020AA443C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://w3c.github.io/html/sec-forms.html#multipart-form-dataAutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA4120000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • 0%, Virustotal, Browse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://binance.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		low
                                                                                                                  https://github.com/AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4D97000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698287041.0000020AA4DE8000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905516532.0000020AA4E63000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696157117.0000020AA4E73000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1698440747.0000020AA4E54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/pyparsing/pyparsing/wikiAutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA4468000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://epicgames.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		low
                                                                                                                      https://cryptography.io/en/latest/changelog/AutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                        		high
                                                                                                                        https://youtube.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		low
                                                                                                                        https://raw.githubusercontent.com/KSCHdsc/BlackCap-Assets/main/blackcap%20(2).pngAutoDox_Scraper.exe, 00000001.00000002.2907499313.0000020AA6080000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • 2%, Virustotal, Browse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://spotify.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		low
                                                                                                                        https://img.shields.io/badge/code%20style-black-000000.svgAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                          		high
                                                                                                                          https://spotify.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		low
                                                                                                                          HTTPS://jo%40email.com:a%20secretAutoDox_Scraper.exe, 00000001.00000003.1698635372.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1696270563.0000020AA4FB1000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1695581364.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904039374.0000020AA42FD000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905732059.0000020AA4F88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		low
                                                                                                                          https://setuptools.pypa.io/en/stable/history.htmlAutoDox_Scraper.exe, 00000000.00000003.1666015511.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                            		high
                                                                                                                            http://www.iana.org/time-zones/repository/tz-link.htmlAutoDox_Scraper.exe, 00000001.00000003.1681868857.0000020AA419A000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1682179511.0000020AA3EBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://mail.python.org/mailman/listinfo/cryptography-devAutoDox_Scraper.exe, 00000000.00000003.1665301315.0000025C75528000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                		high
                                                                                                                                http://docs.python.org/library/itertools.html#recipesAutoDox_Scraper.exe, 00000001.00000003.1688672766.0000020AA3E86000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1687516882.0000020AA3EA0000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000003.1684649603.0000020AA3EB6000.00000004.00000020.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2905145791.0000020AA4A10000.00000004.00001000.00020000.00000000.sdmp, AutoDox_Scraper.exe, 00000001.00000002.2904697594.0000020AA4520000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://httpstatuses.com/AutoDox_Scraper.exe, 00000001.00000002.2906924966.0000020AA5910000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://yahoo.com)zAutoDox_Scraper.exe, 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		low
                                                                                                                                    https://steam.com)AutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA635C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		low
                                                                                                                                    https://github.com/KSCHdscAutoDox_Scraper.exe, 00000001.00000002.2907865214.0000020AA6304000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      No contacted IP infos

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                      Analysis ID:1353679
                                                                                                                                      Start date and time:2023-12-05 03:30:13 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 8m 27s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:8
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:AutoDox_Scraper.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal88.troj.winEXE@6/113@1/0
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 97%
                                                                                                                                      • Number of executed functions: 59
                                                                                                                                      • Number of non-executed functions: 208
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      No simulations

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      No context

                                                                                                                                      Domains

                                                                                                                                      No context

                                                                                                                                      ASNs

                                                                                                                                      No context

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      No context

                                                                                                                                      Dropped Files

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_ARC4.pydBLAZ3.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                        .exeGet hashmaliciousMicroClipBrowse
                                                                                                                                          Jm333uz5CB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            StarryImageLogger.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                              A4AxThCBqS.exeGet hashmaliciousNanocore, Luna Logger, Umbral StealerBrowse
                                                                                                                                                Lunatic_V1.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                  DiscordX.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                    luna-game.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                      luna-game2.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                        poop.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                          poop.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                            game-test-build.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                              Impulse.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                BiteSploit.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  CapCut Pro.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    hookkee.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                      blbot.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                        safehook.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                                                          nitrogen.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            demon.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9728
                                                                                                                                                                              Entropy (8bit):6.779673675595162
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:/519kKsPOR3drvDtDvIqEk7KzmYMJHFoHkYj273QJXpH0:/57kKsWR3RvDtDvIqFmdwiHZa7gJXi
                                                                                                                                                                              MD5:68AC538957BC0D2DA3A87379451966A1
                                                                                                                                                                              SHA1:7D1EB3680FC708EAECD7A783F8A7DEC58C90AB50
                                                                                                                                                                              SHA-256:72A70D21EE05D06B05CB09447395E081689CFFE9F74C03A99CCBF5E3F0A140E8
                                                                                                                                                                              SHA-512:7D760B4642811ADE300FF02F06326AF06392F3B6C5C5B7E24E814D3612E6371DE912AB9B71962E7E4CBA0FE26E6C5F4107CDFB05C694C40656AEE0EE431882AC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                              • Filename: BLAZ3.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: .exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Jm333uz5CB.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: StarryImageLogger.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: A4AxThCBqS.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Lunatic_V1.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: DiscordX.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: luna-game.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: luna-game2.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: poop.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: poop.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: game-test-build.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: Impulse.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: BiteSploit.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: CapCut Pro.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: hookkee.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: blbot.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: safehook.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: nitrogen.exe, Detection: malicious, Browse
                                                                                                                                                                              • Filename: demon.exe, Detection: malicious, Browse
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...ba.c.........." ...". .......p........................................................`.........................................L..........\............@........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):7.071312580282178
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Hjf6CkaiGEmxFlCFNbJqCjSkYj273QJXbntX+:L6Ch3EmDlwbJqoSZa7gJXJu
                                                                                                                                                                              MD5:462356E194BD4816236E8FFF38B2EC47
                                                                                                                                                                              SHA1:BCEF4EB38D0BCA8E80B4F29B07A2FF1EEEB27CF6
                                                                                                                                                                              SHA-256:439CAABFC7278A4102E80533196975E2479C455D60FC4B0EF4777C215FC2F7FE
                                                                                                                                                                              SHA-512:6022DB16F36EB58A7930956C3F5F7C175D3A7470B96D4D54588FCFB87C0A9B4CCA76E2A93B297FB024E6144252EBDD182FC19F359831BFDCFCFF2A9396258A19
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ...".0.......p........................................................`.........................................L..........\............P..L.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):7.036270056720139
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:HXx6CkaiXcecnjMe0FXrdMIkCvOkYj273QJXhn9ndX9lk:B6ChEcGeVkOZa7gJXHdX9
                                                                                                                                                                              MD5:5668434A76F79D0365627EB843ECE5A6
                                                                                                                                                                              SHA1:FBD223BE5E9951F728B7D1A2623411B49247C500
                                                                                                                                                                              SHA-256:72D660D09379DF6026056AF5CAC1B3749C5D9BED95F75568511412EB2843C8CF
                                                                                                                                                                              SHA-512:6A909123E961CD0DAF1FA97A6D415DCC1E35F08BB462AF8E258C5A8841050265C4267731FE1FF677CDE54FF17958CF007EC6D8C07C197B81AC5012DD151EDAB3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ca.c.........." ...".0.......p..p.....................................................`.........................................L..........\............P..d...................................................p...@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):6.968468978037089
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Y11+odumclYAItbK07UmzqMtJ9CE1Z28kYj273QJX837x:hH5Yy073zqU9fDZa7gJXA
                                                                                                                                                                              MD5:9EF77E82D388E3C08B7E44BBE0DF4206
                                                                                                                                                                              SHA1:F51A5379A44476F96440F60EFDA75304FAB612C5
                                                                                                                                                                              SHA-256:E66DE66244C4501BDF925384FFA09FF5ADA0836CCE900EFDBA0A10EFD7786AAA
                                                                                                                                                                              SHA-512:B0618B9DB027609A8173D38330008A65E98D8D4E4CDAEF40585EAB88098A51CEF131302653FD67CE450D5D283CE0AE1836CF7F94DF5724465351F1EA8BBA067E
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............h...h...h......h..i...h..i...h...i...h..m...h..l...h..k...h...`...h...h...h.......h...j...h.Rich..h.........PE..d...aa.c.........." ...". .......p........................................................`.........................................L...p......\............P..........................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                              Entropy (8bit):7.478012836893718
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:jBlgLpcELbdibS+U6I08CHkg7EvsA/0uSJijH68BLvXq21uOksK+64hjvkYj273c:jT0mEndi296LQpjT621ui7Za7gJX1q
                                                                                                                                                                              MD5:D39035CCF0C99A80093FC0B500186350
                                                                                                                                                                              SHA1:51171964CCBA6C89C2B30F68AC9FC361D3B71D68
                                                                                                                                                                              SHA-256:E34473B44B27EEFDBEE626934B66F22911E7AAC7D4BD2E7D8780230C52A70955
                                                                                                                                                                              SHA-512:97AC92755BF92983368E3649AFD03B217FD5FE25F02E53E08EF4B76EF51146A02089068927D1A703993F0B9E748619D97CB42506AA0290B1FC914D1CEBF54204
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...^a.c.........." ...".@................................................... ............`.........................................L...........\.......................................................................@...........................................UPX0....................................UPX1.....@.......>..................@....rsrc................B..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):7.033352530954596
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:eX1jziP8+lCPPQFUF/ylol0uBphIkYj273QJXlEnDW:CzulCPqUFCo5BphIZa7gJX+
                                                                                                                                                                              MD5:879B55DEA815A02C39E62F10A3FD47DE
                                                                                                                                                                              SHA1:94762E176C8A3FF970C0EDE2E5CBF813529A223F
                                                                                                                                                                              SHA-256:F414036480C50877FAD092A89AB6557011210DC25152021AE5F458217B134C96
                                                                                                                                                                              SHA-512:F44F2283906CDCA23D38D6CE92424CD76384913225006AB1C6AEE5938785DA36AD2401094D95D10F8991426923F734CCCCF30368BB3C4D49E6748B56DFB69515
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........eX.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o.......o.......o..Rich.o..........................PE..d...^a.c.........." ...".0.......p.. .....................................................`.........................................L..........\............P..................................................... ...@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                              Entropy (8bit):7.09318243802972
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:H88U1i2QelKEyhXjReC6SCeiJpHzoh7JfwKskYj273QJXzHU:c8U8Dz1ESlinHzo5KKsZa7gJXY
                                                                                                                                                                              MD5:497E643C5BBF0EA2EFF7684CD91AD867
                                                                                                                                                                              SHA1:53CB22DA620EBC9EA5D8133900834060EA00D3A9
                                                                                                                                                                              SHA-256:79AD1242DA4FCE7684EEC424CAFEF80F8DB34BF1E1F406566D51E168B6BCF808
                                                                                                                                                                              SHA-512:A9C4F2B5752910061E48AC2A4B5113694DB0E21765D985209147DAF0CD55CD02334BD63340B71D18B6A2CF0C9104A4A928FF057A075DD18866DC1B9EE3EA31BD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".0..........@.....................................................`.........................................L...........\............`......................................................@...@...........................................UPX0....................................UPX1.....0.......*..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                              Entropy (8bit):7.384428397556211
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:WmM80nfSoKJZi3o0DYjHeja66Za7gJXV5:WmMTf8Z4oiYj+spl
                                                                                                                                                                              MD5:F402254DB8AB4314735094C2DD2F1711
                                                                                                                                                                              SHA1:25919BDBE4198A5410EA98D46A8CDC1517084C00
                                                                                                                                                                              SHA-256:1CA6389BD4D64CCA1F77B50D53C8DB3586C39E21858D214DBD9088CE633E86B1
                                                                                                                                                                              SHA-512:C0A5C52D8999DCA8CE39C311AB63D589F11F3C5939814365E7468A6E323237A0B1561E94A903AAB8457806F33C79EA34680A7215A37409D11787712E6697D5FE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".@..........0.....................................................`.........................................L...........\............p......................................................0...@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                              Entropy (8bit):7.582207136449051
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:2VVgiBGs0qMuLjc5XzQk+JktIzZWFjoyXfHG1L4lcX2ECZa7gJXUsI:2VCicsfFL45KJk44NoyX/CucX2p5I
                                                                                                                                                                              MD5:A6FE7B06642F25D94F22FE82B216145C
                                                                                                                                                                              SHA1:3AE29D4AD9EE137E7DA037D19F01265BE2E8FABC
                                                                                                                                                                              SHA-256:9B4E434EECA4DE04AD42239100BB92C30D28AB76BA7DA64D3126DAE1279F60CE
                                                                                                                                                                              SHA-512:3F503B1E3A76EF0973008D9ADFE844161DA1F472ABE62F02CCD3E820D024F158F98A43F9E3E6D60FEBF1CB3316A9FB87B67B02A9AF591471FC186D18E276AF57
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...`a.c.........." ...".P................................................................`.........................................L...........\.......................................................................@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):6.804068068018754
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Hs6CkaitEsE8Vm7wtukYj273QJX93Wqn:M6ChIVfuZa7gJX0
                                                                                                                                                                              MD5:4B2831906DA6BA560812F71CCBD2CC26
                                                                                                                                                                              SHA1:056A1A0251A1835C22E03B746E9C3977C0B88FF8
                                                                                                                                                                              SHA-256:F2E586D236A96E9A1F15DE48ACC988052AF63CA8408FC167EE08E2A82C3F9A86
                                                                                                                                                                              SHA-512:F89F133E61C993E05510F0257131A885D856AEFD18C934CBDE4E070B3645B1B619DB2EB92E706112AA98154BA453195F35486FFAC56731AAC38103AEB55198B5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...aa.c.........." ...". .......p..p.....................................................`.........................................L..........\............P..X...................................................p...@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):6.923956434321181
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:+IqmTnQIPnsvQPc6SltPZHloUYU9dOxLKFaEkakYj273QJXhnIQ:7DnQxvQPpSlNoUopKjkaZa7gJXm
                                                                                                                                                                              MD5:B151E41644336C2F59A6945D52D3436F
                                                                                                                                                                              SHA1:34E2B2C51F02E3A341C4B0E8E3E126283F81B1A5
                                                                                                                                                                              SHA-256:BA18AA282F38C9CFAF5FF6157ED3C99757A9BC961C41A81EEAD4C0DF6942AB9A
                                                                                                                                                                              SHA-512:6BEBB26DC1BFE0ED3AE15676E2135E13E724798B8CF260E6869FAE8CC0C10FC72C8C7E6CC6A1397FAEF6D40824BCAD96A9DF6C634437A9D0FAC67D1CC74BF5E4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...aa.c.........." ...".0.......p........................................................`.........................................L..........\............P..d.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):6.928827493233806
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:TA1e/clVEmNVPjkTnA614twLFhS3YO7C6W1CQykYj273QJX1nWX:qL1Bjul19GjW1CBZa7gJXE
                                                                                                                                                                              MD5:95BE66EA6E14A07B95F1B6DB5BBEE1CD
                                                                                                                                                                              SHA1:5B83CF724FD2CFE3B59A871B1C2B5DD648C2A54B
                                                                                                                                                                              SHA-256:120C785E929ADF492E43145C8F42563386A8E7C561B7F1081402A9F9F5D08CB9
                                                                                                                                                                              SHA-512:F10309BE8A8A397CD7EEB886FFDB7176BA0EE81E41268E68B3B5617388AB569AD2C7BF45E847C7CD43C260BC59BE112C1C5F218E6C073996D2EE5F247C8C2251
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(......(..)...(..)...(...)...(..-...(..,...(..+...(... ...(...(...(.......(...*...(.Rich..(.........PE..d...ba.c.........." ...".0.......p..@.....................................................`.........................................L..........\............P......................................................@...@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17408
                                                                                                                                                                              Entropy (8bit):7.5030750740628935
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:JroOiYb00oHet1Y8z+r99tbr4FntSKVjoqDB+JXZa7gJX3:JrpiDHm16B9RQSKCndpH
                                                                                                                                                                              MD5:550520D5B9C5F5B879982AC0C233C0F6
                                                                                                                                                                              SHA1:0551ABDE9DCE41509EB7F10F7BDE62744C2EACC2
                                                                                                                                                                              SHA-256:F4046B948339BCF509DBCB42106B492FB4A7FC19AA0596DAA5EC6F69188571C7
                                                                                                                                                                              SHA-512:0EACC4DE4234341430FDE3FAC7892A401C9274C00D23C01BC298367B408081E1D37150F5A1CC05F274366B8854C13611B64C07414952A0EFD56645DD3AA26A9F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".@..........`N... ...................................p............`.........................................Lb.......`..\....`..........l............b......................................`Z..@...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):17408
                                                                                                                                                                              Entropy (8bit):7.49000624437154
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Ui2ro6lR7SFGwYfpWEv0Bv2MZcEQ/PlC79tzA0DW6mLey9khVIsuEgBkYj273QJR:EroO1wQv0BMJr0DW6EeBrgBZa7gJXh
                                                                                                                                                                              MD5:ACE1564B71A3E490C790DB93A9BA75AB
                                                                                                                                                                              SHA1:4C4548F1F5036F890EA9AF0FD21A3B3119BCAEC9
                                                                                                                                                                              SHA-256:717E7097044C147DB6ACFB686E281091455F8A012A3960449D88FBD1CAAA1147
                                                                                                                                                                              SHA-512:80A473F9EBF01BC428E9075BB4478CE21FC61B78AA22BB062020A7FDDA1BD979CDBCADA3632FD6AC301B28C98739CB2B0627F8A4D4FDA5522EFDE316E96CAEA0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3.ANRg.NRg.NRg.G*..JRg...f.LRg..*f.MRg.NRf.hRg...b.BRg...c.FRg...d.JRg...o.ORg...g.ORg.....ORg...e.ORg.RichNRg.........PE..d...`a.c.........." ...".@..........0N... ...................................p............`.........................................Lb.......`..\....`.......................b......................................0Z..@...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9216
                                                                                                                                                                              Entropy (8bit):6.811762486326576
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:751aJh9fUQeV9tUhHQBawkYj273QJXpHjH:75k9s9tSHkawZa7gJXJH
                                                                                                                                                                              MD5:C493716C33F4078A3784EFD5E6D8D7B7
                                                                                                                                                                              SHA1:C80237C7130036ADA30A0AF9CBB3C83A31AAA0F3
                                                                                                                                                                              SHA-256:BCB8976FF5A25B85D9F860F53626CD3C98F39E8E0615E5A84972B41B7AA3E4EC
                                                                                                                                                                              SHA-512:2C3E94E8AC1406A8D097CB6C8EA59BB68A908560CE35580D8B7049C4F169C142121F9181400135A3FC9248D3B55AAC9172DD149D30B183567880FDC31AE38148
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ...". .......p........................................................`.................................................................@..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15872
                                                                                                                                                                              Entropy (8bit):7.405845115397349
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:lmM80n0sH6HhpbHIQ5TsgOnLC9DS4pf1ESZa7gJXXn:lmMT0tzIQ5AgYmS4pf1dpH
                                                                                                                                                                              MD5:CB9886E65168FC93C9FB08DF115AB2D3
                                                                                                                                                                              SHA1:A44863E9FA31BE2E811A1F2C96B5BAE248BEDAFD
                                                                                                                                                                              SHA-256:5C51B8D38550AB7F91DAF2F9AFDAC5F3D52CCDB1229776546D1DC43FD1842898
                                                                                                                                                                              SHA-512:4E4A32EA18A6955B7FFAE638F8E678488D3C511B376251AD51259BB716976EBC4AEE26ACB37CC10E1364A8A48E60B3538DE81A986AF05C302B555463F31B8088
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d..._a.c.........." ...".@................................................................`.........................................L...........\............p..........................................................@...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                              Entropy (8bit):7.026168759716101
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:C7E3adl/1JXscT11V9X8IdxqX+74RB6qT/lZ5kYj273QJXRH7I:C8IXn11V9RrHkz6Y5Za7gJXC
                                                                                                                                                                              MD5:66806E0ADC5F122707E882886880CAAC
                                                                                                                                                                              SHA1:6E9348329002A8C385E79DF398DCB36AB0373BB2
                                                                                                                                                                              SHA-256:3A4424726A3DB7E6677EB13639FBFBD89CE0C30BED1BD838EFE008C18B721067
                                                                                                                                                                              SHA-512:9956B0B412680EEAE14F098DE60490CBC411F6FB40C42ED687E1D539BB7255AC645387E2B43CE9ECF226E50677B3FB300576FAC03B0206223ADFA5A8D38096C9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...ba.c.........." ...".0..........`.....................................................`.........................................L...........\............`..............H.......................................`...@...........................................UPX0....................................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):6.739029477037311
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:HOE6Ckai65ePzhVTL8Q5xhfXkYj273QJX93a7:X6ChJstpDxhfXZa7gJXw
                                                                                                                                                                              MD5:3DD725D468E7835F9FCE780EE81E86FD
                                                                                                                                                                              SHA1:08193DCD4D353BFAA0C18AAEF5E906CD7BE2D2CD
                                                                                                                                                                              SHA-256:579B8B07EB0EB02F3FD276FF26D06B952988804A4E860AD966F83A9DEEFE7E7E
                                                                                                                                                                              SHA-512:2820AE8D06F6C5CC5E21EB5C5934C35903FE63B62C161FD5358481AC052C5663B38975FC39E701C8FA061E72AC824E480CFAF74EA92B9887F2D7386514992008
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...ba.c.........." ...". .......p........................................................`.........................................L..........\............P..X.......................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                              Entropy (8bit):6.968244218519296
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Hlmg6CkaiGp4OUdGyXOidiPFiVEekYj273QJX1ngtuG:F96ChtCOesPheZa7gJXyc
                                                                                                                                                                              MD5:3EC522B260DF73C503FC596FA5419907
                                                                                                                                                                              SHA1:237AF44AA7B72B3C26FE4D739CD58F4758ABC622
                                                                                                                                                                              SHA-256:744DB21C277F0A527D35D70B1A987422E31D78BC772F68B6BEA980613933CE05
                                                                                                                                                                              SHA-512:5A22EF55ADEFDF9EE4D73F31C667401E4EDF52031086F1CF75FDCB8EFC8B5915DE850546983CDF9B175E20517AE46C534EE2BBB9D8D6226E96DBB9B8918FD125
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p........................................................`.........................................L..........\............P..@.......................................................@...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc................*..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):7.137540450114373
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:H3R1U5KE2S8oKi7hn8QEcJtFnlZlmJ6pcfUcqEQbxwl22wUF2uXkYj273QJXinHp:8K1S8oh7h8BcJ5ZlmYcfUcqEQb2lzFPL
                                                                                                                                                                              MD5:87A9B08FC098B8943509EF0F3E37462B
                                                                                                                                                                              SHA1:254851AECBC662E6C25C4AC96CFC8A0B6F8A4540
                                                                                                                                                                              SHA-256:69D4B168DEBD4734E43B6C400CACC200E441CDB266E5441D62019A20E8AF9AD6
                                                                                                                                                                              SHA-512:A008FEAE64CC2796FFC413370E14563D09CD9D2745F623E7183F7298F6ECB7082AF247AB072446C5E736143BA279A79B8084F56540411D3D40BA335FF4B3D699
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p........................................................`.........................................L..........\............P..@.......................................................@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD2.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):6.9338558562650014
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Ctz11+odumclYlXkeQ67WsVa6b0/XovtI2u5HkYj273QJXinoNwWB:CcH5YmexVrblvl6HZa7gJXvN1B
                                                                                                                                                                              MD5:E2B94F17715848F54CFE006886636E47
                                                                                                                                                                              SHA1:4F0ACF1F99DB4DC8A09D81DBF3A4B81A38329910
                                                                                                                                                                              SHA-256:A49DA45FA568B71BF698B097965AB26115201478820895031D26C9A0654A0396
                                                                                                                                                                              SHA-512:F7FC2A60C98BFF59681FB2B47570F7376512C3677CE0CDB80A30B5C1D421B8D3748B702434034BD9BF90F4B295EDFC6893A74E99C2C23660565FEC1BCE12ABC3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ...".0.......p........................................................`.........................................L..........\............P..(.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD4.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):7.041317439451601
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CkOgkM1OqY2hQbIGcKqV31LGT63hjvYz4kYj273QJXbn13Fw:Cbw/hwI2q11Lns4Za7gJXRVw
                                                                                                                                                                              MD5:FA0489C040CC53FF8068D5A680B08F50
                                                                                                                                                                              SHA1:8DED1A4FBCBA0E42ABEEC603304DF5A780667A97
                                                                                                                                                                              SHA-256:A0606A21C362B0CBA93AFFBDE1F5B7EB0E181312293DBD9732D2CDE37F8E9447
                                                                                                                                                                              SHA-512:F5932B2807971E3FEE458E5F763630A125FDD23275732E176E736D6860DE93361CD77D90F7F026ABE3ABC56E82A3BE1C2F87DDB210953A6DC7FC95A704A69FBF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Va.c.........." ...".0.......p........................................................`.........................................L..........\............P..(.......................................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_MD5.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                              Entropy (8bit):7.128890736117439
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:C1IM1qextX4NJ9Lx8ZTZUaiQgp0AdXeST53lHA3kUkYj273QJX0nGy:CMkX4NJOTmQg1dXeS1NA0UZa7gJXp
                                                                                                                                                                              MD5:44C0CE35783AEEE0FB77DA36C2BBC452
                                                                                                                                                                              SHA1:416D3B5F66626DE9DEB84EC7223CBE1CF6BC5DA7
                                                                                                                                                                              SHA-256:2895850242C0145031A5B07ED625466450CB30E621BF61DECEE04467F092CCCF
                                                                                                                                                                              SHA-512:B8E6143F3361AC162316DC8EE920B1B4C4D7C806BDDFAA80C68E87C6AE7ABB3E26799E08EC32B41440EB7DB7BCEDC45814EA6ECBD8B4206B990101B5C2BDA355
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...".0.......p.......................................................`.........................................L..........\............P..X......................................................@...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):6.899684583977903
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:HoY6CkaTs6Ac86kwsvQrehMrP+pekYj273QJXhn9n7:76ChT1AjzQa6P+peZa7gJXH7
                                                                                                                                                                              MD5:C0EB7C2B99FAA27064999C72AB849AE5
                                                                                                                                                                              SHA1:302A4FDFDEA85A2DA4A9704315530CD651F807B7
                                                                                                                                                                              SHA-256:685899727CA5ACB10FAD6106BE0DDDAF2BA6A00C136A1551E18FC0C72EB275EE
                                                                                                                                                                              SHA-512:EEF3D31E0A091F0391C0CB700EFF3A92E52C6B3E600D0A1CF734185D292E65B1A515F790C43D123C36A08756BC3BC737F902E0BD4FF12C88BB3BFC7141A4C7D0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...\a.c.........." ...".0.......p.......................................................`.........................................L..........\............P..............$..........................................@...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                              Entropy (8bit):7.233038575084203
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:ClIXn11ON21FUOyquRmMS17VCgHgUyZa7gJXP54:ClQ11a21FYjRmMAVUVpf
                                                                                                                                                                              MD5:BB970B937B9912464E14A6BCEA311FD1
                                                                                                                                                                              SHA1:956B81B625A3A8B51B1C7E08BB4A7BA46AF5D2F4
                                                                                                                                                                              SHA-256:86638021B80429DCB95E3FD6E185C9B8B96A3AB009D6D47D65107CE265005555
                                                                                                                                                                              SHA-512:1E5B6EAF9EB9B0943F417A75897AB1A0F2EBEA9DED5675FA818C04FE0DBFBE2FB37AC1E69D4EAF16B28B374F4ED65F94E7FCEAC086B9754834D99809F2C68DB0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Wa.c.........." ...".0................................................................`.........................................L...........\............`..X...........$...........................................@...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                              Entropy (8bit):7.285838536056927
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:CMPTNMvsMA5oqMs6C5JWBCZA6Za7gJXD:CMpMvsbtqwlpz
                                                                                                                                                                              MD5:08E16678CDA0E0C405823569AA44E4D8
                                                                                                                                                                              SHA1:6CCD1FB7A41410E26E3531C615E7F14B781DDF93
                                                                                                                                                                              SHA-256:EC779A63E18B120ADF3FA8130D10089F33EAF0EE227CA28EDAF0D2740617E556
                                                                                                                                                                              SHA-512:BB96E7C3485864EB56D823C46FADA84B4D3A4B8A6C913CB320CE578B177FA04DC1B760B924293CB7C0307FFFCF7BBDB091DB7E255B8DEDA21EEA6605D9DFB448
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Ya.c.........." ...".@..........P.....................................................`.........................................L...........\............p..............4...$...................................P...@...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                              Entropy (8bit):7.298395302374216
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:ChPTNMvsMA5oqPFQrVLOhFsCpem8EZa7gJXD:ChpMvspFQRihFsCpTpz
                                                                                                                                                                              MD5:C830A26E0B251978F15F395ACD140D7C
                                                                                                                                                                              SHA1:CB620E657736414B1050BB911996C1826D895EAF
                                                                                                                                                                              SHA-256:137624E5D145FAD04B41F3D540EBB032883862486C1A126085A67B3862FA7919
                                                                                                                                                                              SHA-512:AB6BD7A48B9AEFA1AC30BCC8316511D1AB3ADA25BF6D58E01637E50C020E9E56D41CD33C5295BE56E0F736BC673B0374C73798B76B79DF6100F32B8175011C2C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Xa.c.........." ...".@..........P.....................................................`.........................................L...........\............p..............4...$...................................P...@...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                              Entropy (8bit):7.382314824353844
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:C7Kaj0o+l4vgQDD7pvJhEkgEK9Za7gJXt:C+MDWoFDnpvWRpd
                                                                                                                                                                              MD5:6A6CAF12284C5BD45789105FBE3EBB38
                                                                                                                                                                              SHA1:E70156EE92D683D54B6B3E8005394141D9FB586C
                                                                                                                                                                              SHA-256:4A3CAAE06DFE7EC5D5B98952C123971C54A8F45340EE8D34732BBF49A3E8BFFA
                                                                                                                                                                              SHA-512:882792F6B9B7E1E508F259290C2DB4EA5039F6D6BB336A178D9F773F804E8BFD249D5E2CE8346D168781C6A253575FA369A4889041A899E2ABF8FAE53EB35A42
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...Za.c.........." ...".@................................................................`.........................................L...........\...........................4...........................................@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                              Entropy (8bit):7.451386498909856
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:CMKaj0t9/BuZh2MulpDvqyGxRvZa7gJXU:CxMw9/BMhruKyGxlpE
                                                                                                                                                                              MD5:0E6CAE6BC59992162A3AAAB0EA2C3B65
                                                                                                                                                                              SHA1:42569C1C1F919202695C717E164CFAE67F687524
                                                                                                                                                                              SHA-256:40383A09EA335EEE1F76EE0B4B60348737D4F6573151090CDBAB8EDEE3FF72A4
                                                                                                                                                                              SHA-512:CC9CDD81ACAB3C86BB826F7C6766A31F2A3920543DB8BBCB0360354042FE83FF04FB595B5093E8C7DE6448CFEBF3972CED2D6EE57024B6F55BE471D69146C821
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".@................................................................`.........................................L...........\...........................4...........................................@...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):6.777084428050441
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:L1U5KEc/Y4ELhbko1JQdwXjSkYj273QJXunrhm:CKX/shnQdMSZa7gJX2
                                                                                                                                                                              MD5:93A7118DCE3083BEE98968FF821FC773
                                                                                                                                                                              SHA1:114C821A1A7E4FBD88969D0BF2C7D4E56B6287C9
                                                                                                                                                                              SHA-256:0F482484AB4957849ED3BFDACBC18C7B47C0F381214C2DE9FA760DF345657E82
                                                                                                                                                                              SHA-512:94914A71ED619D0DCFDC2C5401A8BC0A3C4C1EC0A2B2AC299B75E01A36F13E74E21D65C9B740BBEF4B08945C4DF05F18F622628E98FC9AF6D22DF251AC6796E5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&...H...H...H......H..I...H..I...H...I...H..M...H..L...H..K...H...@...H...H...H.......H...J...H.Rich..H.........................PE..d...]a.c.........." ...".0.......p.......................................................`.........................................T..........d............P..................$......................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                              Entropy (8bit):6.807231792263365
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:HvU1U5KEc/Y4EL94AxD97FkYj273QJX8nzB:nKX/s9D97FZa7gJXo
                                                                                                                                                                              MD5:ED87C4130AFFF11D0C34B6B421E22904
                                                                                                                                                                              SHA1:8F5A8CA4D128CA10A274394839DDAC5E709379A1
                                                                                                                                                                              SHA-256:CD63825F07A8550297A9FE5078E7D6E201DDBEDB879047154D4BAA0C631C5E4C
                                                                                                                                                                              SHA-512:DD1D144C686F8DD5BEC4D544014AC74E5BC8B9ACD13696A3000DCB1384107E4AE8B3DD6FF8D50A211DD859BAE802A208CB9F1FABECC90637EC67A0A95BE0F811
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........EY.o+..o+..o+......o+...*..o+...*..o+..o*..o+......o+.../..o+...(..o+...#..o+...+..o+......o+...)..o+.Rich.o+.................PE..d...]a.c.........." ...".0.......p.......................................................`.........................................L..........\............P..X...............$......................................@...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_keccak.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                              Entropy (8bit):7.05184401171502
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CZ11ole1gwA1QapW0MEGqvjtv7ovK+u8NsS1mZKQ4kkYj273QJX0nFoD:CAe1rwtph4q7JoSb8N5cKVkZa7gJXqo
                                                                                                                                                                              MD5:9D16D93B6D2EA6D8191B0E8348C93A4F
                                                                                                                                                                              SHA1:37F08556D67CB199E2B8AB31926EDB86395595D2
                                                                                                                                                                              SHA-256:9523F8BEE0A05C1668AEAC1BCB3138BD1D8E4C7DECCADFF95CC6B9ADDE1AE5C9
                                                                                                                                                                              SHA-512:DCBF28CA5F0B211334299081C00E34832A22B310AC43536A1FC011B7A6A7D9D9EC6FD090FD462544CB851690CC61EE64F29543721588259CE94D0535AD407D14
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...\a.c.........." ...".0.......p........................................................`.........................................L..........\............P..p...........@...........................................@...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                              Entropy (8bit):7.01171721026056
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CZK11I5c1918YWN+ZnOsrjHDSyPrmnbNnYyDSIkYj273QJXtn7I8:CmYcfWYWJsrTDSKrmbaIZa7gJXe
                                                                                                                                                                              MD5:C4CF77AE2D7A86CB73CE3C6600450BA0
                                                                                                                                                                              SHA1:86B57D61C2C590D255AC8A1D4637D5D663C62844
                                                                                                                                                                              SHA-256:2CB57DF2BBED24E2F743977C88063A13D98FAF83B3CC700DB7FB5A398F42C619
                                                                                                                                                                              SHA-512:DD0BE4046062F73E627BB63CE8ABD96F2F4BB7FEA121C09F8601A0C35A948EC071E8363E7941BFDE016C5B80D4EE91394291EAB89FD7980B548AF3D70576DD94
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%Y.oK..oK..oK......oK...J..oK...J..oK..oJ..oK...N..oK...O..oK...H..oK...C..oK...K..oK......oK...I..oK.Rich.oK.........................PE..d...^a.c.........." ...".0.......p..`.....................................................`.........................................L..........\............P..|...................................................`...@...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Math\_modexp.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                              Entropy (8bit):7.5176452580333955
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:VVIehK2iflZpwNAFvzReHErimGpOqQ8lxiFviBaDOA5dcZa7gJX3W:VVruHdRecEJlw58A52pHW
                                                                                                                                                                              MD5:45C8CBC4F64684E70DF4CFCBE5FA340B
                                                                                                                                                                              SHA1:E64571753EC3BBC6353220E1EEAF5DA2306CA44B
                                                                                                                                                                              SHA-256:D50D18464F9B14831AC3222B4FA3812AB0AE33F973D24885A8128F6F03CFA815
                                                                                                                                                                              SHA-512:43357EF028F1EA6B7EDB311F286A10063A69D120EE3238B5467377347F83566FF06B356F0A0E105880B392A3889924B65B2C725A03750C284E947B5C604F0845
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...la.c.........." ...".P.......... ........................................ ............`.........................................L...d.......\...............$................................................... ...@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                              Entropy (8bit):6.815917926976296
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:d1Qxmkp6kBsHaEDzSbbc6PpnXJoBQLhkYj273QJX43OKK:8bsHaEabcSJLhZa7gJXV
                                                                                                                                                                              MD5:6C8E1EEE5D263A75E4F5E7668B1059D3
                                                                                                                                                                              SHA1:AF2D479071FF5CA1A28E1406D4A028637204ED1C
                                                                                                                                                                              SHA-256:8CD0E14D8F7C71308A8A24CF665F68A01E28A822BC4545D148773748B79B1F6A
                                                                                                                                                                              SHA-512:DFD38490EFC84191B741BA3C66005F037EF16C3975D2898D46C01D9C8CB203AEBAD7E26AD19541E41D558050AB3FF2FCC623E07A0E94E342B8A3438691D97582
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................;..................................................................W.............Rich............................PE..d...ca.c.........." ...". .......p.......................................................`.........................................L...d......\............P..4......................................................@...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):638976
                                                                                                                                                                              Entropy (8bit):7.998445584874923
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:12288:outRJVHFtuPQ5Yi66r+uWMkf51I6NqAvPBTd74LlSSgdd:xtRfltQiFrhWMkf53tvUhk
                                                                                                                                                                              MD5:DE51BC16180F17B32AA8F1588B28D76E
                                                                                                                                                                              SHA1:D03FC03C4DDA8ED8194EC50668F21B652A673BC6
                                                                                                                                                                              SHA-256:815AA0E2497D626A5E1256F1672974DB38D6178C7E4AB52339DDCE5FF98FF177
                                                                                                                                                                              SHA-512:9D6683C28DBE7F8C5611AE2FC850D7567BD0D7A7DF0A56885090BA393FAA58093099C268C541C09A5623987568E752E74E3D44C4FFF0D0EDC1497B2625FFABCA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$..L$..L$..L-.#L"..Lk.M&..Lo.M'..L$..L...Lk.M(..Lk.M,..Lk.M'..L..M!..L..M%..L..OL%..L..M%..LRich$..L................PE..d...ha.c.........." ..."......... .......0................................................`.........................................L...d.......\...............l.......................................................@...........................................UPX0..... ..............................UPX1.........0......................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15872
                                                                                                                                                                              Entropy (8bit):7.441303385932774
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:j/6Y6GuC70NwWjL95yqC0AG1WOZa7gJX0:L6UB7ewWOk1Dpk
                                                                                                                                                                              MD5:42242C782D5C84822E4EF6685A5B554D
                                                                                                                                                                              SHA1:64ED78284127F91C534B0B603794AC6124F6990D
                                                                                                                                                                              SHA-256:768D85769BF69F21DB43183399FB4E41295E1AAC10ADC1CA745B8E42AA43138F
                                                                                                                                                                              SHA-512:229895437C9A654BF8D75A95ECFE4C747F515904F8739E52DDF0D2878A4545CBBDCA1C024A341D0E52A7C18B0F902D0B75A3D7BA52B83A48592BF5C4925AFD00
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.o...o...o.......o.......o.......o...o...o.......o.......o.......o.......o.......o....t..o.......o..Rich.o..................PE..d...ja.c.........." ...".@.......... .....................................................`.........................................L...0.......\...........................|....................................... ...@...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):27136
                                                                                                                                                                              Entropy (8bit):7.713009870356266
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:f+U1/EIha4hI63riOlt0IVQNv3sdIHaOyyFOHBjXuwtd1INmDwvrFDD1Za7gJXP8:f+U1/jhVhd3riwKMTFJluwRE9Bpf
                                                                                                                                                                              MD5:AAF8CBEA82A8C2295471323E00A06D1B
                                                                                                                                                                              SHA1:20B8B8CD63C3F460B38CEAA2B794CF9997893896
                                                                                                                                                                              SHA-256:7BAA9B69237A26BA2ED44BCE888A51731961CF1CAC4F3754AF66C6366DBC2882
                                                                                                                                                                              SHA-512:D2F6CA0513091D52FB4992DC36099F72D2B6060D839DD2F25B4ADB5F0EE994A1265097381CC78502E4B546D343813D9097DBC55C44FF30C130D0CCCEF3800173
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..|.../.../.../..Q/.../G....../C....../.../#../G....../G....../G....../....../....../.=/.../....../Rich.../................PE..d...ka.c.........." ...".p...........s... ................................................`.........................................L...h......\............0..$...............$.......................................@...........................................UPX0....................................UPX1.....p... ...b..................@....rsrc................f..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9216
                                                                                                                                                                              Entropy (8bit):6.718175058984262
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:g51aJh9fUQmKaF3wB0S57T2kYj273QJXpHDa:g5k9C3a02T2Za7gJXpa
                                                                                                                                                                              MD5:7A5DF30CFBDE988CECD8BBD435AEAC1B
                                                                                                                                                                              SHA1:DB17FA448DC604BF1F19CDE16AC6DCC3431F56B8
                                                                                                                                                                              SHA-256:67F24062D0529F5C1B1F3F5D24664E2B4C89855DC847F5508BB587E47EB2CFD4
                                                                                                                                                                              SHA-512:AD0490B2E569AB8B59C60986BBEEE4B29456E7C84FF5D9CCF64CD4040796A247859316AE86C31222BEC83FCBF2758161659B1B5E15208A6059CC2BA6994B12CD
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6!.bWO.bWO.bWO.k/..`WO.-+N.`WO.)/N.aWO.bWN.FWO.-+J.iWO.-+K.jWO.-+L.aWO.+G.cWO.+O.cWO.+..cWO.+M.cWO.RichbWO.........PE..d...ia.c.........." ...". .......p........................................................`.............................................P...................@..............P...........................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9216
                                                                                                                                                                              Entropy (8bit):6.761001489588359
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Y51aJh9fUQeQT3VmqRhFkYj273QJXpHT:Y5k9xrVmqjFZa7gJX5
                                                                                                                                                                              MD5:BCC9E4217178CA01C69647BEEA734C2F
                                                                                                                                                                              SHA1:E54BE080AD9D08DAF4488386CB821C63BF43029B
                                                                                                                                                                              SHA-256:8A3D0F822FF40C88BD3E695F43304D460CCFE4CD58E31E035B973D1C93445A10
                                                                                                                                                                              SHA-512:6E526D94C26C2DFBF1DEDF3DFC01B4EF19A58A4EC4DC2C0C50181F87AE49A27D33A2F9FA7F6B8D72FD0EAC1A1E8F8D09327A4BEBE569EB6A47FEEEBD8B31EA73
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...aa.c.........." ...". .......p........................................................`.............................................|...................@..............|...........................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\Crypto\Util\_strxor.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):9216
                                                                                                                                                                              Entropy (8bit):6.757888038963563
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:kxaMhzoscluM6bSM3cVhqj0rrp2C0hCLkYBbPJBj34lVhXg246ae7sXtpHqrd3eo:9PWbS6Uhrl2DCLkYj273QJXEHjH
                                                                                                                                                                              MD5:23EC6631F0FA34271322B7C9E51A1FBF
                                                                                                                                                                              SHA1:617DEC0E862656DB03E1B0BEC810870EC63214CC
                                                                                                                                                                              SHA-256:FFADECB188F2D41D9EFBAD95AFCEB785513B2F3427AA9E36167F707DA25AC9CB
                                                                                                                                                                              SHA-512:10C9460B0A2A196F4BD2B2C0450326AF878FD0476C3056CC73D53C73E6D12438BE040E96130CC105AE6D959A12A29D40147E84C4FD9CEE8D96E048E8A8B37008
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&6).bWG.bWG.bWG.k/..`WG.-+F.`WG.)/F.aWG.bWF.AWG.-+B.iWG.-+C.jWG.-+D.aWG.+O.cWG.+G.cWG.+..cWG.+E.cWG.RichbWG.........................PE..d...ca.c.........." ...". .......p........................................................`.............................................t...................@..............t...........................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\MSVCP140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):579920
                                                                                                                                                                              Entropy (8bit):6.52239950023068
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:12288:LrkOYDWQRan8Rqpp8v4cTbu/nVfKgn+6aFoVmUPyGcNz+QEKZm+jWodEEVGmHHl:L1VmUqcQEKZm+jWodEEk4l
                                                                                                                                                                              MD5:0929E46B1020B372956F204F85E48ED6
                                                                                                                                                                              SHA1:9DC01CF3892406727C8DC7D12AD8855871C9EF09
                                                                                                                                                                              SHA-256:CB3C74D6FCC091F4EB7C67EE5EB5F76C1C973DEA8B1C6B851FCCA62C2A9D8AA8
                                                                                                                                                                              SHA-512:DD28FCA139D316E2CC4D13A6ADFFB7AF6F1A9DC1FC7297976A4D5103FAE44DE555A951B99F7601590B331F6DBB9BFC592D31980135E3858E265064117012C8D5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@\...\...\.......X...U.%.J...\..........Y......T......X............].....I.]......]...Rich\...................PE..d....}Y..........." ...".H...Z.......3....................................................`A.........................................B..h.......@............... :......PO...... ...@...p...............................@............`...............................text....G.......H.................. ..`.rdata..\....`.......L..............@..@.data....8...@......."..............@....pdata.. :.......<...@..............@..@.rsrc................|..............@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imaging.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):748032
                                                                                                                                                                              Entropy (8bit):7.998395351788842
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:12288:6Vv/9HVvq+3oKLmkimVTuHAhIS5RLPCuHw7oE7UgmXQQdQb+GvS5/42mQC0U820R:6VHfvT4ieSTyAOSLbCuHw7R7luNfG655
                                                                                                                                                                              MD5:56A153A211EF11BED940CF36662738B7
                                                                                                                                                                              SHA1:5A3DBCAC6E813E153EFDAEFFDCEB3BDFF009C1F9
                                                                                                                                                                              SHA-256:4CC27B746E86F5FF840736E217F89EBA057C034959694387EDDEEDF2E909EE61
                                                                                                                                                                              SHA-512:B045C74C6A160A94DE35584DC03F21BA3CBB7FEB6B05894BC1EC933B7EF3DF48DCCC82C6D8A84136FFFD866E03B65BE0EEA967097093BFB9D1BF0BBDF205B282
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........i v..N%..N%..N%.p.%..N%.tO$..N%.t.%..N%.tK$..N%.tJ$..N%.tM$..N%9tO$..N%.pO$..N%..O%..N%..N%..N%GtJ$s.N%GtF$..N%GtN$..N%Gt.%..N%GtL$..N%Rich..N%................PE..d....&.c.........." ...".`............$.......................................%...........`...........................................$.`.....$.......$.......#............. .$.......................................$.@...........................................UPX0....................................UPX1.....`.......`..................@....rsrc.........$......d..............@..............................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingcms.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):96768
                                                                                                                                                                              Entropy (8bit):7.951639334526521
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:JX5np+kORIp6JPJCiHqrexXVkrm+ASWORdgz4QF8jMCk0hFMFsXsd36jpE:vp+kOekxxHqyhViBbWOvg/F8jM6FMFs5
                                                                                                                                                                              MD5:B409825693BC966C586F8C98CBA5DAF6
                                                                                                                                                                              SHA1:0F611CF42A6A65F79BD68ED5B1378327F9CC4528
                                                                                                                                                                              SHA-256:9A601D004718FFD953E6F55B3442B0272A16AAB0C9F90ED41055B73ECD797440
                                                                                                                                                                              SHA-512:B1FAB91081E9E2C06046E833D22B85788096340DBD1760FC755376BA8E697A2BCB99DD964B7486A1A1FE3B97101E40A73DC03EEA725AAF866332F034B0DD72E2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z...)...)...)...)...)..(...)..(...)..(...)..(...)..(...)..(...)...)..)r.(...)r.(...)r.c)...)r.(...)Rich...)........................PE..d....&.c.........." ...".p...........1.......................................P............`.........................................|D..h....@.......@.......................D.......................................=..@...........................................UPX0....................................UPX1.....p.......p..................@....rsrc........@.......t..............@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_imagingtk.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                              Entropy (8bit):7.162738336289876
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:FtZLuzlsRtF3Fub4YVvfjLJ7/joL52CbF171kYj273QJXhH7qTxxf/:FPqzl8XI4avfjLJe171Za7gJXZqTxV
                                                                                                                                                                              MD5:FCA099B40B6EF2496E68FD763EC03F4A
                                                                                                                                                                              SHA1:22B85C9F33DEE9AAB596BDD36AD577070522C1AC
                                                                                                                                                                              SHA-256:194B5C105B4BBB4C2383D920B830568769A05FADAD6A11718407B907F7E2B1A5
                                                                                                                                                                              SHA-512:FFE0396BE6D6FFEE03F6166A995BCD2C0195044DC8B92B0EF1B8F1BB8315372D6156D6A572B94AF9AC5A6EAF626670F1B22ECB6743EC04943ED315E3AAEE17E1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o..E...E...E...Lv1.M....r..G....r..I....r..M....r..A....r..G....v..@...E...u....r..G....r..D....r].D....r..D...RichE...........PE..d....&.c.........." ...".0................................................................`.............................................d....................`..........................................................@...........................................UPX0....................................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\PIL\_webp.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):216064
                                                                                                                                                                              Entropy (8bit):7.987353878147903
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:Ei7lRXhY+IAOHssHsOV2LjvJqN4YnnXmgw:Ei7lRy9HsOVOj8qYnWb
                                                                                                                                                                              MD5:31AB12F785AE6A6F52A356A0C5DDC80E
                                                                                                                                                                              SHA1:2D1B2F2636A775CC43C669D64461B7E0EC3018E6
                                                                                                                                                                              SHA-256:79D7B6D7E88DF7D3D1FB6D97E2BD2D530A8D08C9C182C8248335B7544C55EED7
                                                                                                                                                                              SHA-512:7653DC352E038DF90B28D2475A7018C603C0965BD0A069B64A98EEC0B2CADA21700320A17FA37153D4D0A727DC6DC24AAB3559EEFA8F3C04BB0C5ECF0A307608
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wj..3..J3..J3..J:s(J9..J|w.K1..Jxs.K1..J|w.K>..J|w.K;..J|w.K7..J.w.K0..J3..J`..J.w.Kf..J.w.K2..J.w.K2..J.wDJ2..J.w.K2..JRich3..J........................PE..d....&.c.........." ...".P.......`......p................................................`.........................................x...\.................... ...L.....................................................@...........................................UPX0.....`..............................UPX1.....P...p...D..................@....rsrc................H..............@......................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):109392
                                                                                                                                                                              Entropy (8bit):6.643764685776923
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:DcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/Auecbq8qZU34zW/K0zD:DV3iC0h9q4v6XjKAuecbq8qGISb/
                                                                                                                                                                              MD5:870FEA4E961E2FBD00110D3783E529BE
                                                                                                                                                                              SHA1:A948E65C6F73D7DA4FFDE4E8533C098A00CC7311
                                                                                                                                                                              SHA-256:76FDB83FDE238226B5BEBAF3392EE562E2CB7CA8D3EF75983BF5F9D6C7119644
                                                                                                                                                                              SHA-512:0B636A3CDEFA343EB4CB228B391BB657B5B4C20DF62889CD1BE44C7BEE94FFAD6EC82DC4DB79949EDEF576BFF57867E0D084E0A597BF7BF5C8E4ED1268477E88
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d.....y..........." ...".....`.......................................................5....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\VCRUNTIME140_1.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):49488
                                                                                                                                                                              Entropy (8bit):6.652691609629867
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:8EgYXUcHJcUJSDW/tfxL1qBS3hO6nb/TEHEXi9zufUKQXi9zug:8vGS8fZ1eUpreA+zuTc+zug
                                                                                                                                                                              MD5:BBA9680BC310D8D25E97B12463196C92
                                                                                                                                                                              SHA1:9A480C0CF9D377A4CAEDD4EA60E90FA79001F03A
                                                                                                                                                                              SHA-256:E0B66601CC28ECB171C3D4B7AC690C667F47DA6B6183BFF80604C84C00D265AB
                                                                                                                                                                              SHA-512:1575C786AC3324B17057255488DA5F0BC13AD943AC9383656BAF98DB64D4EC6E453230DE4CD26B535CE7E8B7D41A9F2D3F569A0EFF5A84AEB1C2F9D6E3429739
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............L...L...L...M...L...M...L.FL...L...L...L...M...L...M...L...M...L...M...L..*L...L...M...LRich...L........................PE..d...%CU..........." ...".<...8.......A...............................................@....`A........................................0m.......m..x....................r..PO......D....c..p...........................pb..@............P..h............................text...0:.......<.................. ..`.rdata..."...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_asyncio.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):35704
                                                                                                                                                                              Entropy (8bit):7.635446900654345
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:cjM6N/jQdo1wvA5EPxgkplSdIPippiEIg5nzlYiSyvy2PxWEpGaf:8R0J0EpSxhIg5nzl7SyjPxt
                                                                                                                                                                              MD5:CB95A91C8B907752B69C8F12A72BC40E
                                                                                                                                                                              SHA1:1E9504A7BDC0E9ABB8BB6E39DA2BA4E0D7386EFE
                                                                                                                                                                              SHA-256:7D87702964E1E1FACA0E30325900C3F075FE7ACD05B3692F9F5E062B60E641CC
                                                                                                                                                                              SHA-512:650D1D626DF473858EAC810DC2F8697E18D91A5A6D2A17F8643F89A6215E43018852B81B82123CCE80BA21D1249258B3EEE944FB4E9571F28E1FCE6A6D7B9BC6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./TF.A.F.A.F.A.O...D.A...@.D.A...D.J.A...E.N.A...B.E.A...@.E.A...@.D.A.F.@..A...L.G.A...A.G.A....G.A...C.G.A.RichF.A.................PE..d...Z..c.........." ...".`...........".......................................P............`..........................................J..P....I..P....@......................DK..$.......................................@...........................................UPX0....................................UPX1.....`.......R..................@....rsrc........@.......V..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_brotli.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):274944
                                                                                                                                                                              Entropy (8bit):7.990175850512093
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:6144:ku+qFlSxi4ajTraqXaW7A+x+7ROe/nnDl3oCVL1ZiZO:5zShajTrBRq/h39LriZO
                                                                                                                                                                              MD5:5BA9A5CBBF540A9A1D1D809AD4A6EDEE
                                                                                                                                                                              SHA1:9ABCEA20E1415BC5232FBE20C38070722BBCF66E
                                                                                                                                                                              SHA-256:3A052089B6389F4D67C6BEF09A89B8CFC26C5A1ACC8FAA9164800893DD7ED6F9
                                                                                                                                                                              SHA-512:88E7B3EFC7F1C7FD0E540B243F85DBF2FAB1AA3A1A837788CF13D7CB1D238226F8C09714D8419B4D1EC31ABC7C2224C2CA2F244939250CC1DD9DD90DF3783EB4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NzZ...4...4...4..c....4.Ac5...4.`5...4.`5...4...5.K.4.`1...4.`0...4.`7...4.`<...4.`4...4.`....4.`6...4.Rich..4.................PE..d...q.sc.........." ...!.0................................................................`.............................................`....................p..............,...........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_bz2.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):47992
                                                                                                                                                                              Entropy (8bit):7.812920313091761
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:CwAGUM8u8APFi++4RAS8ALMNO4YsEtGUzVsXHEcs0WYxp8/IgtVuRsYiSyvSrPxT:JAG/5o+++oiwO4zsZV2HE1mY/IgtVuaI
                                                                                                                                                                              MD5:DAFA6D12DAEF616D7AFB2853D339B4D6
                                                                                                                                                                              SHA1:482EC0E8581AD99C42495FB76F42884191481399
                                                                                                                                                                              SHA-256:3260D2120DF53E7A4A3D68299E72D8919FBB956F30D92D2D0F75F055BD72262C
                                                                                                                                                                              SHA-512:9358CB9A0B728567D5800EFBB139F0FD6C4B016F2C6EF366D770F8F0ACA92EB42D5769F48F4EA11E6BF064A04FDB3901F86DB80B3F622D0EA8B8CCB1CF2C26F0
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................a.........................................t.........................................Rich....................PE..d...j..c.........." ..."............pd....................................................`.............................................H.................... .. ..................................................pp..@...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):72704
                                                                                                                                                                              Entropy (8bit):7.913737579535603
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:5e6q2sNK5mM06qJAK1HsPBQA69lvHwSDoR9K:TDswsM0B5HHvHwSD
                                                                                                                                                                              MD5:D883AF25A9673DC9EF3AB95B8727E6EB
                                                                                                                                                                              SHA1:77C1F817491857E9A67504537047B1AF592FEEA9
                                                                                                                                                                              SHA-256:F30C9CBF91A8CE81DBCA6E5AFFE3A2AC7CCDB935BF70D2A73EBA9DF5C316A131
                                                                                                                                                                              SHA-512:B1F41E79B4B407F67FEED1F6A40877DD167A0849E78880455BD70B18280371BDE943679DB6BCA7E343F74A934555AE9CFDFE26937C18DD9BB87916571BEB5FC3
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......._......C...C...C..NC...CI..B...C}. C...CI..B...CI..B...CI..B...C..B...Cz..B...C...C...C..B...C..HC...C..B...C."C...C..B...CRich...C........................PE..d...m.b.........." ..... .......@...R...P................................................`..........................................s..l....p.......p..........<...........ht..$....................................^..8...........................................UPX0.....@..............................UPX1..... ...P......................@....rsrc........p......................@..............................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_ctypes.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):58232
                                                                                                                                                                              Entropy (8bit):7.834657401012303
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:e08zlVsy6ynAPtBnMsX0drrl74SIgQPOc7SyDPxhT:gzlr6hPtBnMTPcSIgQPOcZxhT
                                                                                                                                                                              MD5:EE797CA2E9DAE16F1AFAF5350C0FE170
                                                                                                                                                                              SHA1:623A9CCBFF3A0C9416E882E0AE4251CAEAD84AA5
                                                                                                                                                                              SHA-256:3496264FA3F5CC6CC5C7F359BFB1F3A2388065F45461479CBCC6AB88601065DC
                                                                                                                                                                              SHA-512:DBB6ABC1D738C783627DB7EF9E553BFFFE7AF345F2BF0DADAA987D4CA6C883CE55AC9038DA95995C68D1691F296F20283918119D803AD1F930F04FE8BD067018
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................................................u.................D........?...u.....u.....u.x....u.....Rich...........................PE..d...p..c.........." ...".........p..p........................................@............`.........................................H<.......9.......0.......................<.......................................&..@...........................................UPX0.....p..............................UPX1................................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_decimal.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):107384
                                                                                                                                                                              Entropy (8bit):7.935585276256028
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:aiyUzaqAI1TYJnKDkRoN6i4Ig5q4CVYiHxG://AI9YJKDkRoN6iECiiQ
                                                                                                                                                                              MD5:E313E859DED9D57A93D5C9458841CF8A
                                                                                                                                                                              SHA1:D45C4FFCE746691E1EB35AB6E2432A6C7095BB14
                                                                                                                                                                              SHA-256:BD700D7B50849DCCA44AD1DF5F8CA8176FD287BA43614BC1C58A80A07A05F1E9
                                                                                                                                                                              SHA-512:227560009C898CA7AB2C0DA3885FDFA46FEC7554EEA2A914500A3E6BAA83C8861AB4585000230B80259E2C60967EACF842A13FF369AC3E6359FF2DF56796FCBC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|RTy..Ty..Ty..]...Zy......Vy......Yy......\y......Py......Wy......Vy..Ty...y......Uy......[y......Uy......Uy......Uy..RichTy..........PE..d...]..c.........." ...".p...................................................0............`..........................................,..P....)....... ...........&...........-..........................................@...........................................UPX0....................................UPX1.....p.......h..................@....rsrc........ .......l..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_elementtree.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):57728
                                                                                                                                                                              Entropy (8bit):7.85453514732653
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:0YHU3h8YD0+hYyGPAtMZCs9CqomP0etyDX+HIg1f+A7SyyPx:cH0IY1a1ACqfceQDXiIg1f+AMx
                                                                                                                                                                              MD5:9E2426692E6D7A36F019625875CAC388
                                                                                                                                                                              SHA1:4069C3CF9FEF91D38AA89629D8BCDC2B98557A70
                                                                                                                                                                              SHA-256:4B01D1EEB4374C473AB582391559801A8284C3435D190987D78BACCCEB3DEC67
                                                                                                                                                                              SHA-512:BDF7608E211C7366ADD9A4763FCA617440A2BD96C9BC4B4EFD1AEB088130D084228F6BDF5EB3F5D6484040B053BE6BDBA9233EFDD5F3A79A0A0F467D8F3E1838
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\......I...I...I..4I...IW.H...IW.H...IW.H...IW.H...I..H...I..H...I...I...I..H...I..H...I..XI...I..H...IRich...I................PE..d...Z..c.........." ...".........p..P........................................@............`.........................................H;..X....9.......0.......................;......................................P&..@...........................................UPX0.....p..............................UPX1................................@....rsrc........0......................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_hashlib.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34680
                                                                                                                                                                              Entropy (8bit):7.678051977950942
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:aMr1cXZ83zNDKJ/KDQ79/HfphrLIg5IzVYiSyvCPxWEpp2:a4nzKUQ79fHrLIg5IzV7SyKPxk
                                                                                                                                                                              MD5:9B98AB14CC78EAD3B6E25DEAA45B66DB
                                                                                                                                                                              SHA1:A49B4621A592FD1FE09BF9638917407C7DF4450E
                                                                                                                                                                              SHA-256:71C588C4D87A06ACB3275537783FF34950E6DD651365545FAC42C53ED5FBA182
                                                                                                                                                                              SHA-512:2FCE844285E7F1A8CCA88E80B132DA736FFA3EFB50A498DAF687546EA410148693EF5D31D9DA2A68784BCFD3E15E34D13C3868A90A814ECFABE006D911769CFC
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.A.>...>...>...F2..>...B...>...B...>...B...>...B...>..iB...>...L...>...D...>...>..Q>..iB...>..iB...>..iB^..>..iB...>..Rich.>..........................PE..d...y..c.........." ...".P..........P .......................................@............`..........................................;..P....9.......0..........,............;......................................P,..@...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........0.......R..............@......................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_lzma.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):86392
                                                                                                                                                                              Entropy (8bit):7.918810405808846
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:M7Zh3A5zFTPuztVVQW1AyOXEyvYsnHUZK+K+k6VgR0ZIge1Vq7SysPxGJ:+vA5utzWfXE0V0ZK+K+aqIge1VqaxC
                                                                                                                                                                              MD5:D79BDFEB08765CEDCB612CACF40CB667
                                                                                                                                                                              SHA1:9008847FB90A7BCB84D6EBBB34611022A8118CB8
                                                                                                                                                                              SHA-256:7909A4571B1AF1F5ABA469F6C2A642C1FBDC949890C96A89F4782A53A7FB5471
                                                                                                                                                                              SHA-512:D53D11E75EF590E8578AF5CB8BE71FE77930F9CFDED89C1AFA0BB1D04410432CD655D4D4287C0C7C547D9C667DBA7D2BD51ECFDA727FB312BC2C38993C1360BE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.*[&.D.&.D.&.D./...".D.i.E.$.D.i.A.*.D.i.@...D.i.G.%.D...E.%.D...E.$.D.&.E.@.D...I...D...D.'.D....'.D...F.'.D.Rich&.D.................PE..d...|..c.........." ...". ................................................................`.........................................4...L....................P..........................................................@...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_multiprocessing.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):25984
                                                                                                                                                                              Entropy (8bit):7.483615233372235
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:G1y6HNbpr+8C6P8oIh1ml35pwLfIgRtzKYiSyvWTPxWEpt:E9+8FP8oIhcl38LfIgRtzK7Sy+TPx
                                                                                                                                                                              MD5:C74169F61EC1D5FEEC87E9C749FC75F0
                                                                                                                                                                              SHA1:08FCBACDD29EB860EA50123DC9D4F457E5A52BF7
                                                                                                                                                                              SHA-256:6432A9F49D59644BF4C675767FABD16A59366AF15A6EBEE89C19E4A38FB3A255
                                                                                                                                                                              SHA-512:E5AE126F10D1FE053DD6A94CA9AF52A8B46B3D3134D00574B438C57CCFA663030FDD310218F315A46CBCDB56C70E0C745088A95F1525DDFC9F016387D3149AF8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$Z*.E4y.E4y.E4y.=.y.E4y.95x.E4y.91x.E4y.90x.E4y.97x.E4yS95x.E4y.E5y.E4y?75x.E4yS99x.E4yS94x.E4yS9.y.E4yS96x.E4yRich.E4y........................PE..d...^..c.........." ...".0..........`.....................................................`.........................................4...`....................`......................................................p...@...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_overlapped.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):31608
                                                                                                                                                                              Entropy (8bit):7.63282640122239
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:t1y7nU3hzFXN/55epdLRIgstjdYiSyvwPxWEpuI:iTU3hJR55YLRIgstjd7Sy4PxT
                                                                                                                                                                              MD5:7F766374428A6D7390724F659239CE69
                                                                                                                                                                              SHA1:C69BE06CB7D8257F42D03815164323A746C525FA
                                                                                                                                                                              SHA-256:40588139AE6EBA475E5AB00D90EED826AA374B7D335298D106DC81153142E19D
                                                                                                                                                                              SHA-512:4515F80E09281AE5BD619FB881E6A4683AC854C2C85F5D010AA2CD3600A08CCB80BDAE48320C8582DEAFE41B0A7D0996A88BCE38A66C97721C0772519D22B933
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........({..F(..F(..F(...(..F(.G)..F(.C)..F(.B)..F(.E)..F(?.G)..F(..G(..F(S.G)..F(S.B)..F(?.K)..F(?.F)..F(?..(..F(?.D)..F(Rich..F(........PE..d..._..c.........." ...".P..........`........................................ ............`.........................................x...X...........................................................................p...@...........................................UPX0....................................UPX1.....P.......B..................@....rsrc................F..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_queue.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24952
                                                                                                                                                                              Entropy (8bit):7.456910709079255
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:50Psz9rLZgNhzHjl1KyroRaiRhZa7gJXrLIg7UzNGIYiSy1pCQWvXdPxh8E9VF04:HihFq/Dp7LIg7UzFYiSyvqdPxWEpnl
                                                                                                                                                                              MD5:8B91D1DE78B7E337AD267CFEB5C22B15
                                                                                                                                                                              SHA1:F1F7D67859AD0007F1A4968A82AC0281829FA61C
                                                                                                                                                                              SHA-256:981A27EFF5E45B819C295CD669C905BEC18FAF661FB5183F255932B627D008D5
                                                                                                                                                                              SHA-512:C52EA0BEF75B33C912F089654AF75AA684FB8337D452E326A2A0A764380C35219C1B8B8C979694BFF1EB0B32AAF1DDE98DE4EC51B88E332545FF703E89EA0366
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._XF.1.F.1.F.1.O..D.1...0.D.1...4.J.1...5.N.1...2.E.1...0.E.1...0.D.1.F.0...1...<.G.1...1.G.1.....G.1...3.G.1.RichF.1.................PE..d...^..c.........." ...".0................................................................`.............................................L.......P............`..............<...........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_socket.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):42880
                                                                                                                                                                              Entropy (8bit):7.710841299108455
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:/SQ8MABQICeXD2rh0Lkl3CIm9nuwZA7hpJ7eIgQwuFOYiSyvzCPxWEp6Xg:/STieXEho1DIrl7eIgQwuFO7Sy2Pxe
                                                                                                                                                                              MD5:98B4B4B16B28CEA6BC7AD21E5B7099CB
                                                                                                                                                                              SHA1:3D68D473E621AE6F4EA8D45F009D76FD31754A97
                                                                                                                                                                              SHA-256:604C46E40E85EE8CFDE8B6092D4785BB4C6B1C3692E648CE30FBABC119527014
                                                                                                                                                                              SHA-512:E587EF54944D77189666C2F3EF9A4E27EBC17FA53BA12FBAB6246815435BD63E7DF4634B34F44B9E112F89F4CD56CAAF1AF066E14102D8C7FCCF0355D2CC454C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z..|4..|4..|4......|4...5..|4...1..|4...0..|4...7..|4...5..|4..|5..|4.y.5..|4...9..|4...4..|4......|4...6..|4.Rich.|4.........................PE..d...|..c.........." ...".p...........m....................................................`.............................................P.......h............ ..x...........X........................................y..@...........................................UPX0....................................UPX1.....p.......l..................@....rsrc................p..............@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_sqlite3.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):56184
                                                                                                                                                                              Entropy (8bit):7.834741626536656
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:G1OB9LTyHEhkBFl8+Lsq4RrbolIg5Qen7Syg4iPxykb:N/LTyHRTZY/b+Ig5Qen0xykb
                                                                                                                                                                              MD5:E9416CF93F5A6D79C432ED804B2CAC8A
                                                                                                                                                                              SHA1:C30B104DA037C5B56D8C069209E1366F388028F6
                                                                                                                                                                              SHA-256:1E4BFDE379DB70D10D79FF44596C6D8F85685C0D684273DE58DE4AB62AF7702A
                                                                                                                                                                              SHA-512:403106745493B68DDB55BEED689757B141921BD9E9D175C3FC08A34556C0C9FE7C38B290CB01FB5B704FD06B6D90F0B77720118E7E0031F1DAC8322380795213
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}...}...}....n..}.......}.......}.......}.......}.......}..s....}.......}...}...|..s...}..s....}..s....}..s....}..Rich.}..................PE..d...~..c.........." ...".........`..`....p...................................0............`..........................................+..P....)....... .......................+..$...................................`...@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc........ ......................@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_ssl.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):62336
                                                                                                                                                                              Entropy (8bit):7.846502004059771
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:go6ll/oOM5AGIyI1asq3YGDT70ma70ZIgt7l7b7SyzPx:s/6AGLIcsq3YGn70mSWIgt7l3Zx
                                                                                                                                                                              MD5:CD4CD236DFD476E629C5E30597D0B5D6
                                                                                                                                                                              SHA1:49DF5575ECF1F58F3F61DAA979518F43D6FDE86A
                                                                                                                                                                              SHA-256:0713D93A6C083F2AB1391DC78AD5D897C1EF4EEF8A71648213D6631F0B6843E5
                                                                                                                                                                              SHA-512:829B72F81CFE3563ADA7EA71D815B1A4772469A3624DFF600EA1A532B3AAC554A4F3A64950087F6D05B67BEBE937244FF75A9EEAF03B3F80FD883E7D52F859FE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z..h.g,h.g,h.g,ac.,n.g,'gf-j.g,'gb-e.g,'gc-`.g,'gd-k.g,.gf-j.g,.af-l.g,h.f,..g,.if-o.g,.gj-j.g,.gg-i.g,.g.,i.g,.ge-i.g,Richh.g,........PE..d......c.........." ..."............0.....................................................`.........................................p...d....................P......................................................@...@...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_uuid.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):22400
                                                                                                                                                                              Entropy (8bit):7.357515689939351
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:1bjUslT2soxkYumZa7gJXTUIgewTYpIYiSy1pCQwpxPxh8E9VF0Ny82e:lj3lzmpDUIgewTnYiSyvIPxWEuV
                                                                                                                                                                              MD5:ADFCDA65B24DBA25A281160C8E2549B6
                                                                                                                                                                              SHA1:052D2B22AFB1442025B5FF22501E18CCCC017D04
                                                                                                                                                                              SHA-256:CFDA1EC3A28982545816B037799C0D1C089AD82D0A255EFC97B23FF60571373C
                                                                                                                                                                              SHA-512:76F45FB36E614FD96498BBB6A3DE00730D12F4BF7F89A63F3F9D75A66C8598AB105D1ACBB53227437B9A89B8FD81E6D6FBB059E62247BBED01815A4C0F6A52C5
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;$p^ZJ#^ZJ#^ZJ#W".#\ZJ#.&K"\ZJ#.&O"RZJ#.&N"VZJ#.&I"]ZJ#.&K"\ZJ#.(K"[ZJ#^ZK#tZJ#.&B"_ZJ#.&J"_ZJ#.&.#_ZJ#.&H"_ZJ#Rich^ZJ#................PE..d...f..c.........." ...". .......`.......p................................................`.........................................8...L....................@..........................................................@...........................................UPX0.....`..............................UPX1..... ...p......................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\_win32sysloader.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                              Entropy (8bit):6.767790957922714
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:yvKadimkU6KnFt4Zdcpbd8m5O4Ejaeg2JwjokYj273QJXhcz3/dQfD:i4KFtycpbd8EObY2JwjoZa7gJX23/dQf
                                                                                                                                                                              MD5:BC094CA649DE51B02C223F6DB74094FB
                                                                                                                                                                              SHA1:F486B3A3065199776C1F40496F4772DF852AB49E
                                                                                                                                                                              SHA-256:360B80B4B7857744819F1E2F3729979614F30FE9B91F87878D798762F2445D59
                                                                                                                                                                              SHA-512:6F2F1DDC6A4006BA415CE3ABA779E8E15CC92B6C2E046ABA89B1AAB3DB512D85F5EB07AE85B17722ED7DD70E21717E0676ADB8EA057067F8E9B7A8452E8FA455
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.f. ... ... ...).."...r..."...4..."...r...+...r...(...r...#.......#... ...........!.......!.......!...Rich ...........PE..d......d.........." .....0.......... .....................................................`.............................................`...x...P.......x....`..............(....................................... ...8...........................................UPX0....................................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\base_library.zip

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1750366
                                                                                                                                                                              Entropy (8bit):5.576177691192624
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:mQR5pATt7xm4lUKdcubgAnyfbGD0iwhpM2dYf9P3sLdTZLdma0uHHR:mQR5pQxmij+bLgaJ
                                                                                                                                                                              MD5:E9C28BC7AE0276A2413D913FABE101CC
                                                                                                                                                                              SHA1:BAEFB0B00EAC192113737106BC76B02244C17838
                                                                                                                                                                              SHA-256:7ECD1DFE0DCC82C2E595729CB238ACB890326ADC87136334CE9C21A5F0C847BF
                                                                                                                                                                              SHA-512:C25532849462E0DC1E3E7FD5F0DCC93A5DC18C7B29920819143EC30FEC899F98CB8A538AB0084B9BA91F62705DE3DEDEDEF6ACFAE02DAF1EFCEABAC3819804E9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\certifi\cacert.pem

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):275233
                                                                                                                                                                              Entropy (8bit):6.04917730761317
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:QW1H/M8fRR0mNplkXCRrVADwYCuCigT/Q5MSRqNb7d8N:QWN/TRLNLWCRrI55MWavdA
                                                                                                                                                                              MD5:59A15F9A93DCDAA5BFCA246B84FA936A
                                                                                                                                                                              SHA1:7F295EA74FC7ED0AF0E92BE08071FB0B76C8509E
                                                                                                                                                                              SHA-256:2C11C3CE08FFC40D390319C72BC10D4F908E9C634494D65ED2CBC550731FD524
                                                                                                                                                                              SHA-512:746157A0FCEDC67120C2A194A759FA8D8E1F84837E740F379566F260E41AA96B8D4EA18E967E3D1AA1D65D5DE30453446D8A8C37C636C08C6A3741387483A7D7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\INSTALLER

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:pip.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\LICENSE

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):323
                                                                                                                                                                              Entropy (8bit):4.554768229532207
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6:h9Co8FyQjkDYc5tWreLBF/pn2mHr2DASvUSBT5+FL8tjivzn:h9aVM/mrGzRsvUSBT5+J8li7n
                                                                                                                                                                              MD5:BF405A8056A6647E7D077B0E7BC36ABA
                                                                                                                                                                              SHA1:36C43938EFD5C62DDEC283557007E4BDFB4E0797
                                                                                                                                                                              SHA-256:43DAD2CC752AB721CD9A9F36ECE70FB53AB7713551F2D3D8694D8E8C5A06D6E2
                                                                                                                                                                              SHA-512:16590110B2F659D9C131B2093E05D30919A67368154305DCFE8D54FB88525F49F9F9F385A77BA5BCBEA8092061011D72B1BCC65CDC784BCFDDE10CE4DCE5586F
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses...The code used in the OS random engine is derived from CPython, and is licensed.under the terms of the PSF License Agreement..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\LICENSE.APACHE

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\LICENSE.BSD

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\LICENSE.PSF

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2415
                                                                                                                                                                              Entropy (8bit):5.015031803022437
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:xUXyp7TEJzIXFCPXB/XF/gwHsV3XF2iDaGkiCXF1u0A2s/8AMUiioTqNyPhIXF+v:KXG3EJ0EPX9rsV3ZdkZ8oAShTkyZIYAw
                                                                                                                                                                              MD5:43C37D21E1DBAD10CDDCD150BA2C0595
                                                                                                                                                                              SHA1:ACF6B1628B04FE43A99071223CDBD7B66691C264
                                                                                                                                                                              SHA-256:693EC0A662B39F995A4F252B03A6222945470C1B6F12CA02918E4EFE0DF64B9F
                                                                                                                                                                              SHA-512:96D7C63AD24F7543599F0FED919948E486B35D01694BE02D980A8BA3D2A8B5A0E42341D940841D3528F56F09A582D32B3E81DED44BB3AAD1874C92650CB08129
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:1. This LICENSE AGREEMENT is between the Python Software Foundation ("PSF"), and. the Individual or Organization ("Licensee") accessing and otherwise using Python. 2.7.12 software in source or binary form and its associated documentation...2. Subject to the terms and conditions of this License Agreement, PSF hereby. grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,. analyze, test, perform and/or display publicly, prepare derivative works,. distribute, and otherwise use Python 2.7.12 alone or in any derivative. version, provided, however, that PSF's License Agreement and PSF's notice of. copyright, i.e., "Copyright . 2001-2016 Python Software Foundation; All Rights. Reserved" are retained in Python 2.7.12 alone or in any derivative version. prepared by Licensee...3. In the event Licensee prepares a derivative work that is based on or. incorporates Python 2.7.12 or any part thereof, and wants to make the. derivative work available to ot

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\METADATA

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5398
                                                                                                                                                                              Entropy (8bit):5.1675753019193005
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:96:Dx96pfjHk/QIHQIyzQIZQILuQIR8vtrklGovxNxvwW8GCcbGLgHnzVEQDjylerTR:zSLHkoBs/sGLINcbGL8nzVEQDjylerTR
                                                                                                                                                                              MD5:D7A101C6C59B580D416A2E913E6BCA8B
                                                                                                                                                                              SHA1:A0D954D7125F9651966BF3643E04302A83A76F1D
                                                                                                                                                                              SHA-256:F7F2EFFABF7615899C6AC4D8F7A1542F82AFB325E35C3D7A9A29A07176434BE2
                                                                                                                                                                              SHA-512:5B72B8B67B393FDB68D8DBBD98839F2C708678F6A298BD31CB030F27A6F3756D2ECFD28690501F4FD073D55F3795DFEAECFAAE09111C98DCFC5E865BC513F28A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Metadata-Version: 2.1..Name: cryptography..Version: 39.0.0..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Home-page: https://github.com/pyca/cryptography..Author: The Python Cryptographic Authority and individual contributors..Author-email: cryptography-dev@python.org..License: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0..Project-URL: Documentation, https://cryptography.io/..Project-URL: Source, https://github.com/pyca/cryptography/..Project-URL: Issues, https://github.com/pyca/cryptography/issues..Project-URL: Changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Opera

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\RECORD

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):15818
                                                                                                                                                                              Entropy (8bit):5.540439275759415
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:1XZhFi1FbUaP0G1ywdjd5RmeYdNFGotqw+dKsqQj:1E1hUQ01w9QeX
                                                                                                                                                                              MD5:E407F96D2B581D412DE0F9DDD77AB894
                                                                                                                                                                              SHA1:A37E9E86F2A3215E5677DF031640347C8C937DDC
                                                                                                                                                                              SHA-256:061584C8F7827A27FF9742833AA6FCC3679DDEED1E0968DC94D15952103BB53E
                                                                                                                                                                              SHA-512:5A60745DC7741417D6178001945C8E2924FCFD7AFDE947210BB9ABBE438DDA9D90DF4989AD0429E72591540ED3251472ED1523955AFB04FBD6DA2292F092CCF1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:cryptography-39.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-39.0.0.dist-info/LICENSE,sha256=Q9rSzHUqtyHNmp827OcPtTq3cTVR8tPYaU2OjFoG1uI,323..cryptography-39.0.0.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-39.0.0.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-39.0.0.dist-info/LICENSE.PSF,sha256=aT7ApmKzn5laTyUrA6YiKUVHDBtvEsoCkY5O_g32S58,2415..cryptography-39.0.0.dist-info/METADATA,sha256=9_Lv-r92FYmcasTY96FUL4KvsyXjXD16mimgcXZDS-I,5398..cryptography-39.0.0.dist-info/RECORD,,..cryptography-39.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-39.0.0.dist-info/WHEEL,sha256=CFPxCuvaTIZS0h5c8o2xFStPFn1i6Rraxc2uR61QpoA,100..cryptography-39.0.0.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=NhtFVw-0uEYjXuKl7COCAUliy4IsXpQnSVM0TbWb7pk,417..cryptogr

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\WHEEL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):100
                                                                                                                                                                              Entropy (8bit):5.000336540814903
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViJR4KgP+tkKc5vKQLn:RtBMwlVifAWK/SQLn
                                                                                                                                                                              MD5:EE841A733C96CF3371DF13B3241E752F
                                                                                                                                                                              SHA1:E6884AEF7CCFDD38C82D19182B711BE7283AA23E
                                                                                                                                                                              SHA-256:0853F10AEBDA4C8652D21E5CF28DB1152B4F167D62E91ADAC5CDAE47AD50A680
                                                                                                                                                                              SHA-512:A6127E082FD7D62CB48DD3F29FF586F020CC30EC61E2BF1963416D56F27B716F81A3C88667C65CACF25DE98F97759C965DECC7CD09DF04883ACFCC06C37FC24A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.38.4).Root-Is-Purelib: false.Tag: cp36-abi3-win_amd64..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography-39.0.0.dist-info\top_level.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                              Entropy (8bit):3.2389012566026314
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:cOv:Nv
                                                                                                                                                                              MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                              SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                              SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                              SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:cryptography.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_openssl.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1371648
                                                                                                                                                                              Entropy (8bit):7.999202177614528
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:24576:G38W85WoL7UPCNVgwsshK85LRFnf7Vrf7TqOEByKOqZzU/L9U:G38fVvO0VishpL/J77OI9qZML
                                                                                                                                                                              MD5:313BDC29A0CD56DB8AE2EECD1B8EE6DA
                                                                                                                                                                              SHA1:7FA5C9E4E9AF0CFA8CC87FB1F9BB8DC8F816394C
                                                                                                                                                                              SHA-256:FCC732738FE6C8CA76F5B24FA3D19A6B9C02032ADA2EAA5924EDFDE31925F8C0
                                                                                                                                                                              SHA-512:8D55497B6A521EF389C31728960BF8E8C8A5157A3CC1C12B56944D7A6F49C1007255BBAFE4EE9584B22576608B5CDE4BB7F94A5DD7A083E0BF718ABFB6D69834
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i8.(-Y.{-Y.{-Y.{$!w{?Y.{b%.z/Y.{b%.z Y.{b%.z%Y.{b%.z)Y.{.-.z/Y.{f!.z Y.{-Y.{.Y.{-Y.{2Y.{.%.z6Z.{.%.z,Y.{.%.z,Y.{.%.{,Y.{.%.z,Y.{Rich-Y.{........................PE..d....L.c.........." ...".........p(.PS=...(...................................=...........`..........................................u=.P....p=......p=.......:.,...........(v=.$...................................._=.@...........................................UPX0.....p(.............................UPX1..........(.....................@....rsrc........p=.....................@..............................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):407040
                                                                                                                                                                              Entropy (8bit):7.995135547571276
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:12288:XxQ9v9YrLYCIHrJwyv3/PQLb0KLgKPh2J/X:cveL/IHVRfQLbYKPY
                                                                                                                                                                              MD5:70FE398C1FBED06D0C7023C83D747BD5
                                                                                                                                                                              SHA1:137895B4514D17F5FB9C1853555D9ACC29584D45
                                                                                                                                                                              SHA-256:B51A2342D04D715B29CEDFA894A6BE3974FFF0B844E49AE8F8B3D72C9E6B4FA2
                                                                                                                                                                              SHA-512:831D309203B34E3F2360C082DC08400448DE6A588F2BAD4E3C7ADDA4548CA50009D6CDB9C6A78821A98DE48FD0C17AE5E7B082EAF6FE38B9A62BC8AFCBB48F00
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F..............N........................................J...................Y...R.......R.......Rich............................PE..d...fL.c.........." ...".0...................................................@............`.........................................$2..X....0..$............ .............|2..$........................... +..(...`,..@...........................................UPX0....................................UPX1.....0..........................@...UPX2.........0.......2..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\libcrypto-1_1.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1189728
                                                                                                                                                                              Entropy (8bit):7.94510802994726
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24576:GffQrZJIe6/4gho5HE1F03fkOyUU/BtSIgA0ft+rBFOWRIQ6sCY51CPwDv3uFfJv:Yf8JWwgho5HL3fknPSIKorCU1CPwDv3a
                                                                                                                                                                              MD5:8A0B20D8E0E7F225693D711D556ADC8A
                                                                                                                                                                              SHA1:9486B7BDBA3682F29F918EC22EC3D3F0DD0101FD
                                                                                                                                                                              SHA-256:0B7BA07933749E08F265CE5F9361A52CD00C86C84713DB8C7B6955E75FB8359B
                                                                                                                                                                              SHA-512:164B5138E708C494094C60084945B24C73FF345433C8231FCC79A8FA5059634374F8998B04D9A967E37CDE8AF88BD4FF4484ECA641FE112952AF4B98081D7BDA
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a...2...2...2...2...2..3...2..3...2..3...2..3...2...2...2L.3...2..3...2..3.2..3...2..p2...2..3...2Rich...2........................PE..d...m..b.........." ... .........@%.025..P%..................................P7...........`......................................... H5......C5.h....@5......`2.............H7......................................=5.@...........................................UPX0.....@%.............................UPX1.........P%.....................@....rsrc........@5.....................@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\libffi-8.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):28504
                                                                                                                                                                              Entropy (8bit):7.670274633235741
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:Op/6aepjG56w24apnpiYiSyvOPxWESW7t:MA154ypi7SymPxlp
                                                                                                                                                                              MD5:AAF07947FE7AA9980900DFD10145C32F
                                                                                                                                                                              SHA1:79B605E95C55524EF13ED130FDDB277DF121AAEE
                                                                                                                                                                              SHA-256:55210E5A2E9885C30624CDA41BF4A83B2598E661590349E7997AB28BE70569A4
                                                                                                                                                                              SHA-512:E17463ECDAD0C5FDA59197B0BFD2F35AE0580E8791EAAD5EF52C2AD876E993709FBE7B6C10E5A16EBA276C7F8163F5ACFFD86FE500652854407AE036B8BEFABE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.r...........................Y...........;....................................................Rich............PE..d....-c.........." ...!.@................................................................`.....................................................................P.......................................................@...........................................UPX0....................................UPX1.....@.......<..................@...UPX2.................@..............@......................................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\libssl-1_1.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):208224
                                                                                                                                                                              Entropy (8bit):7.921493339005434
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:kSI3oPlWLlPVVc5MpJa1pOjJnnioIZW8/Qf6bRXGKrs8qJjueW1LR/oSB6hetz:bIek5VC0FiHof6Z1rgJ63R/oS3
                                                                                                                                                                              MD5:5FBA49B16F11BEFE297103BC28F20940
                                                                                                                                                                              SHA1:412A4D12B6837314826B3AB8F868182DA12B1F1A
                                                                                                                                                                              SHA-256:CC147F1B1467D4646450B66A8E59D26980A50F36FD3176EB2701E7BD28B22C72
                                                                                                                                                                              SHA-512:62881A3B70AFEA335819CA2FAFE85711607CE526F45A628FA775574C36FF3B287D5C9B9A8449131831E15644048A5E8255C3CAE91487BD8CDD90E684748DEC98
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.p*..p*..p*......p*...+..p*.\.+..p*.../..p*......p*...)..p*...+..p*..p+.iq*......p*...*..p*.....p*...(..p*.Rich.p*.........PE..d......b.........." ... .....P...`..@....p................................................`..........................................6..4@...3.......0...........M...........v......................................@%..@...........................................UPX0.....`..............................UPX1.........p......................@....rsrc....P...0...H..................@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\markupsafe\_speedups.cp311-win_amd64.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                              Entropy (8bit):6.890950606089194
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:Q4U3S/XaoXRjnBIMBSWKloDSMwptv5qkYj273QJXZH32:Q/S/XFhj1dKaDSMwn5qZa7gJXl2
                                                                                                                                                                              MD5:7A01EA2F4477BE758B6C93F202F076C0
                                                                                                                                                                              SHA1:BD0034E0902DF42602BE085F614ACB3D740F3B7C
                                                                                                                                                                              SHA-256:913FB351BC59141E811F24734886F79852463D65E1249D83FCF0060FAD227145
                                                                                                                                                                              SHA-512:DDF4F862A8C2904C10AB1026A0148A28488B5F5E91ACA70A24C4565A04DE008C96A69D2884C4D717B1F2D8479E4CF2C4F328ADD0C10A716366B1A33AF8454A88
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r=+.6\E.6\E.6\E.?$..4\E.y D.4\E.}$D.4\E.y @.=\E.y A.>\E.y F.5\E. D.5\E.6\D..\E.. M.7\E.. E.7\E.. ..7\E.. G.7\E.Rich6\E.........................PE..d...{..c.........." ...".0...............................................................`.........................................@...d.......P............`.........................................................@...........................................UPX0....................................UPX1.....0.......&..................@....rsrc................*..............@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\mfc140u.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):5653424
                                                                                                                                                                              Entropy (8bit):6.729277267882055
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS
                                                                                                                                                                              MD5:03A161718F1D5E41897236D48C91AE3C
                                                                                                                                                                              SHA1:32B10EB46BAFB9F81A402CB7EFF4767418956BD4
                                                                                                                                                                              SHA-256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
                                                                                                                                                                              SHA-512:7ABCC90E845B43D264EE18C9565C7D0CBB383BFD72B9CEBB198BA60C4A46F56DA5480DA51C90FF82957AD4C84A4799FA3EB0CEDFFAA6195F1315B3FF3DA1BE47
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d....~.a.........." .....(-..X)......X,.......................................V......YV...`A..........................................:.....h.;.......?......`=..8....V..'...PU.0p..p.5.T...........................`...8............@-.P...0.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\psutil\_psutil_windows.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):34816
                                                                                                                                                                              Entropy (8bit):7.7560965311162775
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:YrA/j6Vq1p3Kuu42ShVZmBKDRAdlq9gYe7JSp+AG:zjz1p3dVZmBJQgpNA
                                                                                                                                                                              MD5:55D31D658B98477659996A7DC36DD119
                                                                                                                                                                              SHA1:5A4870A490D89E740703E22B920FE9E992FDAC48
                                                                                                                                                                              SHA-256:2CC9C720FEAA8D2A0E50F49712A82B617263D1F51F063F6580101BE617566AA2
                                                                                                                                                                              SHA-512:DEF0CC34AED089ADC8526A7436586AC64ECA1244C8B9D1784C6B0E05A59A52DA4511BD02727843EAC2FC0AC14119216CE1AA65BC03261759673DA4D5FC1C0129
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.][~.3.~.3.~.3.w...t.3.,.2.|.3.,.6.r.3.,.7.v.3.,.0.z.3...2.|.3.5.2.o.3.~.2...3...;.r.3...3...3.......3...1...3.Rich~.3.........PE..d.....ic.........." ............. .......0................................................`.........................................8...`......H............P..4......................................................8...........................................UPX0..... ..............................UPX1.........0...~..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\pyexpat.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):88448
                                                                                                                                                                              Entropy (8bit):7.9128119025350845
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:VgmuCPnZgDdQkW+4ROY6NGZakepLXthgXz0L/XPGuJYyMc4k/Pa0bXiELdqK1tIF:VgmXPn2hnoOZewXth4z0LvPGuJjQYbIF
                                                                                                                                                                              MD5:A9EE1C53C76D3C2C622A5C4649EDCBF2
                                                                                                                                                                              SHA1:C9B0E3269D9EB5E6AA47C39619F70B3E8B208924
                                                                                                                                                                              SHA-256:446F5B0E6FB174BA8F2C8FFB45D093E87F12B02B1119E9B4BAA9642C981321CE
                                                                                                                                                                              SHA-512:E256B074DBF40A662398F0B2EB909A498051E16EB7FEDCDD5AFE247F80632A60A8CB01CC5AEEC52F1D392C90B5AAAA94CA4B72ED2D3E0D4018A840D7408B2FEF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yh..=..=..=..4qu.1..ru.?..ru.0..ru.5..ru.>..u.?...{.>..=..K..u.9..u.<..u..<..u.<..Rich=..........................PE..d...c..c.........." ...". ..........00... ...................................P............`..........................................L..P....I.......@.......................L......................................0<..@...........................................UPX0....................................UPX1..... ... ......................@....rsrc........@......."..............@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\python3.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):65912
                                                                                                                                                                              Entropy (8bit):6.084559408369445
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:xw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJS7:O/5k8cnzeJ4NIgQ0D7SyVPx5
                                                                                                                                                                              MD5:7FEB3DA304A2FEAD0BB07D06C6C6A151
                                                                                                                                                                              SHA1:EE4122563D9309926BA32BE201895D4905D686CE
                                                                                                                                                                              SHA-256:DDD2C77222E2C693EF73D142422D6BF37D6A37DEEAD17E70741B0AC5C9FE095B
                                                                                                                                                                              SHA-512:325568BCF1835DD3F454A74012F5D7C6877496068AD0C2421BF65E0640910AE43B06E920F4D0024277EEE1683F0CE27959843526D0070683DA0C02F1EAC0E7D2
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]{....e...e...e..fm...e..fe...e..f....e..fg...e.Rich..e.........................PE..d...S..c.........." ..."..................................................................`.........................................`...P...............................x)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\python311.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1699192
                                                                                                                                                                              Entropy (8bit):7.993495116475973
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:24576:sVjoBVlMn/gq1hZaOLWsnL/zCKKBpZFkqbRDuNLy63vIzJcaE6aYD2/axyvHHvMX:QsCgw7L4LBpZZv635z6ai2/AMHvu
                                                                                                                                                                              MD5:5EF44EFFA518FC9B3ACDA79684381D75
                                                                                                                                                                              SHA1:DF6D1A46E691DCE3373800B188137EED4CE97DFC
                                                                                                                                                                              SHA-256:90FE310CCE48C73F05B7E678A36F2D6BB8870C316B9F12495255B60AD7787777
                                                                                                                                                                              SHA-512:CA52CCD9DEDFB03D38544CB2F5A248D52873F7EF143EE3693D2FE11E941E81C5A48DA277DBE0CDCF5B01701778BA083D0355FDFEF0C13FAA59411E7E12E5928C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Antivirus:
                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................m....l.................y........................Rich....................PE..d...H..c.........." ..."..........D...]...D...................................^...........`.........................................H.].......].......].......V.X0...........^.....................................(.].@...........................................UPX0......D.............................UPX1..........D.....................@....rsrc.........].....................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pythoncom311.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):198144
                                                                                                                                                                              Entropy (8bit):7.895790258832063
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:9CTzJRyBPsxhaPueTqxVvMCeYp3FotYqL+KYw532+i/PygB3O6h7ZKkypdir:9CTzJRyfPuBE26r+Tv+iXyb6hlkpd
                                                                                                                                                                              MD5:8F92B1BB9FB166C4B8C57B7E325296E6
                                                                                                                                                                              SHA1:9BF5C7A1715F60F15EF6D2AA5FC8890B1B4660CE
                                                                                                                                                                              SHA-256:4DD491ED1C23454029D756E46FC7F0C478AEFFBECC38DCB2E698BC1E75632B69
                                                                                                                                                                              SHA-512:0760982C079599A7895C3F4052B9380B9E341621B3A2C59109920D13F12C05C6EBA6F802C09934269823209A8BE6A2114C454C0390A8278A9253A4D2CD671104
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`...3...3...3..\3...3...2...3...2...3...2...3...2...3...2...3U..2...3...2...3...3..3U..2..3U..2...3U..2...3Rich...3................PE..d...f..d.........." .........p...... 7....................................................`.........................................0W...c..pS.......P..p....@...z.................................................0C..8...........................................UPX0....................................UPX1................................@....rsrc....p...P...l..................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\pywin32_system32\pywintypes311.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):63488
                                                                                                                                                                              Entropy (8bit):7.565926149787715
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:768:VjPpDPKuASjw7XqXcK+yhDzC8mgnC6cD+g90EKiv53YF2a/npFUQLJ6uxQEZOVPi:VdASj2XeBz3m7Sg9xeUQLJhm8eq
                                                                                                                                                                              MD5:BD26E7E8C402CFEDFB28C04C401EDD56
                                                                                                                                                                              SHA1:DE09348E6E53A2BD02D601E91ECD10D239F726F5
                                                                                                                                                                              SHA-256:48A59A866181DF73ED1864C6E14354C95E5C31605C9E6B2DD5DAA6595A95888F
                                                                                                                                                                              SHA-512:B567E532D31BEE3345D856CDD275C3453F7BA8B0CA80324CF871EC06394890C0B735A3FA6B8515979D9EA66B6CFBC3BC336612DA838B0CEA4CB9E986538AE404
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." .........P.......z....................................................`.........................................p...`B..p...........p.......L......................................................8...........................................UPX0....................................UPX1................................@....rsrc....P.......J..................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\select.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):24960
                                                                                                                                                                              Entropy (8bit):7.407226344946657
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:APUAW1guHrhE14cZa7gJXZbdIg7Gz6RIYiSy1pCQm3MnfPxh8E9VF0NyyRt:APjW1J8pJbdIg7GzpYiSyvwMfPxWEo
                                                                                                                                                                              MD5:CCDB37C527CE2DB915E3701EE204C7DD
                                                                                                                                                                              SHA1:8454BC2761504EA11FBAA6F2683BBCA36A3989A9
                                                                                                                                                                              SHA-256:0F8D10473924F0BEE9430BE8824F8BD626FA4EFAF98CDC10EEE64E70DD4EF3F0
                                                                                                                                                                              SHA-512:3E04FECF39585445F2541D5EE16C3E522770DAA9B1778A5E51DB68261D4080E1B5373DED5A9A46F5F2204DE1049BE85814F86B28DD882CED8CFF0632C34B70D7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].t.<t'.<t'.<t'.D.'.<t'.@u&.<t'.@q&.<t'.@p&.<t'.@w&.<t'i@u&.<t'.<u'.<t'.Nu&.<t'i@y&.<t'i@t&.<t'i@.'.<t'i@v&.<t'Rich.<t'................PE..d...^..c.........." ...".0................................................................`......................................... ...L....................`..............l...........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\INSTALLER

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:pip.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\LICENSE

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1050
                                                                                                                                                                              Entropy (8bit):5.072538194763298
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                              MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                              SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                              SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                              SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\METADATA

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6301
                                                                                                                                                                              Entropy (8bit):5.107162422517841
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                              MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                              SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                              SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                              SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\RECORD

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):37694
                                                                                                                                                                              Entropy (8bit):5.555787611309118
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
                                                                                                                                                                              MD5:087F72A04BB085627494651E36C4C513
                                                                                                                                                                              SHA1:1E39070E246F91D8926268A033C6F584E629E2DE
                                                                                                                                                                              SHA-256:BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
                                                                                                                                                                              SHA-512:39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\WHEEL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):92
                                                                                                                                                                              Entropy (8bit):4.820827594031884
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                              MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                              SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                              SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                              SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\entry_points.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2740
                                                                                                                                                                              Entropy (8bit):4.540737240939103
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                              MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                              SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                              SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                              SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\setuptools-65.5.0.dist-info\top_level.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                              Entropy (8bit):3.9115956018096876
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                              MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                              SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                              SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                              SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\sqlite3.dll

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):620920
                                                                                                                                                                              Entropy (8bit):7.993451576457064
                                                                                                                                                                              Encrypted:true
                                                                                                                                                                              SSDEEP:12288:rgPcKFOk/OXN05Ve41KUm+Iea2ibJyK8pIL4N1hFmCF/MiYqB9XD:rY/GXNsl1KUmfeaxJyHbNvnWiY2dD
                                                                                                                                                                              MD5:7CD1CD64D98720D2E176054724756E69
                                                                                                                                                                              SHA1:AA6D4EA48E7FDFCD776E28914672172A941C63D6
                                                                                                                                                                              SHA-256:5689AA68ECCF0D85F6B3F1D6231F61E62B0F4552887537D820FF9CBEB9B9F71A
                                                                                                                                                                              SHA-512:5066DA82584D0CF4CCCD878D8FE1D61DEDF56D11F348E1B957056268F0FBA0B392D02F6E19465304EABAFD2E3B48B1A7BBF5648988BDD81D3F53FFBDEF0ECB32
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......CG;..&U..&U..&U..^..&U.HZT..&U.HZP..&U.HZQ..&U.HZV..&U..TT..&U..&T..&U..Z]..&U..ZU..&U..Z...&U..ZW..&U.Rich.&U.................PE..d...z..c.........." ...". ...0...........................................................`.............................................d"......................D...........x...........................................@...........................................UPX0....................................UPX1..... ..........................@....rsrc....0..........."..............@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\unicodedata.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):301432
                                                                                                                                                                              Entropy (8bit):7.986416912542255
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:fk/eNEUS5iN6K4ERR0zp+jLMDT09vIo0EjN4r1AigfogldUDnHWM:fkgEzQwERR0snKw9AsBc1AigDldUj2M
                                                                                                                                                                              MD5:54386C35A62C1A9EB63A29863F623A63
                                                                                                                                                                              SHA1:7BB961B23816D30B727448C20BB65A57F64C95A1
                                                                                                                                                                              SHA-256:8066BE8A9E752BE80AFFF19FB21449998964DC8882CBE947230629AB21DC1009
                                                                                                                                                                              SHA-512:F7294832EDC2E0BF87359BEE12D60AAC6EB397BCDD848317C0444A22B855F986D7C550A0268BF47902D78E9F0AECD206EE487E2081DEE6665158F0CEB327E5E6
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t..t..t..}...r..;...v..;...y..;...|..;...w.....w......v..t..%.....u.....u...y.u.....u..Richt..........PE..d...j..c.........." ...".`.......@.......P................................................`.............................................X....................P..0.......................................................@...........................................UPX0.....@..............................UPX1.....`...P...^..................@....rsrc................b..............@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\INSTALLER

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:pip.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\LICENSE.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1107
                                                                                                                                                                              Entropy (8bit):5.115074330424529
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                              MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                              SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                              SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                              SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\METADATA

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):2110
                                                                                                                                                                              Entropy (8bit):5.079816448039822
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:DEr3Cnd+p8d+zYMPktjYliwqlT8RfkD1UKd+mOl1Awro:DEryQPzYMPktjY0lZOfsUzmbYo
                                                                                                                                                                              MD5:DE219A939E825026ECA4485DD660051B
                                                                                                                                                                              SHA1:78088B1C0B345E2F64603D13A48DF2712B7BAB56
                                                                                                                                                                              SHA-256:DE3E0A81564263B799C8EAF00CA6284EE01C7EBFE05C06F1C75C86851F43B2C0
                                                                                                                                                                              SHA-512:72906090078BB5A5A9B1E6DFD1FAD9ED9523F7134A6CD10F0E0993C3CC2EC98A0C8733E0608BD3E8947627A673C2368BE7E10E6CA84BED9EA18301826BF90D7B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.38.4.Summary: A built-package format for Python.Home-page: https://github.com/pypa/wheel.Author: Daniel Holth.Author-email: dholth@fastmail.fm.Maintainer: Alex Gr.nholm.Maintainer-email: alex.gronholm@nextday.fi.License: MIT.Project-URL: Documentation, https://wheel.readthedocs.io/.Project-URL: Changelog, https://wheel.readthedocs.io/en/stable/news.html.Project-URL: Issue Tracker, https://github.com/pypa/wheel/issues.Keywords: wheel,packaging.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Cl

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\RECORD

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):3013
                                                                                                                                                                              Entropy (8bit):5.755268031363657
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:48:sxonuXnaTCJes5JWEELHlJp1fL9TPdL01iPeTQTw7bIHt6He87Ny9WFmm2inJP93:sZX3pvUp1f1Px0cGTQTw7bIHoHe8Eem8
                                                                                                                                                                              MD5:D380C974803242E81D399D73CC9C70EB
                                                                                                                                                                              SHA1:1F00B8E8ED7AFA99F3433B594F6061588BBCFB41
                                                                                                                                                                              SHA-256:1C3A184CCEC903A05A38BF16BA5912B4E16E305459AFD5EE5B9514194434B807
                                                                                                                                                                              SHA-512:E53A4C023EE418E6B8AA63A51A3A1E0E4A73259C0B87180A4A498566C4A7ACCDF55B0202265DE6FF2B83C14588C8307DEEC0185B6EA388F85779E2A251FF3C48
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:../../Scripts/wheel.exe,sha256=5ROiBnsNk-LUHgEqRJ56wChY_eW0HIiw8ur0Xnu5ljA,108409..wheel-0.38.4.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.38.4.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.38.4.dist-info/METADATA,sha256=3j4KgVZCY7eZyOrwDKYoTuAcfr_gXAbxx1yGhR9DssA,2110..wheel-0.38.4.dist-info/RECORD,,..wheel-0.38.4.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.38.4.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92..wheel-0.38.4.dist-info/entry_points.txt,sha256=krg-iHKefnsk1qvNLDkZP3-4Aq3J0F_zJaathht0JBI,107..wheel-0.38.4.dist-info/top_level.txt,sha256=HxSBIbgEstMPe4eFawhA66Mq-QYHMopXVoAncfjb_1c,6..wheel/__init__.py,sha256=2wJrg-twJVHIbVXveZjxyMtxjelZOVff9bnhTBt3eec,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-311.pyc,,..wheel/__pycache__/__main__.cpython-311.pyc,,..wheel/__pycache__/_

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\WHEEL

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):92
                                                                                                                                                                              Entropy (8bit):4.842566724466667
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViJR4KgP+tPCCfA5S:RtBMwlVifAWBBf
                                                                                                                                                                              MD5:88F09A0EC874FD86ABCB9BC4E265B874
                                                                                                                                                                              SHA1:786AB44FFD2F5C632B4DC5C1BF4AA2E91E579A05
                                                                                                                                                                              SHA-256:DB07A93359E4E034B8785A58AD6D534EA3DCA0635F1E184EFE2E66E1C3A299BA
                                                                                                                                                                              SHA-512:7FFEF1EC782D590D2879294C2895A5A8064ECD5FE7243CF602FCCE66A8A715F64436F17CE96070B613123847EE0C18AB0AA5BC87DB13E98A792DC07DD95E4BAB
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.38.4).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\entry_points.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):107
                                                                                                                                                                              Entropy (8bit):4.342519230938833
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:1SSAsVYgh+MWTMhk6WjwVM5t51:1rb9WTMhk9jSM5t51
                                                                                                                                                                              MD5:E22AAD144EDBF017364A51BA641F9D7F
                                                                                                                                                                              SHA1:BB05840311BB133605C6CDBDF48054CEF9EB26F2
                                                                                                                                                                              SHA-256:92B83E88729E7E7B24D6ABCD2C39193F7FB802ADC9D05FF325A6AD861B742412
                                                                                                                                                                              SHA-512:E30D21B4A9FC1D174EEFA3E96D5A05415546336E785DCB606B3BC3233C24E52BDB2E31713118D26EC446DEC7FFA60834A201C9AF706FC45EC924D1C3B93711AE
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:[console_scripts].wheel = wheel.cli:main..[distutils.commands].bdist_wheel = wheel.bdist_wheel:bdist_wheel.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\wheel-0.38.4.dist-info\top_level.txt

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):6
                                                                                                                                                                              Entropy (8bit):2.2516291673878226
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:/sv:/sv
                                                                                                                                                                              MD5:EF72659542687B41FB1A4225120F41FA
                                                                                                                                                                              SHA1:3EF6EE742B2E851DEA1F754CE60A1FC222194799
                                                                                                                                                                              SHA-256:1F148121B804B2D30F7B87856B0840EBA32AF90607328A5756802771F8DBFF57
                                                                                                                                                                              SHA-512:A16A6E11367C986B2A7B38C491943B28F402081D3E2D41474C9E61BE44941133E87CB821750AD27A1E46FA2AFF9F93B8584C37247BDE219ABAC12D3D6EE4477C
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:wheel.

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32api.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):49664
                                                                                                                                                                              Entropy (8bit):7.836565472890682
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:C3ykyksFORBuqvb905yb8/z0lyUSxsur8kR2e:2ykUeXZ2UK8k8e
                                                                                                                                                                              MD5:9F69C69C7380725B2804C86757F69DC3
                                                                                                                                                                              SHA1:7F88B10A53D0A9205E940C8881B47006592A90DE
                                                                                                                                                                              SHA-256:5BC34FB950F104C0C5C4762B43C122A63A22E81D8BD77BE1D325D89592122A4B
                                                                                                                                                                              SHA-512:1023B4379BE8B09B7C05890126AE00513D0168B2D87168C2AF4340D9D7DED9FAE5E371DC813D6090A01C17E74FA3EF2E6B73FAAC85263EE42A2B1998DA772E2B
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." ................P.....................................................`.........................................(.......`...........`...........................................................P...8.......................@...................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32com\shell\shell.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):152576
                                                                                                                                                                              Entropy (8bit):7.973410261647366
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3072:F7wkiU3NxONgsJGCX0UU5xF9pudcyDx35s4nFD+mNNRhFVe2j/GchH:Nw5ENcNiCWxF98dck7+Ihmfc
                                                                                                                                                                              MD5:4C5C19FD127C4518F218103CAD668604
                                                                                                                                                                              SHA1:B41581160B7C2D549A7DF0B8648805C2D920F19C
                                                                                                                                                                              SHA-256:794D2B283E088AF4BB6FA2AC49138649E46FD4077D6BD04242BC3EE1F5914F97
                                                                                                                                                                              SHA-512:2C5486BA8AB5FAC857559582BF8C0871CF2D59BEB8230AD9E47705D049F0B242E732B6F5C90E4D41DAEB826AF487C9DE87636155FAE19E09BB06E1971C2C72B7
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.C.............bh.....Wo......Wo......Wo......Wo.......q.......o.......q.......q...............o..C....o.......o......Rich....................PE..d...#..d.........." .....P...................................................0............`..........................................&..L...P#..t.... ..P.......xx...........'..........................................8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc........ .......L..............@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32crypt.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):52736
                                                                                                                                                                              Entropy (8bit):7.729104962918167
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:Dm5pXRNj7rxWIPUlWhBDSmi6pHybxMeUHRa0+:K5lvgI8liFSspHq1ia
                                                                                                                                                                              MD5:5EA45424D1D96EAC3BA530183154F5F5
                                                                                                                                                                              SHA1:58B1FF6A5124091B68804E0962DC9F34FBCFD085
                                                                                                                                                                              SHA-256:48CF9148E04A9D083779707880F2F763429B4E13961796D4A9DE6C5B74B86536
                                                                                                                                                                              SHA-512:C1474E76CE84682E9A8A4E35E932FBF8BA803751C3907E438DADA735AC1DBD9DD35D9DAD345F62CF348F156A16A11128F1DD1E43CB99CADE0C51448842EE3DD9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." .........0.......G....................................................`.........................................hf......hc.......`..h...................$........................................S..8...........................................UPX0....................................UPX1................................@....rsrc....0...`...$..................@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32gui.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):67584
                                                                                                                                                                              Entropy (8bit):7.904883181122808
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:1536:kOfOUHah12Ou1uPj5x9myp1AOcsUw51y+oHL6D:kOfLi2xuPj5SyTAPsBfI+D
                                                                                                                                                                              MD5:B8E0F2317E17FF43DABB5CCBB925A039
                                                                                                                                                                              SHA1:A7AB0D26CAA3A2B776960F487BB925F1378B2DBD
                                                                                                                                                                              SHA-256:BB29112D42C305133139680AD5499F3D3241C3E2D1B3BA8C8FD4144C5A78EAB7
                                                                                                                                                                              SHA-512:D9F00CFB20F0ACC24277FB83EC0E0AE48B049C9425AD36BC7AE2A8CDD64A01BE6D0F0E73947B0F59CBA5E2B3A71F0E1884FB72204F001FB98802FAAB78D3B5D4
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{e..............b.......o.......o.......o.......o......fo.......q..........k...fo......fo......fo......Rich............PE..d......d.........." ................@.....................................................`.............................................d...`...........`.... ..h:..........\.......................................P...8...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32trace.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                              Entropy (8bit):7.071535019867609
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:384:JJ6KwMJFoeBJ4qCKU7xe+16S+x9oAMPMmZa7gJXXl1Bez:JJ7wMJFoenUk/S+x6AOJpHHBO
                                                                                                                                                                              MD5:47E25E14728A84F9EFF5F02BA1ED08EC
                                                                                                                                                                              SHA1:31A68494C6A5C2DE4679E762A7F71D437D15EC49
                                                                                                                                                                              SHA-256:64F0CDE58611599B52F68555EFAC2081D7F8C4EC18C9CB69A0B30FA5754FA3E3
                                                                                                                                                                              SHA-512:BD1FE2C90A82610D6F8F5B539EE966C0831C75C06CDAE6E132F991A99997F8B13785E65C1802DBEC8CA758B9B7D83819557F5124AE3E1358D119E8F981147CFF
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>].OP..OP..OP..7...OP..:Q..OP..:U..OP..:T..OP..:S..OP..:Q..OP..$Q..OP..OQ..OP..:Y..OP..:P..OP..:R..OP.Rich.OP.................PE..d......d.........." .....0..........`.....................................................`.............................................T...h...8.......h....p......................................................`...8...........................................UPX0....................................UPX1.....0..........................@....rsrc................2..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI23642\win32ui.pyd

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):278528
                                                                                                                                                                              Entropy (8bit):7.86505700594334
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:6144:nsDatGg2KntL8tTRDVyIx5vUa4sOc1vBPDEVN3L9JbuopvKCuC:sDatnsVRLr4Ov56DuopvruC
                                                                                                                                                                              MD5:99F0EA8777A5FD6DB49FBAC50BE7A11E
                                                                                                                                                                              SHA1:2B1C8B0E75C6708A127627744552C65559883138
                                                                                                                                                                              SHA-256:C8F1C56A4181D14829382B1A5C2F36F2E9E08836AACF4F1274A73AF90A86B60E
                                                                                                                                                                              SHA-512:59B164EA40E0AED07A79E3112BA2B486D5D3F99DD7FAFD4DFCE6554417DC7AC429D5BF6E8C9D1EC6746376026B70943966DD0948FDEF88847093DD0964C7F215
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.N..~...~...~..r....~.v.....~..a....~...z...~...}...~...{...~.......~.......~.v.w...~.v.~...~.v.....~.v.|...~.Rich..~.........................PE..d......d.........." .................{.......................................0............`..............................................T..<...........<8................... .. ...............................(...@...8...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\yonnboyx

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                              Entropy (8bit):2.0
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:3:qn:qn
                                                                                                                                                                              MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                              SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                              SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                              SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Preview:blat

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                              Entropy (8bit):7.998777683302474
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                              File name:AutoDox_Scraper.exe
                                                                                                                                                                              File size:22'072'739 bytes
                                                                                                                                                                              MD5:9fb9817dbde58b64e92c19b3d73ddd08
                                                                                                                                                                              SHA1:fd67f92d8887eb0222016a06e701e3323d64c472
                                                                                                                                                                              SHA256:fefa41c8aaa06ff9b36170f032c1c4d400945e2f9ff77b7fe8cf4b3ae445dadc
                                                                                                                                                                              SHA512:53be9c686feab803c9728f2327e42e442e51d431c50462718c43de1f7ab90ac32815db9706120feecebc02cd1acd96082745c864a7f34d031c59c3989d626864
                                                                                                                                                                              SSDEEP:393216:NxAln3rYXpELQ7b6QpQkbc8Gll0zQVedF7F:ol3rYXpc6eQpQtZlxu7
                                                                                                                                                                              TLSH:9E2733E265721AE7D8E4223AC04AC8785735EC63C331D98B07F9651E6EE33946C36F91
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6_..W1..W1..W1../2..W1../4.)W1../5..W1..+...W1..+4..W1..+5..W1..+2..W1../0..W1..W0..W1.W+5..W1.W+3..W1.Rich.W1.........PE..d..

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x14000b310
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x6420C2EF [Sun Mar 26 22:10:55 2023 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                              OS Version Minor:2
                                                                                                                                                                              File Version Major:5
                                                                                                                                                                              File Version Minor:2
                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                              Subsystem Version Minor:2
                                                                                                                                                                              Import Hash:0b5552dccd9d0a834cea55c0c8fc05be

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              dec eax
                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                              call 00007FBFAC98269Ch
                                                                                                                                                                              dec eax
                                                                                                                                                                              add esp, 28h
                                                                                                                                                                              jmp 00007FBFAC9822AFh
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              dec eax
                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                              call 00007FBFAC982C14h
                                                                                                                                                                              test eax, eax
                                                                                                                                                                              je 00007FBFAC982453h
                                                                                                                                                                              dec eax
                                                                                                                                                                              mov eax, dword ptr [00000030h]
                                                                                                                                                                              dec eax
                                                                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                                                                              jmp 00007FBFAC982437h
                                                                                                                                                                              dec eax
                                                                                                                                                                              cmp ecx, eax
                                                                                                                                                                              je 00007FBFAC982446h
                                                                                                                                                                              xor eax, eax
                                                                                                                                                                              dec eax
                                                                                                                                                                              cmpxchg dword ptr [0004121Ch], ecx
                                                                                                                                                                              jne 00007FBFAC982420h
                                                                                                                                                                              xor al, al
                                                                                                                                                                              dec eax
                                                                                                                                                                              add esp, 28h
                                                                                                                                                                              ret
                                                                                                                                                                              mov al, 01h
                                                                                                                                                                              jmp 00007FBFAC982429h
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              inc eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              dec eax
                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                              movzx eax, byte ptr [00041207h]
                                                                                                                                                                              test ecx, ecx
                                                                                                                                                                              mov ebx, 00000001h
                                                                                                                                                                              cmove eax, ebx
                                                                                                                                                                              mov byte ptr [000411F7h], al
                                                                                                                                                                              call 00007FBFAC982A13h
                                                                                                                                                                              call 00007FBFAC983B42h
                                                                                                                                                                              test al, al
                                                                                                                                                                              jne 00007FBFAC982436h
                                                                                                                                                                              xor al, al
                                                                                                                                                                              jmp 00007FBFAC982446h
                                                                                                                                                                              call 00007FBFAC990121h
                                                                                                                                                                              test al, al
                                                                                                                                                                              jne 00007FBFAC98243Bh
                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                              call 00007FBFAC983B52h
                                                                                                                                                                              jmp 00007FBFAC98241Ch
                                                                                                                                                                              mov al, bl
                                                                                                                                                                              dec eax
                                                                                                                                                                              add esp, 20h
                                                                                                                                                                              pop ebx
                                                                                                                                                                              ret
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              int3
                                                                                                                                                                              inc eax
                                                                                                                                                                              push ebx
                                                                                                                                                                              dec eax
                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                              cmp byte ptr [000411BCh], 00000000h
                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                              jne 00007FBFAC982499h
                                                                                                                                                                              cmp ecx, 01h
                                                                                                                                                                              jnbe 00007FBFAC98249Ch
                                                                                                                                                                              call 00007FBFAC982B7Ah
                                                                                                                                                                              test eax, eax
                                                                                                                                                                              je 00007FBFAC98245Ah

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3bd0c0x78.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x5f0.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x530000x758.reloc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x394800x1c.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x393400x140.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x10000x288000x28800False0.5583465952932098data6.488023200564254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rdata0x2a0000x12b160x12c00False0.5154817708333334data5.824620210951343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .data0x3d0000x103f80xe00False0.13309151785714285DOS executable (block device driver \377\3)1.8096886543499544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                              .pdata0x4e0000x20c40x2200False0.47794117647058826data5.274096406482418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              _RDATA0x510000x15c0x200False0.384765625data2.808567494642619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rsrc0x520000x5f00x600False0.4583333333333333data5.4220814688968435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .reloc0x530000x7580x800False0.544921875data5.2576643703968475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_MANIFEST0x520580x598XML 1.0 document, ASCII text, with CRLF line terminators0.44972067039106145

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                              COMCTL32.dll
                                                                                                                                                                              KERNEL32.dllGetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                              ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                              GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Dec 5, 2023 03:31:09.799434900 CET6109853192.168.2.41.1.1.1
                                                                                                                                                                              Dec 5, 2023 03:31:10.040313005 CET53610981.1.1.1192.168.2.4

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 5, 2023 03:31:09.799434900 CET192.168.2.41.1.1.10x41ceStandard query (0)paste.bingner.comA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Dec 5, 2023 03:31:10.040313005 CET1.1.1.1192.168.2.40x41ceName error (3)paste.bingner.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:03:31:02
                                                                                                                                                                              Start date:05/12/2023
                                                                                                                                                                              Path:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              Imagebase:0x7ff6085f0000
                                                                                                                                                                              File size:22'072'739 bytes
                                                                                                                                                                              MD5 hash:9FB9817DBDE58B64E92C19B3D73DDD08
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:1
                                                                                                                                                                              Start time:03:31:04
                                                                                                                                                                              Start date:05/12/2023
                                                                                                                                                                              Path:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                              Imagebase:0x7ff6085f0000
                                                                                                                                                                              File size:22'072'739 bytes
                                                                                                                                                                              MD5 hash:9FB9817DBDE58B64E92C19B3D73DDD08
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2908296915.0000020AA73B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2908296915.0000020AA7424000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:03:31:06
                                                                                                                                                                              Start date:05/12/2023
                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                              Imagebase:0x7ff680250000
                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:3
                                                                                                                                                                              Start time:03:31:06
                                                                                                                                                                              Start date:05/12/2023
                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:10.7%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:16.3%
                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                Total number of Limit Nodes:35
                                                                                                                                                                                execution_graph 14773 7ff6085fa620 14774 7ff6085fa643 14773->14774 14775 7ff6085fa65f memcpy_s 14773->14775 14776 7ff60860cacc 12 API calls 14774->14776 14776->14775 14898 7ff6085fb19c 14921 7ff6085fb36c 14898->14921 14901 7ff6085fb2e8 15027 7ff6085fb69c IsProcessorFeaturePresent 14901->15027 14902 7ff6085fb1b8 __scrt_acquire_startup_lock 14904 7ff6085fb2f2 14902->14904 14905 7ff6085fb1d6 14902->14905 14906 7ff6085fb69c 7 API calls 14904->14906 14907 7ff6085fb1f7 __scrt_release_startup_lock 14905->14907 14927 7ff608608674 14905->14927 14910 7ff6085fb2fd _CreateFrameInfo 14906->14910 14909 7ff6085fb1fb 14907->14909 14911 7ff6085fb281 14907->14911 15016 7ff608608984 14907->15016 14931 7ff6085fb7e8 14911->14931 14913 7ff6085fb286 14934 7ff6085f1000 14913->14934 14918 7ff6085fb2a9 14918->14910 15023 7ff6085fb500 14918->15023 15034 7ff6085fb96c 14921->15034 14924 7ff6085fb1b0 14924->14901 14924->14902 14925 7ff6085fb39b __scrt_initialize_crt 14925->14924 15036 7ff6085fcac8 14925->15036 14929 7ff608608687 14927->14929 14928 7ff6086086ae 14928->14907 14929->14928 15063 7ff6085fb0b0 14929->15063 15142 7ff6085fc210 14931->15142 14933 7ff6085fb7ff GetStartupInfoW 14933->14913 14935 7ff6085f100b 14934->14935 15144 7ff6085f7600 14935->15144 14937 7ff6085f101d 15151 7ff608604f14 14937->15151 14939 7ff6085f367b 15158 7ff6085f1af0 14939->15158 14943 7ff6085fad80 _wfindfirst32i64 8 API calls 14944 7ff6085f37ae 14943->14944 15021 7ff6085fb82c GetModuleHandleW 14944->15021 14945 7ff6085f3699 15008 7ff6085f379a 14945->15008 15174 7ff6085f3b20 14945->15174 14947 7ff6085f36cb 14947->15008 15177 7ff6085f6990 14947->15177 14949 7ff6085f36e7 14950 7ff6085f3733 14949->14950 14952 7ff6085f6990 61 API calls 14949->14952 15192 7ff6085f6f90 14950->15192 14957 7ff6085f3708 __vcrt_freefls 14952->14957 14953 7ff6085f3748 15196 7ff6085f19d0 14953->15196 14956 7ff6085f383d 14958 7ff6085f3868 14956->14958 15301 7ff6085f3280 14956->15301 14957->14950 14960 7ff6085f6f90 58 API calls 14957->14960 14967 7ff6085f38ab 14958->14967 15207 7ff6085f7a30 14958->15207 14959 7ff6085f19d0 121 API calls 14963 7ff6085f377e 14959->14963 14960->14950 14965 7ff6085f3782 14963->14965 14966 7ff6085f37c0 14963->14966 14964 7ff6085f3888 14968 7ff6085f389e SetDllDirectoryW 14964->14968 14969 7ff6085f388d 14964->14969 15265 7ff6085f2770 14965->15265 14966->14956 15278 7ff6085f3cb0 14966->15278 15221 7ff6085f5e40 14967->15221 14968->14967 14972 7ff6085f2770 59 API calls 14969->14972 14972->15008 14976 7ff6085f37e2 14982 7ff6085f2770 59 API calls 14976->14982 14977 7ff6085f3906 14983 7ff6085f39c6 14977->14983 14990 7ff6085f3919 14977->14990 14980 7ff6085f38c8 14980->14977 15315 7ff6085f5640 14980->15315 14981 7ff6085f3810 14981->14956 14984 7ff6085f3815 14981->14984 14982->15008 15225 7ff6085f3110 14983->15225 15297 7ff6085ff2ac 14984->15297 14997 7ff6085f3965 14990->14997 15415 7ff6085f1b30 14990->15415 14991 7ff6085f38fc 15409 7ff6085f5890 14991->15409 14992 7ff6085f38dd 15335 7ff6085f55d0 14992->15335 14997->15008 15419 7ff6085f30b0 14997->15419 14998 7ff6085f38e7 14998->14991 15000 7ff6085f38eb 14998->15000 14999 7ff6085f39fb 15001 7ff6085f6990 61 API calls 14999->15001 15403 7ff6085f5c90 15000->15403 15007 7ff6085f3a07 15001->15007 15004 7ff6085f39a1 15006 7ff6085f5890 FreeLibrary 15004->15006 15006->15008 15007->15008 15242 7ff6085f6fd0 15007->15242 15008->14943 15017 7ff60860899b 15016->15017 15018 7ff6086089bc 15016->15018 15017->14911 17796 7ff6086090d8 15018->17796 15022 7ff6085fb83d 15021->15022 15022->14918 15024 7ff6085fb511 15023->15024 15025 7ff6085fb2c0 15024->15025 15026 7ff6085fcac8 __scrt_initialize_crt 7 API calls 15024->15026 15025->14909 15026->15025 15028 7ff6085fb6c2 _wfindfirst32i64 memcpy_s 15027->15028 15029 7ff6085fb6e1 RtlCaptureContext RtlLookupFunctionEntry 15028->15029 15030 7ff6085fb70a RtlVirtualUnwind 15029->15030 15031 7ff6085fb746 memcpy_s 15029->15031 15030->15031 15032 7ff6085fb778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15031->15032 15033 7ff6085fb7ca _wfindfirst32i64 15032->15033 15033->14904 15035 7ff6085fb38e __scrt_dllmain_crt_thread_attach 15034->15035 15035->14924 15035->14925 15037 7ff6085fcad0 15036->15037 15038 7ff6085fcada 15036->15038 15042 7ff6085fce44 15037->15042 15038->14924 15043 7ff6085fce53 15042->15043 15044 7ff6085fcad5 15042->15044 15050 7ff6085fd080 15043->15050 15046 7ff6085fceb0 15044->15046 15047 7ff6085fcedb 15046->15047 15048 7ff6085fcedf 15047->15048 15049 7ff6085fcebe DeleteCriticalSection 15047->15049 15048->15038 15049->15047 15054 7ff6085fcee8 15050->15054 15055 7ff6085fd002 TlsFree 15054->15055 15061 7ff6085fcf2c __vcrt_FlsAlloc 15054->15061 15056 7ff6085fcf5a LoadLibraryExW 15058 7ff6085fcfd1 15056->15058 15059 7ff6085fcf7b GetLastError 15056->15059 15057 7ff6085fcff1 GetProcAddress 15057->15055 15058->15057 15060 7ff6085fcfe8 FreeLibrary 15058->15060 15059->15061 15060->15057 15061->15055 15061->15056 15061->15057 15062 7ff6085fcf9d LoadLibraryExW 15061->15062 15062->15058 15062->15061 15064 7ff6085fb0c0 15063->15064 15080 7ff60860579c 15064->15080 15066 7ff6085fb0cc 15086 7ff6085fb3b8 15066->15086 15068 7ff6085fb69c 7 API calls 15070 7ff6085fb165 15068->15070 15069 7ff6085fb0e4 _RTC_Initialize 15078 7ff6085fb139 15069->15078 15091 7ff6085fb568 15069->15091 15070->14929 15072 7ff6085fb0f9 15094 7ff608607e6c 15072->15094 15078->15068 15079 7ff6085fb155 15078->15079 15079->14929 15081 7ff6086057ad 15080->15081 15082 7ff6086057b5 15081->15082 15083 7ff608604444 _get_daylight 11 API calls 15081->15083 15082->15066 15084 7ff6086057c4 15083->15084 15085 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15084->15085 15085->15082 15087 7ff6085fb3c9 15086->15087 15090 7ff6085fb3ce __scrt_release_startup_lock 15086->15090 15088 7ff6085fb69c 7 API calls 15087->15088 15087->15090 15089 7ff6085fb442 15088->15089 15090->15069 15121 7ff6085fb52c 15091->15121 15093 7ff6085fb571 15093->15072 15095 7ff608607e8c 15094->15095 15096 7ff6085fb105 15094->15096 15097 7ff608607e94 15095->15097 15098 7ff608607eaa GetModuleFileNameW 15095->15098 15096->15078 15120 7ff6085fb63c InitializeSListHead 15096->15120 15099 7ff608604444 _get_daylight 11 API calls 15097->15099 15102 7ff608607ed5 15098->15102 15100 7ff608607e99 15099->15100 15101 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15100->15101 15101->15096 15136 7ff608607e0c 15102->15136 15105 7ff608607f1d 15106 7ff608604444 _get_daylight 11 API calls 15105->15106 15107 7ff608607f22 15106->15107 15108 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15107->15108 15111 7ff608607f30 15108->15111 15109 7ff608607f35 15110 7ff608607f57 15109->15110 15113 7ff608607f83 15109->15113 15114 7ff608607f9c 15109->15114 15112 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15110->15112 15111->15096 15112->15096 15115 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15113->15115 15116 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15114->15116 15117 7ff608607f8c 15115->15117 15116->15110 15118 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15117->15118 15119 7ff608607f98 15118->15119 15119->15096 15122 7ff6085fb546 15121->15122 15124 7ff6085fb53f 15121->15124 15125 7ff608608eec 15122->15125 15124->15093 15128 7ff608608b28 15125->15128 15135 7ff60860f788 EnterCriticalSection 15128->15135 15137 7ff608607e24 15136->15137 15138 7ff608607e5c 15136->15138 15137->15138 15139 7ff60860dd40 _get_daylight 11 API calls 15137->15139 15138->15105 15138->15109 15140 7ff608607e52 15139->15140 15141 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15140->15141 15141->15138 15143 7ff6085fc1f0 15142->15143 15143->14933 15143->15143 15145 7ff6085f761f 15144->15145 15146 7ff6085f7627 __vcrt_freefls 15145->15146 15147 7ff6085f7670 WideCharToMultiByte 15145->15147 15148 7ff6085f7718 15145->15148 15149 7ff6085f76c6 WideCharToMultiByte 15145->15149 15146->14937 15147->15145 15147->15148 15474 7ff6085f2620 15148->15474 15149->15145 15149->15148 15152 7ff60860ec40 15151->15152 15153 7ff60860ec93 15152->15153 15155 7ff60860ece6 15152->15155 15154 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15153->15154 15157 7ff60860ecbc 15154->15157 15864 7ff60860eb18 15155->15864 15157->14939 15159 7ff6085f1b05 15158->15159 15160 7ff6085f1b20 15159->15160 15872 7ff6085f24d0 15159->15872 15160->15008 15162 7ff6085f3ba0 15160->15162 15163 7ff6085fadb0 15162->15163 15164 7ff6085f3bac GetModuleFileNameW 15163->15164 15165 7ff6085f3bf2 15164->15165 15166 7ff6085f3bdb 15164->15166 15912 7ff6085f7b40 15165->15912 15168 7ff6085f2620 57 API calls 15166->15168 15169 7ff6085f3bee 15168->15169 15172 7ff6085fad80 _wfindfirst32i64 8 API calls 15169->15172 15171 7ff6085f2770 59 API calls 15171->15169 15173 7ff6085f3c2f 15172->15173 15173->14945 15175 7ff6085f1b30 49 API calls 15174->15175 15176 7ff6085f3b3d 15175->15176 15176->14947 15178 7ff6085f699a 15177->15178 15179 7ff6085f7a30 57 API calls 15178->15179 15180 7ff6085f69bc GetEnvironmentVariableW 15179->15180 15181 7ff6085f69d4 ExpandEnvironmentStringsW 15180->15181 15182 7ff6085f6a26 15180->15182 15184 7ff6085f7b40 59 API calls 15181->15184 15183 7ff6085fad80 _wfindfirst32i64 8 API calls 15182->15183 15185 7ff6085f6a38 15183->15185 15186 7ff6085f69fc 15184->15186 15185->14949 15186->15182 15187 7ff6085f6a06 15186->15187 15923 7ff60860910c 15187->15923 15190 7ff6085fad80 _wfindfirst32i64 8 API calls 15191 7ff6085f6a1e 15190->15191 15191->14949 15193 7ff6085f7a30 57 API calls 15192->15193 15194 7ff6085f6fa7 SetEnvironmentVariableW 15193->15194 15195 7ff6085f6fbf __vcrt_freefls 15194->15195 15195->14953 15197 7ff6085f1b30 49 API calls 15196->15197 15198 7ff6085f1a00 15197->15198 15199 7ff6085f1b30 49 API calls 15198->15199 15205 7ff6085f1a7a 15198->15205 15200 7ff6085f1a22 15199->15200 15201 7ff6085f3b20 49 API calls 15200->15201 15200->15205 15202 7ff6085f1a3b 15201->15202 15930 7ff6085f17b0 15202->15930 15205->14956 15205->14959 15206 7ff6085ff2ac 74 API calls 15206->15205 15208 7ff6085f7a51 MultiByteToWideChar 15207->15208 15209 7ff6085f7ad7 MultiByteToWideChar 15207->15209 15212 7ff6085f7a9c 15208->15212 15213 7ff6085f7a77 15208->15213 15210 7ff6085f7b1f 15209->15210 15211 7ff6085f7afa 15209->15211 15210->14964 15214 7ff6085f2620 55 API calls 15211->15214 15212->15209 15218 7ff6085f7ab2 15212->15218 15215 7ff6085f2620 55 API calls 15213->15215 15217 7ff6085f7b0d 15214->15217 15216 7ff6085f7a8a 15215->15216 15216->14964 15217->14964 15219 7ff6085f2620 55 API calls 15218->15219 15220 7ff6085f7ac5 15219->15220 15220->14964 15222 7ff6085f5e55 15221->15222 15223 7ff6085f24d0 59 API calls 15222->15223 15224 7ff6085f38b0 15222->15224 15223->15224 15224->14977 15305 7ff6085f5ae0 15224->15305 15230 7ff6085f3183 15225->15230 15234 7ff6085f31c4 15225->15234 15226 7ff6085f3203 15228 7ff6085fad80 _wfindfirst32i64 8 API calls 15226->15228 15227 7ff6085f1ab0 74 API calls 15227->15234 15229 7ff6085f3215 15228->15229 15229->15008 15235 7ff6085f6f20 15229->15235 15230->15234 16003 7ff6085f1440 15230->16003 16037 7ff6085f2990 15230->16037 16092 7ff6085f1780 15230->16092 15234->15226 15234->15227 15236 7ff6085f7a30 57 API calls 15235->15236 15237 7ff6085f6f3f 15236->15237 15238 7ff6085f7a30 57 API calls 15237->15238 15239 7ff6085f6f4f 15238->15239 15240 7ff6086066b4 38 API calls 15239->15240 15241 7ff6085f6f5d __vcrt_freefls 15240->15241 15241->14999 15243 7ff6085f6fe0 15242->15243 15244 7ff6085f7a30 57 API calls 15243->15244 15245 7ff6085f7011 SetConsoleCtrlHandler GetStartupInfoW 15244->15245 15246 7ff6085f7072 15245->15246 16968 7ff608609184 15246->16968 15266 7ff6085f2790 15265->15266 15267 7ff608603be4 49 API calls 15266->15267 15268 7ff6085f27dd memcpy_s 15267->15268 15269 7ff6085f7a30 57 API calls 15268->15269 15270 7ff6085f280a 15269->15270 15271 7ff6085f280f 15270->15271 15272 7ff6085f2849 MessageBoxA 15270->15272 15273 7ff6085f7a30 57 API calls 15271->15273 15274 7ff6085f2863 15272->15274 15275 7ff6085f2829 MessageBoxW 15273->15275 15276 7ff6085fad80 _wfindfirst32i64 8 API calls 15274->15276 15275->15274 15277 7ff6085f2873 15276->15277 15277->15008 15279 7ff6085f3cbc 15278->15279 15280 7ff6085f7a30 57 API calls 15279->15280 15281 7ff6085f3ce7 15280->15281 15282 7ff6085f7a30 57 API calls 15281->15282 15283 7ff6085f3cfa 15282->15283 16986 7ff6086054c8 15283->16986 15286 7ff6085fad80 _wfindfirst32i64 8 API calls 15287 7ff6085f37da 15286->15287 15287->14976 15288 7ff6085f7200 15287->15288 15289 7ff6085f7224 15288->15289 15290 7ff6085ff934 73 API calls 15289->15290 15291 7ff6085f72fb __vcrt_freefls 15289->15291 15292 7ff6085f723e 15290->15292 15291->14981 15292->15291 17365 7ff608607938 15292->17365 15294 7ff6085ff934 73 API calls 15296 7ff6085f7253 15294->15296 15295 7ff6085ff5fc _fread_nolock 53 API calls 15295->15296 15296->15291 15296->15294 15296->15295 15298 7ff6085ff2dc 15297->15298 17380 7ff6085ff088 15298->17380 15300 7ff6085ff2f5 15300->14976 15302 7ff6085f3297 15301->15302 15304 7ff6085f32c0 15301->15304 15303 7ff6085f1780 59 API calls 15302->15303 15302->15304 15303->15302 15304->14958 15306 7ff6085f5b31 15305->15306 15310 7ff6085f5b04 15305->15310 15314 7ff6085f5b27 memcpy_s __vcrt_freefls 15306->15314 17417 7ff6085f3d30 15306->17417 15307 7ff6085f5b2c 17391 7ff6085f12b0 15307->17391 15308 7ff6085f1780 59 API calls 15308->15310 15310->15306 15310->15307 15310->15308 15310->15314 15312 7ff6085f5b97 15313 7ff6085f2770 59 API calls 15312->15313 15312->15314 15313->15314 15314->14980 15316 7ff6085f565a memcpy_s 15315->15316 15317 7ff6085f577f 15316->15317 15319 7ff6085f579b 15316->15319 15323 7ff6085f3d30 49 API calls 15316->15323 15324 7ff6085f5760 15316->15324 15331 7ff6085f1440 161 API calls 15316->15331 15333 7ff6085f5781 15316->15333 17420 7ff6085f1650 15316->17420 15320 7ff6085f3d30 49 API calls 15317->15320 15321 7ff6085f2770 59 API calls 15319->15321 15322 7ff6085f57f8 15320->15322 15326 7ff6085f5791 __vcrt_freefls 15321->15326 15325 7ff6085f3d30 49 API calls 15322->15325 15323->15316 15324->15317 15327 7ff6085f3d30 49 API calls 15324->15327 15328 7ff6085f5828 15325->15328 15329 7ff6085fad80 _wfindfirst32i64 8 API calls 15326->15329 15327->15317 15332 7ff6085f3d30 49 API calls 15328->15332 15330 7ff6085f38d9 15329->15330 15330->14991 15330->14992 15331->15316 15332->15326 15334 7ff6085f2770 59 API calls 15333->15334 15334->15326 17425 7ff6085f71b0 15335->17425 15337 7ff6085f55e2 15338 7ff6085f71b0 58 API calls 15337->15338 15339 7ff6085f55f5 15338->15339 15340 7ff6085f561a 15339->15340 15341 7ff6085f560d GetProcAddress 15339->15341 15342 7ff6085f2770 59 API calls 15340->15342 15345 7ff6085f5f9c GetProcAddress 15341->15345 15346 7ff6085f5f79 15341->15346 15344 7ff6085f5626 15342->15344 15344->14998 15345->15346 15347 7ff6085f5fc1 GetProcAddress 15345->15347 15349 7ff6085f2620 57 API calls 15346->15349 15347->15346 15348 7ff6085f5fe6 GetProcAddress 15347->15348 15348->15346 15351 7ff6085f600e GetProcAddress 15348->15351 15350 7ff6085f5f8c 15349->15350 15350->14998 15351->15346 15352 7ff6085f6036 GetProcAddress 15351->15352 15352->15346 15410 7ff6085f58bd 15409->15410 15411 7ff6085f58a2 15409->15411 15410->14977 15411->15410 15412 7ff6085f5980 15411->15412 17429 7ff6085f7190 FreeLibrary 15411->17429 15412->15410 17430 7ff6085f7190 FreeLibrary 15412->17430 15416 7ff6085f1b55 15415->15416 15417 7ff608603be4 49 API calls 15416->15417 15418 7ff6085f1b78 15417->15418 15418->14997 17431 7ff6085f4960 15419->17431 15422 7ff6085f30fd 15422->15004 15424 7ff6085f30d4 15424->15422 17487 7ff6085f46e0 15424->17487 15493 7ff6085fadb0 15474->15493 15477 7ff6085f2669 15495 7ff608603be4 15477->15495 15482 7ff6085f1b30 49 API calls 15483 7ff6085f26c8 memcpy_s 15482->15483 15484 7ff6085f7a30 54 API calls 15483->15484 15485 7ff6085f26f5 15484->15485 15486 7ff6085f2734 MessageBoxA 15485->15486 15487 7ff6085f26fa 15485->15487 15488 7ff6085f274e 15486->15488 15489 7ff6085f7a30 54 API calls 15487->15489 15491 7ff6085fad80 _wfindfirst32i64 8 API calls 15488->15491 15490 7ff6085f2714 MessageBoxW 15489->15490 15490->15488 15492 7ff6085f275e 15491->15492 15492->15146 15494 7ff6085f263c GetLastError 15493->15494 15494->15477 15499 7ff608603c3e 15495->15499 15496 7ff608603c63 15497 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15496->15497 15512 7ff608603c8d 15497->15512 15498 7ff608603c9f 15525 7ff608601e70 15498->15525 15499->15496 15499->15498 15501 7ff608603d7c 15502 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15501->15502 15502->15512 15503 7ff6085fad80 _wfindfirst32i64 8 API calls 15505 7ff6085f2699 15503->15505 15513 7ff6085f74b0 15505->15513 15506 7ff608603d51 15510 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15506->15510 15507 7ff608603da0 15507->15501 15509 7ff608603daa 15507->15509 15508 7ff608603d48 15508->15501 15508->15506 15511 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15509->15511 15510->15512 15511->15512 15512->15503 15514 7ff6085f74bc 15513->15514 15515 7ff6085f74dd FormatMessageW 15514->15515 15516 7ff6085f74d7 GetLastError 15514->15516 15517 7ff6085f7510 15515->15517 15518 7ff6085f752c WideCharToMultiByte 15515->15518 15516->15515 15521 7ff6085f2620 54 API calls 15517->15521 15519 7ff6085f7523 15518->15519 15520 7ff6085f7566 15518->15520 15523 7ff6085fad80 _wfindfirst32i64 8 API calls 15519->15523 15522 7ff6085f2620 54 API calls 15520->15522 15521->15519 15522->15519 15524 7ff6085f26a0 15523->15524 15524->15482 15526 7ff608601eae 15525->15526 15527 7ff608601e9e 15525->15527 15528 7ff608601eb7 15526->15528 15532 7ff608601ee5 15526->15532 15531 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15527->15531 15529 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15528->15529 15530 7ff608601edd 15529->15530 15530->15501 15530->15506 15530->15507 15530->15508 15531->15530 15532->15527 15532->15530 15535 7ff608602194 15532->15535 15539 7ff608602800 15532->15539 15565 7ff6086024c8 15532->15565 15595 7ff608601d50 15532->15595 15598 7ff608603a20 15532->15598 15537 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15535->15537 15537->15527 15540 7ff6086028b5 15539->15540 15541 7ff608602842 15539->15541 15542 7ff60860290f 15540->15542 15543 7ff6086028ba 15540->15543 15544 7ff6086028df 15541->15544 15545 7ff608602848 15541->15545 15542->15544 15556 7ff60860291e 15542->15556 15563 7ff608602878 15542->15563 15546 7ff6086028ef 15543->15546 15547 7ff6086028bc 15543->15547 15622 7ff608600db0 15544->15622 15552 7ff60860284d 15545->15552 15545->15556 15629 7ff6086009a0 15546->15629 15548 7ff60860285d 15547->15548 15555 7ff6086028cb 15547->15555 15564 7ff60860294d 15548->15564 15604 7ff608603164 15548->15604 15552->15548 15554 7ff608602890 15552->15554 15552->15563 15554->15564 15614 7ff608603620 15554->15614 15555->15544 15557 7ff6086028d0 15555->15557 15556->15564 15636 7ff6086011c0 15556->15636 15557->15564 15618 7ff6086037b8 15557->15618 15559 7ff6085fad80 _wfindfirst32i64 8 API calls 15561 7ff608602be3 15559->15561 15561->15532 15563->15564 15643 7ff60860da00 15563->15643 15564->15559 15566 7ff6086024d3 15565->15566 15567 7ff6086024e9 15565->15567 15569 7ff6086028b5 15566->15569 15570 7ff608602842 15566->15570 15571 7ff608602527 15566->15571 15568 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15567->15568 15567->15571 15568->15571 15572 7ff60860290f 15569->15572 15573 7ff6086028ba 15569->15573 15574 7ff6086028df 15570->15574 15575 7ff608602848 15570->15575 15571->15532 15572->15574 15584 7ff60860291e 15572->15584 15592 7ff608602878 15572->15592 15576 7ff6086028ef 15573->15576 15577 7ff6086028bc 15573->15577 15579 7ff608600db0 38 API calls 15574->15579 15582 7ff60860284d 15575->15582 15575->15584 15580 7ff6086009a0 38 API calls 15576->15580 15578 7ff60860285d 15577->15578 15586 7ff6086028cb 15577->15586 15581 7ff608603164 47 API calls 15578->15581 15594 7ff60860294d 15578->15594 15579->15592 15580->15592 15581->15592 15582->15578 15583 7ff608602890 15582->15583 15582->15592 15587 7ff608603620 47 API calls 15583->15587 15583->15594 15585 7ff6086011c0 38 API calls 15584->15585 15584->15594 15585->15592 15586->15574 15588 7ff6086028d0 15586->15588 15587->15592 15590 7ff6086037b8 37 API calls 15588->15590 15588->15594 15589 7ff6085fad80 _wfindfirst32i64 8 API calls 15591 7ff608602be3 15589->15591 15590->15592 15591->15532 15593 7ff60860da00 47 API calls 15592->15593 15592->15594 15593->15592 15594->15589 15792 7ff6085fff74 15595->15792 15599 7ff608603a37 15598->15599 15809 7ff60860cb60 15599->15809 15605 7ff608603186 15604->15605 15653 7ff6085ffde0 15605->15653 15609 7ff6086032c3 15612 7ff60860334c 15609->15612 15613 7ff608603a20 45 API calls 15609->15613 15611 7ff608603a20 45 API calls 15611->15609 15612->15563 15613->15612 15615 7ff608603638 15614->15615 15617 7ff6086036a0 15614->15617 15616 7ff60860da00 47 API calls 15615->15616 15615->15617 15616->15617 15617->15563 15621 7ff6086037d9 15618->15621 15619 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15620 7ff60860380a 15619->15620 15620->15563 15621->15619 15621->15620 15623 7ff608600de3 15622->15623 15624 7ff608600e12 15623->15624 15626 7ff608600ecf 15623->15626 15625 7ff6085ffde0 12 API calls 15624->15625 15628 7ff608600e4f 15624->15628 15625->15628 15627 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15626->15627 15627->15628 15628->15563 15630 7ff6086009d3 15629->15630 15631 7ff608600a02 15630->15631 15633 7ff608600abf 15630->15633 15632 7ff6085ffde0 12 API calls 15631->15632 15635 7ff608600a3f 15631->15635 15632->15635 15634 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15633->15634 15634->15635 15635->15563 15637 7ff6086011f3 15636->15637 15638 7ff608601222 15637->15638 15640 7ff6086012df 15637->15640 15639 7ff6085ffde0 12 API calls 15638->15639 15642 7ff60860125f 15638->15642 15639->15642 15641 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15640->15641 15641->15642 15642->15563 15644 7ff60860da28 15643->15644 15645 7ff60860da6d 15644->15645 15646 7ff608603a20 45 API calls 15644->15646 15648 7ff60860da56 memcpy_s 15644->15648 15652 7ff60860da2d memcpy_s 15644->15652 15645->15648 15645->15652 15789 7ff60860f0b8 15645->15789 15646->15645 15647 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15647->15652 15648->15647 15648->15652 15652->15563 15654 7ff6085ffe17 15653->15654 15655 7ff6085ffe06 15653->15655 15654->15655 15656 7ff60860cacc _fread_nolock 12 API calls 15654->15656 15661 7ff60860d718 15655->15661 15657 7ff6085ffe44 15656->15657 15658 7ff6085ffe58 15657->15658 15659 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15657->15659 15660 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15658->15660 15659->15658 15660->15655 15662 7ff60860d768 15661->15662 15663 7ff60860d735 15661->15663 15662->15663 15665 7ff60860d79a 15662->15665 15664 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15663->15664 15673 7ff6086032a1 15664->15673 15668 7ff60860d8ad 15665->15668 15678 7ff60860d7e2 15665->15678 15666 7ff60860d99f 15716 7ff60860cc04 15666->15716 15668->15666 15669 7ff60860d965 15668->15669 15670 7ff60860d934 15668->15670 15672 7ff60860d8f7 15668->15672 15675 7ff60860d8ed 15668->15675 15709 7ff60860cf9c 15669->15709 15702 7ff60860d27c 15670->15702 15692 7ff60860d4ac 15672->15692 15673->15609 15673->15611 15675->15669 15677 7ff60860d8f2 15675->15677 15677->15670 15677->15672 15678->15673 15683 7ff6086091ac 15678->15683 15681 7ff608609dd0 _wfindfirst32i64 17 API calls 15682 7ff60860d9fc 15681->15682 15684 7ff6086091b9 15683->15684 15685 7ff6086091c3 15683->15685 15684->15685 15690 7ff6086091de 15684->15690 15686 7ff608604444 _get_daylight 11 API calls 15685->15686 15687 7ff6086091ca 15686->15687 15688 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15687->15688 15689 7ff6086091d6 15688->15689 15689->15673 15689->15681 15690->15689 15691 7ff608604444 _get_daylight 11 API calls 15690->15691 15691->15687 15725 7ff6086131cc 15692->15725 15696 7ff60860d5a9 15778 7ff60860d098 15696->15778 15697 7ff60860d554 15697->15696 15699 7ff60860d574 15697->15699 15701 7ff60860d558 15697->15701 15774 7ff60860d354 15699->15774 15701->15673 15703 7ff6086131cc 38 API calls 15702->15703 15704 7ff60860d2c6 15703->15704 15705 7ff608612c14 37 API calls 15704->15705 15706 7ff60860d316 15705->15706 15707 7ff60860d31a 15706->15707 15708 7ff60860d354 45 API calls 15706->15708 15707->15673 15708->15707 15710 7ff6086131cc 38 API calls 15709->15710 15711 7ff60860cfe7 15710->15711 15712 7ff608612c14 37 API calls 15711->15712 15713 7ff60860d03f 15712->15713 15714 7ff60860d043 15713->15714 15715 7ff60860d098 45 API calls 15713->15715 15714->15673 15715->15714 15717 7ff60860cc49 15716->15717 15718 7ff60860cc7c 15716->15718 15719 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15717->15719 15720 7ff60860cc94 15718->15720 15722 7ff60860cd15 15718->15722 15724 7ff60860cc75 memcpy_s 15719->15724 15721 7ff60860cf9c 46 API calls 15720->15721 15721->15724 15723 7ff608603a20 45 API calls 15722->15723 15722->15724 15723->15724 15724->15673 15726 7ff60861321f fegetenv 15725->15726 15727 7ff60861712c 37 API calls 15726->15727 15731 7ff608613272 15727->15731 15728 7ff60861329f 15733 7ff6086091ac __std_exception_copy 37 API calls 15728->15733 15729 7ff608613362 15730 7ff60861712c 37 API calls 15729->15730 15732 7ff60861338c 15730->15732 15731->15729 15734 7ff60861328d 15731->15734 15735 7ff60861333c 15731->15735 15736 7ff60861712c 37 API calls 15732->15736 15737 7ff60861331d 15733->15737 15734->15728 15734->15729 15738 7ff6086091ac __std_exception_copy 37 API calls 15735->15738 15739 7ff60861339d 15736->15739 15740 7ff608614444 15737->15740 15744 7ff608613325 15737->15744 15738->15737 15742 7ff608617320 20 API calls 15739->15742 15741 7ff608609dd0 _wfindfirst32i64 17 API calls 15740->15741 15743 7ff608614459 15741->15743 15748 7ff608613406 memcpy_s 15742->15748 15745 7ff6085fad80 _wfindfirst32i64 8 API calls 15744->15745 15746 7ff60860d4f9 15745->15746 15770 7ff608612c14 15746->15770 15747 7ff608613447 memcpy_s 15764 7ff608613d8b memcpy_s 15747->15764 15765 7ff6086138a3 memcpy_s 15747->15765 15748->15747 15749 7ff6086137af memcpy_s 15748->15749 15754 7ff608604444 _get_daylight 11 API calls 15748->15754 15750 7ff608613aef 15751 7ff608612d30 37 API calls 15750->15751 15756 7ff608614207 15751->15756 15752 7ff608613a9b 15752->15750 15753 7ff60861445c memcpy_s 37 API calls 15752->15753 15753->15750 15755 7ff608613880 15754->15755 15757 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15755->15757 15758 7ff60861445c memcpy_s 37 API calls 15756->15758 15768 7ff608614262 15756->15768 15757->15747 15758->15768 15759 7ff6086143e8 15760 7ff60861712c 37 API calls 15759->15760 15760->15744 15761 7ff608604444 11 API calls _get_daylight 15761->15764 15762 7ff608604444 11 API calls _get_daylight 15762->15765 15763 7ff608609db0 37 API calls _invalid_parameter_noinfo 15763->15765 15764->15750 15764->15752 15764->15761 15769 7ff608609db0 37 API calls _invalid_parameter_noinfo 15764->15769 15765->15752 15765->15762 15765->15763 15766 7ff608612d30 37 API calls 15766->15768 15767 7ff60861445c memcpy_s 37 API calls 15767->15768 15768->15759 15768->15766 15768->15767 15769->15764 15771 7ff608612c33 15770->15771 15772 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15771->15772 15773 7ff608612c5e memcpy_s 15771->15773 15772->15773 15773->15697 15773->15773 15775 7ff60860d380 memcpy_s 15774->15775 15776 7ff608603a20 45 API calls 15775->15776 15777 7ff60860d43a memcpy_s 15775->15777 15776->15777 15777->15701 15779 7ff60860d0d3 15778->15779 15782 7ff60860d120 memcpy_s 15778->15782 15780 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15779->15780 15781 7ff60860d0ff 15780->15781 15781->15701 15782->15782 15783 7ff60860d18b 15782->15783 15785 7ff608603a20 45 API calls 15782->15785 15784 7ff6086091ac __std_exception_copy 37 API calls 15783->15784 15788 7ff60860d1cd memcpy_s 15784->15788 15785->15783 15786 7ff608609dd0 _wfindfirst32i64 17 API calls 15787 7ff60860d278 15786->15787 15788->15786 15791 7ff60860f0dc WideCharToMultiByte 15789->15791 15793 7ff6085fffb3 15792->15793 15794 7ff6085fffa1 15792->15794 15796 7ff6085fffc0 15793->15796 15800 7ff6085ffffd 15793->15800 15795 7ff608604444 _get_daylight 11 API calls 15794->15795 15797 7ff6085fffa6 15795->15797 15799 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15796->15799 15798 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15797->15798 15806 7ff6085fffb1 15798->15806 15799->15806 15801 7ff6086000a6 15800->15801 15802 7ff608604444 _get_daylight 11 API calls 15800->15802 15803 7ff608604444 _get_daylight 11 API calls 15801->15803 15801->15806 15804 7ff60860009b 15802->15804 15805 7ff608600150 15803->15805 15807 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15804->15807 15808 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15805->15808 15806->15532 15807->15801 15808->15806 15810 7ff60860cb79 15809->15810 15811 7ff608603a5f 15809->15811 15810->15811 15817 7ff608612424 15810->15817 15813 7ff60860cbcc 15811->15813 15814 7ff60860cbe5 15813->15814 15816 7ff608603a6f 15813->15816 15814->15816 15861 7ff608611790 15814->15861 15816->15532 15829 7ff60860a620 GetLastError 15817->15829 15820 7ff60861247e 15820->15811 15830 7ff60860a661 FlsSetValue 15829->15830 15831 7ff60860a644 FlsGetValue 15829->15831 15832 7ff60860a651 15830->15832 15833 7ff60860a673 15830->15833 15831->15832 15834 7ff60860a65b 15831->15834 15835 7ff60860a6cd SetLastError 15832->15835 15836 7ff60860dd40 _get_daylight 11 API calls 15833->15836 15834->15830 15838 7ff60860a6da 15835->15838 15839 7ff60860a6ed 15835->15839 15837 7ff60860a682 15836->15837 15841 7ff60860a6a0 FlsSetValue 15837->15841 15842 7ff60860a690 FlsSetValue 15837->15842 15838->15820 15851 7ff60860f788 EnterCriticalSection 15838->15851 15852 7ff60860920c 15839->15852 15845 7ff60860a6ac FlsSetValue 15841->15845 15846 7ff60860a6be 15841->15846 15844 7ff60860a699 15842->15844 15847 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15844->15847 15845->15844 15848 7ff60860a3c4 _get_daylight 11 API calls 15846->15848 15847->15832 15849 7ff60860a6c6 15848->15849 15850 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15849->15850 15850->15835 15853 7ff608612770 _CreateFrameInfo EnterCriticalSection LeaveCriticalSection 15852->15853 15854 7ff608609215 15853->15854 15855 7ff608609224 15854->15855 15856 7ff6086127c0 _CreateFrameInfo 44 API calls 15854->15856 15857 7ff608609257 _CreateFrameInfo 15855->15857 15858 7ff60860922d IsProcessorFeaturePresent 15855->15858 15856->15855 15859 7ff60860923c 15858->15859 15860 7ff608609ae4 _wfindfirst32i64 14 API calls 15859->15860 15860->15857 15862 7ff60860a620 _CreateFrameInfo 45 API calls 15861->15862 15863 7ff608611799 15862->15863 15871 7ff6086042ec EnterCriticalSection 15864->15871 15873 7ff6085f24ec 15872->15873 15874 7ff608603be4 49 API calls 15873->15874 15875 7ff6085f253f 15874->15875 15876 7ff608604444 _get_daylight 11 API calls 15875->15876 15877 7ff6085f2544 15876->15877 15891 7ff608604464 15877->15891 15880 7ff6085f1b30 49 API calls 15881 7ff6085f2573 memcpy_s 15880->15881 15882 7ff6085f7a30 57 API calls 15881->15882 15883 7ff6085f25a0 15882->15883 15884 7ff6085f25a5 15883->15884 15885 7ff6085f25df MessageBoxA 15883->15885 15886 7ff6085f7a30 57 API calls 15884->15886 15887 7ff6085f25f9 15885->15887 15888 7ff6085f25bf MessageBoxW 15886->15888 15889 7ff6085fad80 _wfindfirst32i64 8 API calls 15887->15889 15888->15887 15890 7ff6085f2609 15889->15890 15890->15160 15892 7ff60860a798 _get_daylight 11 API calls 15891->15892 15893 7ff60860447b 15892->15893 15894 7ff60860dd40 _get_daylight 11 API calls 15893->15894 15897 7ff6086044bb 15893->15897 15900 7ff6085f254b 15893->15900 15895 7ff6086044b0 15894->15895 15896 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15895->15896 15896->15897 15897->15900 15903 7ff60860e418 15897->15903 15900->15880 15901 7ff608609dd0 _wfindfirst32i64 17 API calls 15902 7ff608604500 15901->15902 15905 7ff60860e435 15903->15905 15904 7ff608604444 _get_daylight 11 API calls 15906 7ff60860e444 15904->15906 15907 7ff6086044e1 15905->15907 15908 7ff60860e43a 15905->15908 15910 7ff60860e484 15905->15910 15909 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15906->15909 15907->15900 15907->15901 15908->15904 15908->15907 15909->15907 15910->15907 15911 7ff608604444 _get_daylight 11 API calls 15910->15911 15911->15906 15913 7ff6085f7b64 WideCharToMultiByte 15912->15913 15914 7ff6085f7bd2 WideCharToMultiByte 15912->15914 15915 7ff6085f7b8e 15913->15915 15918 7ff6085f7ba5 15913->15918 15916 7ff6085f7bff 15914->15916 15920 7ff6085f3c05 15914->15920 15917 7ff6085f2620 57 API calls 15915->15917 15919 7ff6085f2620 57 API calls 15916->15919 15917->15920 15918->15914 15921 7ff6085f7bbb 15918->15921 15919->15920 15920->15169 15920->15171 15922 7ff6085f2620 57 API calls 15921->15922 15922->15920 15924 7ff6085f6a0e 15923->15924 15925 7ff608609123 15923->15925 15924->15190 15925->15924 15926 7ff6086091ac __std_exception_copy 37 API calls 15925->15926 15927 7ff608609150 15926->15927 15927->15924 15928 7ff608609dd0 _wfindfirst32i64 17 API calls 15927->15928 15929 7ff608609180 15928->15929 15931 7ff6085f17d4 15930->15931 15932 7ff6085f17e4 15930->15932 15934 7ff6085f3cb0 116 API calls 15931->15934 15933 7ff6085f7200 83 API calls 15932->15933 15963 7ff6085f1842 15932->15963 15935 7ff6085f1815 15933->15935 15934->15932 15935->15963 15964 7ff6085ff934 15935->15964 15937 7ff6085f182b 15940 7ff6085f182f 15937->15940 15941 7ff6085f184c 15937->15941 15938 7ff6085fad80 _wfindfirst32i64 8 API calls 15939 7ff6085f19c0 15938->15939 15939->15205 15939->15206 15942 7ff6085f24d0 59 API calls 15940->15942 15968 7ff6085ff5fc 15941->15968 15942->15963 15945 7ff6085f1867 15948 7ff6085f24d0 59 API calls 15945->15948 15946 7ff6085ff934 73 API calls 15947 7ff6085f18d1 15946->15947 15949 7ff6085f18e3 15947->15949 15950 7ff6085f18fe 15947->15950 15948->15963 15951 7ff6085f24d0 59 API calls 15949->15951 15952 7ff6085ff5fc _fread_nolock 53 API calls 15950->15952 15951->15963 15953 7ff6085f1913 15952->15953 15953->15945 15954 7ff6085f1925 15953->15954 15971 7ff6085ff370 15954->15971 15957 7ff6085f193d 15958 7ff6085f2770 59 API calls 15957->15958 15958->15963 15959 7ff6085f1993 15961 7ff6085ff2ac 74 API calls 15959->15961 15959->15963 15960 7ff6085f1950 15960->15959 15962 7ff6085f2770 59 API calls 15960->15962 15961->15963 15962->15959 15963->15938 15965 7ff6085ff964 15964->15965 15977 7ff6085ff6c4 15965->15977 15967 7ff6085ff97d 15967->15937 15989 7ff6085ff61c 15968->15989 15972 7ff6085f1939 15971->15972 15973 7ff6085ff379 15971->15973 15972->15957 15972->15960 15974 7ff608604444 _get_daylight 11 API calls 15973->15974 15975 7ff6085ff37e 15974->15975 15976 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15975->15976 15976->15972 15978 7ff6085ff72e 15977->15978 15979 7ff6085ff6ee 15977->15979 15978->15979 15980 7ff6085ff73a 15978->15980 15981 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 15979->15981 15988 7ff6086042ec EnterCriticalSection 15980->15988 15983 7ff6085ff715 15981->15983 15983->15967 15990 7ff6085f1861 15989->15990 15991 7ff6085ff646 15989->15991 15990->15945 15990->15946 15991->15990 15992 7ff6085ff655 memcpy_s 15991->15992 15993 7ff6085ff692 15991->15993 15996 7ff608604444 _get_daylight 11 API calls 15992->15996 16002 7ff6086042ec EnterCriticalSection 15993->16002 15998 7ff6085ff66a 15996->15998 16000 7ff608609db0 _invalid_parameter_noinfo 37 API calls 15998->16000 16000->15990 16096 7ff6085f6720 16003->16096 16005 7ff6085f1454 16006 7ff6085f1459 16005->16006 16105 7ff6085f6a40 16005->16105 16006->15230 16009 7ff6085f14a7 16012 7ff6085f14e0 16009->16012 16014 7ff6085f3cb0 116 API calls 16009->16014 16010 7ff6085f1487 16011 7ff6085f24d0 59 API calls 16010->16011 16013 7ff6085f149d 16011->16013 16015 7ff6085ff934 73 API calls 16012->16015 16013->15230 16017 7ff6085f14bf 16014->16017 16016 7ff6085f14f2 16015->16016 16018 7ff6085f1516 16016->16018 16019 7ff6085f14f6 16016->16019 16017->16012 16020 7ff6085f14c7 16017->16020 16022 7ff6085f1534 16018->16022 16023 7ff6085f151c 16018->16023 16021 7ff6085f24d0 59 API calls 16019->16021 16024 7ff6085f2770 59 API calls 16020->16024 16036 7ff6085f14d6 __vcrt_freefls 16021->16036 16027 7ff6085f1556 16022->16027 16034 7ff6085f1575 16022->16034 16130 7ff6085f1050 16023->16130 16024->16036 16026 7ff6085f1624 16029 7ff6085ff2ac 74 API calls 16026->16029 16030 7ff6085f24d0 59 API calls 16027->16030 16028 7ff6085ff2ac 74 API calls 16028->16026 16029->16013 16030->16036 16031 7ff6085ff5fc _fread_nolock 53 API calls 16031->16034 16032 7ff6085f15d5 16035 7ff6085f24d0 59 API calls 16032->16035 16034->16031 16034->16032 16034->16036 16148 7ff6085ffd3c 16034->16148 16035->16036 16036->16026 16036->16028 16038 7ff6085f29a6 16037->16038 16039 7ff6085f1b30 49 API calls 16038->16039 16040 7ff6085f29db 16039->16040 16041 7ff6085f3b20 49 API calls 16040->16041 16070 7ff6085f2de1 16040->16070 16042 7ff6085f2a4f 16041->16042 16727 7ff6085f2e00 16042->16727 16045 7ff6085f2a91 16048 7ff6085f6720 98 API calls 16045->16048 16046 7ff6085f2aca 16047 7ff6085f2e00 75 API calls 16046->16047 16049 7ff6085f2b1c 16047->16049 16050 7ff6085f2a99 16048->16050 16052 7ff6085f2b20 16049->16052 16053 7ff6085f2b86 16049->16053 16051 7ff6085f2aba 16050->16051 16735 7ff6085f6600 16050->16735 16057 7ff6085f2770 59 API calls 16051->16057 16060 7ff6085f2ac3 16051->16060 16056 7ff6085f6720 98 API calls 16052->16056 16055 7ff6085f2e00 75 API calls 16053->16055 16058 7ff6085f2bb2 16055->16058 16059 7ff6085f2b28 16056->16059 16057->16060 16061 7ff6085f2c12 16058->16061 16063 7ff6085f2e00 75 API calls 16058->16063 16059->16051 16064 7ff6085f6600 138 API calls 16059->16064 16062 7ff6085fad80 _wfindfirst32i64 8 API calls 16060->16062 16065 7ff6085f6720 98 API calls 16061->16065 16061->16070 16066 7ff6085f2b7b 16062->16066 16067 7ff6085f2be2 16063->16067 16068 7ff6085f2b45 16064->16068 16072 7ff6085f2c22 16065->16072 16066->15230 16067->16061 16071 7ff6085f2e00 75 API calls 16067->16071 16068->16051 16069 7ff6085f2dc6 16068->16069 16071->16061 16072->16070 16093 7ff6085f17a1 16092->16093 16094 7ff6085f1795 16092->16094 16093->15230 16095 7ff6085f2770 59 API calls 16094->16095 16095->16093 16097 7ff6085f6732 16096->16097 16102 7ff6085f6768 16096->16102 16152 7ff6085f16d0 16097->16152 16102->16005 16106 7ff6085f6a50 16105->16106 16107 7ff6085f1b30 49 API calls 16106->16107 16108 7ff6085f6a81 16107->16108 16109 7ff6085f6c4b 16108->16109 16110 7ff6085f1b30 49 API calls 16108->16110 16111 7ff6085fad80 _wfindfirst32i64 8 API calls 16109->16111 16113 7ff6085f6aa8 16110->16113 16112 7ff6085f147f 16111->16112 16112->16009 16112->16010 16113->16109 16677 7ff6086050e8 16113->16677 16115 7ff6085f6bb9 16116 7ff6085f7a30 57 API calls 16115->16116 16119 7ff6085f6bd1 16116->16119 16117 7ff6085f6add 16117->16109 16117->16115 16117->16117 16127 7ff6086050e8 49 API calls 16117->16127 16128 7ff6085f7a30 57 API calls 16117->16128 16129 7ff6085f78a0 58 API calls 16117->16129 16118 7ff6085f6c7a 16120 7ff6085f3cb0 116 API calls 16118->16120 16119->16118 16123 7ff6085f6990 61 API calls 16119->16123 16126 7ff6085f6c02 __vcrt_freefls 16119->16126 16120->16109 16121 7ff6085f6c6e 16122 7ff6085f6c3f 16123->16126 16126->16121 16126->16122 16127->16117 16128->16117 16129->16117 16131 7ff6085f10a6 16130->16131 16132 7ff6085f10d3 16131->16132 16133 7ff6085f10ad 16131->16133 16136 7ff6085f10ed 16132->16136 16137 7ff6085f1109 16132->16137 16134 7ff6085f2770 59 API calls 16133->16134 16135 7ff6085f10c0 16134->16135 16135->16036 16138 7ff6085f24d0 59 API calls 16136->16138 16139 7ff6085f111b 16137->16139 16142 7ff6085f1137 memcpy_s 16137->16142 16144 7ff6085f1104 __vcrt_freefls 16138->16144 16140 7ff6085f24d0 59 API calls 16139->16140 16140->16144 16141 7ff6085ff5fc _fread_nolock 53 API calls 16141->16142 16142->16141 16143 7ff6085ff370 37 API calls 16142->16143 16142->16144 16146 7ff6085ffd3c 76 API calls 16142->16146 16147 7ff6085f11fe 16142->16147 16143->16142 16144->16036 16146->16142 16149 7ff6085ffd6c 16148->16149 16712 7ff6085ffa8c 16149->16712 16154 7ff6085f16f5 16152->16154 16153 7ff6085f1738 16156 7ff6085f6780 16153->16156 16154->16153 16155 7ff6085f2770 59 API calls 16154->16155 16155->16153 16157 7ff6085f6798 16156->16157 16158 7ff6085f680b 16157->16158 16159 7ff6085f67b8 16157->16159 16161 7ff6085f6810 GetTempPathW 16158->16161 16160 7ff6085f6990 61 API calls 16159->16160 16162 7ff6085f67c4 16160->16162 16163 7ff6085f6825 16161->16163 16220 7ff6085f6480 16162->16220 16196 7ff6085f2470 16163->16196 16168 7ff6085fad80 _wfindfirst32i64 8 API calls 16174 7ff6085f683e __vcrt_freefls 16175 7ff6085f68e6 16174->16175 16179 7ff6085f6871 16174->16179 16200 7ff60860736c 16174->16200 16203 7ff6085f78a0 16174->16203 16195 7ff6085f68aa __vcrt_freefls 16179->16195 16195->16168 16197 7ff6085f2495 16196->16197 16254 7ff608603e38 16197->16254 16221 7ff6085f648c 16220->16221 16222 7ff6085f7a30 57 API calls 16221->16222 16223 7ff6085f64ae 16222->16223 16224 7ff6085f64c9 ExpandEnvironmentStringsW 16223->16224 16225 7ff6085f64b6 16223->16225 16227 7ff6085f64ef __vcrt_freefls 16224->16227 16226 7ff6085f2770 59 API calls 16225->16226 16232 7ff6085f64c2 16226->16232 16228 7ff6085f64f3 16227->16228 16229 7ff6085f6506 16227->16229 16230 7ff6085f2770 59 API calls 16228->16230 16234 7ff6085f6514 16229->16234 16235 7ff6085f6520 16229->16235 16230->16232 16231 7ff6085fad80 _wfindfirst32i64 8 API calls 16233 7ff6085f65e8 16231->16233 16232->16231 16233->16195 16244 7ff6086066b4 16233->16244 16561 7ff608605f44 16234->16561 16568 7ff608605348 16235->16568 16238 7ff6085f651e 16245 7ff6086066d4 16244->16245 16246 7ff6086066c1 16244->16246 16255 7ff608603e92 16254->16255 16256 7ff608603eb7 16255->16256 16257 7ff608603ef3 16255->16257 16258 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 16256->16258 16272 7ff6086021f0 16257->16272 16260 7ff608603ee1 16258->16260 16262 7ff6085fad80 _wfindfirst32i64 8 API calls 16260->16262 16261 7ff608603fd4 16263 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16261->16263 16265 7ff6085f24b4 16262->16265 16263->16260 16265->16174 16266 7ff608603ffa 16266->16261 16268 7ff608604004 16266->16268 16267 7ff608603fa9 16269 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16267->16269 16271 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16268->16271 16269->16260 16270 7ff608603fa0 16270->16261 16270->16267 16271->16260 16273 7ff60860222e 16272->16273 16274 7ff60860221e 16272->16274 16275 7ff608602237 16273->16275 16280 7ff608602265 16273->16280 16276 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 16274->16276 16277 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 16275->16277 16278 7ff60860225d 16276->16278 16277->16278 16278->16261 16278->16266 16278->16267 16278->16270 16280->16274 16280->16278 16283 7ff608602c04 16280->16283 16316 7ff608602650 16280->16316 16353 7ff608601de0 16280->16353 16284 7ff608602cb7 16283->16284 16285 7ff608602c46 16283->16285 16288 7ff608602d10 16284->16288 16289 7ff608602cbc 16284->16289 16286 7ff608602ce1 16285->16286 16287 7ff608602c4c 16285->16287 16372 7ff608600fb4 16286->16372 16290 7ff608602c51 16287->16290 16291 7ff608602c80 16287->16291 16295 7ff608602d27 16288->16295 16290->16295 16317 7ff608602674 16316->16317 16318 7ff60860265e 16316->16318 16321 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 16317->16321 16322 7ff6086026b4 16317->16322 16319 7ff608602cb7 16318->16319 16320 7ff608602c46 16318->16320 16318->16322 16321->16322 16322->16280 16409 7ff608600228 16353->16409 16410 7ff60860026f 16409->16410 16411 7ff60860025d 16409->16411 16414 7ff60860027d 16410->16414 16418 7ff6086002b9 16410->16418 16412 7ff608604444 _get_daylight 11 API calls 16411->16412 16562 7ff608605f62 16561->16562 16565 7ff608605f95 16561->16565 16562->16565 16580 7ff60860f924 16562->16580 16565->16238 16569 7ff608605364 16568->16569 16570 7ff6086053d2 16568->16570 16569->16570 16572 7ff608605369 16569->16572 16614 7ff60860f090 16570->16614 16678 7ff60860a620 _CreateFrameInfo 45 API calls 16677->16678 16680 7ff6086050fd 16678->16680 16679 7ff60860ee97 16699 7ff6085faf14 16679->16699 16680->16679 16684 7ff60860edb6 16680->16684 16683 7ff6085fad80 _wfindfirst32i64 8 API calls 16685 7ff60860ee8f 16683->16685 16684->16683 16685->16117 16702 7ff6085faf28 IsProcessorFeaturePresent 16699->16702 16703 7ff6085faf3f 16702->16703 16708 7ff6085fafc4 RtlCaptureContext RtlLookupFunctionEntry 16703->16708 16709 7ff6085faff4 RtlVirtualUnwind 16708->16709 16710 7ff6085faf53 16708->16710 16709->16710 16711 7ff6085fae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16710->16711 16713 7ff6085ffaac 16712->16713 16714 7ff6085ffad9 16712->16714 16713->16714 16728 7ff6085f2e34 16727->16728 16729 7ff608603be4 49 API calls 16728->16729 16730 7ff6085f2e5a 16729->16730 16731 7ff6085f2e6b 16730->16731 16759 7ff608604e08 16730->16759 16733 7ff6085fad80 _wfindfirst32i64 8 API calls 16731->16733 16734 7ff6085f2a8d 16733->16734 16734->16045 16734->16046 16736 7ff6085f660e 16735->16736 16737 7ff6085f3cb0 116 API calls 16736->16737 16738 7ff6085f6635 16737->16738 16739 7ff6085f6a40 136 API calls 16738->16739 16740 7ff6085f6643 16739->16740 16760 7ff608604e25 16759->16760 16761 7ff608604e31 16759->16761 16776 7ff608604680 16760->16776 16801 7ff608604a1c 16761->16801 16765 7ff608604e69 16812 7ff608604504 16765->16812 16769 7ff608604ec5 16771 7ff608604e2a 16769->16771 16773 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16769->16773 16770 7ff608604ed9 16772 7ff608604680 69 API calls 16770->16772 16771->16731 16774 7ff608604ee5 16772->16774 16773->16771 16774->16771 16775 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16774->16775 16775->16771 16777 7ff60860469a 16776->16777 16778 7ff6086046b7 16776->16778 16779 7ff608604424 _fread_nolock 11 API calls 16777->16779 16778->16777 16780 7ff6086046ca CreateFileW 16778->16780 16781 7ff60860469f 16779->16781 16782 7ff608604734 16780->16782 16783 7ff6086046fe 16780->16783 16785 7ff608604444 _get_daylight 11 API calls 16781->16785 16860 7ff608604cf8 16782->16860 16834 7ff6086047d4 GetFileType 16783->16834 16788 7ff6086046a7 16785->16788 16792 7ff608609db0 _invalid_parameter_noinfo 37 API calls 16788->16792 16790 7ff60860473d 16795 7ff6086043b8 _fread_nolock 11 API calls 16790->16795 16791 7ff608604768 16881 7ff608604ab8 16791->16881 16796 7ff6086046b2 16792->16796 16796->16771 16802 7ff608604a40 16801->16802 16808 7ff608604a3b 16801->16808 16803 7ff60860a620 _CreateFrameInfo 45 API calls 16802->16803 16802->16808 16804 7ff608604a5b 16803->16804 16922 7ff60860cb2c 16804->16922 16808->16765 16809 7ff60860dfcc 16808->16809 16930 7ff60860ddb8 16809->16930 16813 7ff608604552 16812->16813 16814 7ff60860452e 16812->16814 16815 7ff6086045ac 16813->16815 16816 7ff608604557 16813->16816 16817 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16814->16817 16821 7ff60860453d 16814->16821 16939 7ff60860e7f0 16815->16939 16819 7ff60860456c 16816->16819 16816->16821 16822 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16816->16822 16817->16821 16823 7ff60860cacc _fread_nolock 12 API calls 16819->16823 16821->16769 16821->16770 16822->16819 16823->16821 16835 7ff608604822 16834->16835 16836 7ff6086048df 16834->16836 16837 7ff60860484e GetFileInformationByHandle 16835->16837 16844 7ff608604bf4 21 API calls 16835->16844 16838 7ff608604909 16836->16838 16839 7ff6086048e7 16836->16839 16840 7ff6086048fa GetLastError 16837->16840 16841 7ff608604877 16837->16841 16843 7ff60860492c PeekNamedPipe 16838->16843 16859 7ff6086048ca 16838->16859 16839->16840 16842 7ff6086048eb 16839->16842 16847 7ff6086043b8 _fread_nolock 11 API calls 16840->16847 16845 7ff608604ab8 51 API calls 16841->16845 16846 7ff608604444 _get_daylight 11 API calls 16842->16846 16843->16859 16848 7ff60860483c 16844->16848 16849 7ff608604882 16845->16849 16846->16859 16847->16859 16848->16837 16848->16859 16850 7ff6085fad80 _wfindfirst32i64 8 API calls 16852 7ff60860470c 16850->16852 16859->16850 16861 7ff608604d2e 16860->16861 16862 7ff608604444 _get_daylight 11 API calls 16861->16862 16880 7ff608604dc6 __vcrt_freefls 16861->16880 16864 7ff608604d40 16862->16864 16863 7ff6085fad80 _wfindfirst32i64 8 API calls 16865 7ff608604739 16863->16865 16866 7ff608604444 _get_daylight 11 API calls 16864->16866 16865->16790 16865->16791 16867 7ff608604d48 16866->16867 16880->16863 16923 7ff60860cb41 16922->16923 16925 7ff608604a7e 16922->16925 16924 7ff608612424 45 API calls 16923->16924 16923->16925 16924->16925 16926 7ff60860cb98 16925->16926 16927 7ff60860cbad 16926->16927 16929 7ff60860cbc0 16926->16929 16928 7ff608611790 45 API calls 16927->16928 16927->16929 16928->16929 16929->16808 16931 7ff60860de15 16930->16931 16937 7ff60860de10 __vcrt_FlsAlloc 16930->16937 16931->16765 16932 7ff60860de45 LoadLibraryExW 16933 7ff60860df1a 16932->16933 16934 7ff60860de6a GetLastError 16932->16934 16935 7ff60860df3a GetProcAddress 16933->16935 16936 7ff60860df31 FreeLibrary 16933->16936 16934->16937 16935->16931 16936->16935 16937->16931 16937->16932 16937->16935 16938 7ff60860dea4 LoadLibraryExW 16937->16938 16938->16933 16938->16937 16941 7ff60860e7f9 MultiByteToWideChar 16939->16941 16969 7ff60860918d 16968->16969 16971 7ff6085f707a 16968->16971 16970 7ff608604444 _get_daylight 11 API calls 16969->16970 16972 7ff608609192 16970->16972 16974 7ff608606ef8 16971->16974 16975 7ff608606f01 16974->16975 16976 7ff608606f16 16974->16976 16987 7ff6086053fc 16986->16987 16988 7ff608605422 16987->16988 16991 7ff608605455 16987->16991 16989 7ff608604444 _get_daylight 11 API calls 16988->16989 16990 7ff608605427 16989->16990 16994 7ff608609db0 _invalid_parameter_noinfo 37 API calls 16990->16994 16992 7ff60860545b 16991->16992 16993 7ff608605468 16991->16993 16995 7ff608604444 _get_daylight 11 API calls 16992->16995 17005 7ff60860a0f8 16993->17005 16997 7ff6085f3d09 16994->16997 16995->16997 16997->15286 17018 7ff60860f788 EnterCriticalSection 17005->17018 17366 7ff608607968 17365->17366 17369 7ff608607444 17366->17369 17368 7ff608607981 17368->15296 17370 7ff60860745f 17369->17370 17371 7ff60860748e 17369->17371 17372 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 17370->17372 17379 7ff6086042ec EnterCriticalSection 17371->17379 17374 7ff60860747f 17372->17374 17374->17368 17381 7ff6085ff0a3 17380->17381 17382 7ff6085ff0d1 17380->17382 17384 7ff608609ce4 _invalid_parameter_noinfo 37 API calls 17381->17384 17383 7ff6085ff0c3 17382->17383 17390 7ff6086042ec EnterCriticalSection 17382->17390 17383->15300 17384->17383 17392 7ff6085f12f8 17391->17392 17393 7ff6085f12c6 17391->17393 17395 7ff6085ff934 73 API calls 17392->17395 17394 7ff6085f3cb0 116 API calls 17393->17394 17396 7ff6085f12d6 17394->17396 17397 7ff6085f130a 17395->17397 17396->17392 17398 7ff6085f12de 17396->17398 17399 7ff6085f130e 17397->17399 17400 7ff6085f132f 17397->17400 17402 7ff6085f2770 59 API calls 17398->17402 17401 7ff6085f24d0 59 API calls 17399->17401 17405 7ff6085f1364 17400->17405 17406 7ff6085f1344 17400->17406 17403 7ff6085f1325 17401->17403 17404 7ff6085f12ee 17402->17404 17403->15306 17404->15306 17408 7ff6085f137e 17405->17408 17412 7ff6085f1395 17405->17412 17407 7ff6085f24d0 59 API calls 17406->17407 17415 7ff6085f135f __vcrt_freefls 17407->17415 17409 7ff6085f1050 98 API calls 17408->17409 17409->17415 17410 7ff6085ff5fc _fread_nolock 53 API calls 17410->17412 17411 7ff6085f1421 17411->15306 17412->17410 17414 7ff6085f13de 17412->17414 17412->17415 17413 7ff6085ff2ac 74 API calls 17413->17411 17416 7ff6085f24d0 59 API calls 17414->17416 17415->17411 17415->17413 17416->17415 17418 7ff6085f1b30 49 API calls 17417->17418 17419 7ff6085f3d60 17418->17419 17419->15312 17421 7ff6085f16aa 17420->17421 17422 7ff6085f1666 17420->17422 17421->15316 17422->17421 17423 7ff6085f2770 59 API calls 17422->17423 17424 7ff6085f16be 17423->17424 17424->15316 17426 7ff6085f7a30 57 API calls 17425->17426 17427 7ff6085f71c7 LoadLibraryExW 17426->17427 17428 7ff6085f71e4 __vcrt_freefls 17427->17428 17428->15337 17429->15412 17430->15410 17432 7ff6085f4970 17431->17432 17433 7ff6085f1b30 49 API calls 17432->17433 17434 7ff6085f49a2 17433->17434 17435 7ff6085f49ab 17434->17435 17437 7ff6085f49cb 17434->17437 17436 7ff6085f2770 59 API calls 17435->17436 17440 7ff6085f49c1 17436->17440 17438 7ff6085f4a22 17437->17438 17441 7ff6085f3d30 49 API calls 17437->17441 17439 7ff6085f3d30 49 API calls 17438->17439 17442 7ff6085f4a3b 17439->17442 17444 7ff6085fad80 _wfindfirst32i64 8 API calls 17440->17444 17443 7ff6085f49ec 17441->17443 17445 7ff6085f4a59 17442->17445 17450 7ff6085f2770 59 API calls 17442->17450 17446 7ff6085f4a0a 17443->17446 17447 7ff6085f2770 59 API calls 17443->17447 17449 7ff6085f30be 17444->17449 17451 7ff6085f71b0 58 API calls 17445->17451 17516 7ff6085f3c40 17446->17516 17447->17446 17449->15422 17459 7ff6085f4ce0 17449->17459 17450->17445 17453 7ff6085f4a66 17451->17453 17454 7ff6085f4a8d 17453->17454 17455 7ff6085f4a6b 17453->17455 17522 7ff6085f3df0 GetProcAddress 17454->17522 17458 7ff6085f2620 57 API calls 17455->17458 17457 7ff6085f71b0 58 API calls 17457->17438 17458->17440 17460 7ff6085f6990 61 API calls 17459->17460 17463 7ff6085f4cf5 17460->17463 17461 7ff6085f4d10 17462 7ff6085f7a30 57 API calls 17461->17462 17464 7ff6085f4d54 17462->17464 17463->17461 17465 7ff6085f2880 59 API calls 17463->17465 17466 7ff6085f4d70 17464->17466 17467 7ff6085f4d59 17464->17467 17465->17461 17470 7ff6085f7a30 57 API calls 17466->17470 17468 7ff6085f2770 59 API calls 17467->17468 17469 7ff6085f4d65 17468->17469 17469->15424 17471 7ff6085f4da5 17470->17471 17473 7ff6085f1b30 49 API calls 17471->17473 17485 7ff6085f4daa __vcrt_freefls 17471->17485 17472 7ff6085f2770 59 API calls 17474 7ff6085f4f51 17472->17474 17475 7ff6085f4e27 17473->17475 17474->15424 17476 7ff6085f4e53 17475->17476 17477 7ff6085f4e2e 17475->17477 17479 7ff6085f7a30 57 API calls 17476->17479 17478 7ff6085f2770 59 API calls 17477->17478 17485->17472 17486 7ff6085f4f3a 17485->17486 17486->15424 17488 7ff6085f46f7 17487->17488 17488->17488 17489 7ff6085f4720 17488->17489 17496 7ff6085f4737 __vcrt_freefls 17488->17496 17517 7ff6085f3c4a 17516->17517 17518 7ff6085f7a30 57 API calls 17517->17518 17519 7ff6085f3c72 17518->17519 17520 7ff6085fad80 _wfindfirst32i64 8 API calls 17519->17520 17521 7ff6085f3c9a 17520->17521 17521->17438 17521->17457 17523 7ff6085f3e3b GetProcAddress 17522->17523 17524 7ff6085f3e18 17522->17524 17523->17524 17525 7ff6085f3e60 GetProcAddress 17523->17525 17526 7ff6085f2620 57 API calls 17524->17526 17525->17524 17527 7ff6085f3e85 GetProcAddress 17525->17527 17529 7ff6085f3e2b 17526->17529 17527->17524 17528 7ff6085f3ead GetProcAddress 17527->17528 17528->17524 17530 7ff6085f3ed5 GetProcAddress 17528->17530 17529->17440 17530->17524 17531 7ff6085f3efd GetProcAddress 17530->17531 17532 7ff6085f3f25 GetProcAddress 17531->17532 17533 7ff6085f3f19 17531->17533 17534 7ff6085f3f41 17532->17534 17535 7ff6085f3f4d GetProcAddress 17532->17535 17533->17532 17534->17535 17536 7ff6085f3f69 17535->17536 17537 7ff6085f3fa5 GetProcAddress 17536->17537 17538 7ff6085f3f7d GetProcAddress 17536->17538 17538->17537 17797 7ff60860a620 _CreateFrameInfo 45 API calls 17796->17797 17798 7ff6086090e1 17797->17798 17799 7ff60860920c _CreateFrameInfo 45 API calls 17798->17799 17800 7ff608609101 17799->17800 18044 7ff60860a4a0 18045 7ff60860a4ba 18044->18045 18046 7ff60860a4a5 18044->18046 18050 7ff60860a4c0 18046->18050 18051 7ff60860a502 18050->18051 18054 7ff60860a50a 18050->18054 18052 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18051->18052 18052->18054 18053 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18055 7ff60860a517 18053->18055 18054->18053 18056 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18055->18056 18057 7ff60860a524 18056->18057 18058 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18057->18058 18059 7ff60860a531 18058->18059 18060 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18059->18060 18061 7ff60860a53e 18060->18061 18062 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18061->18062 18063 7ff60860a54b 18062->18063 18064 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18063->18064 18065 7ff60860a558 18064->18065 18066 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18065->18066 18067 7ff60860a565 18066->18067 18068 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18067->18068 18069 7ff60860a575 18068->18069 18070 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18069->18070 18071 7ff60860a585 18070->18071 18076 7ff60860a364 18071->18076 18090 7ff60860f788 EnterCriticalSection 18076->18090 18112 7ff608616fa0 18115 7ff608611730 18112->18115 18116 7ff608611782 18115->18116 18117 7ff60861173d 18115->18117 18121 7ff60860a6f4 18117->18121 18122 7ff60860a720 FlsSetValue 18121->18122 18123 7ff60860a705 FlsGetValue 18121->18123 18125 7ff60860a712 18122->18125 18126 7ff60860a72d 18122->18126 18124 7ff60860a71a 18123->18124 18123->18125 18124->18122 18127 7ff60860a718 18125->18127 18128 7ff60860920c _CreateFrameInfo 45 API calls 18125->18128 18129 7ff60860dd40 _get_daylight 11 API calls 18126->18129 18141 7ff608611404 18127->18141 18130 7ff60860a795 18128->18130 18131 7ff60860a73c 18129->18131 18132 7ff60860a75a FlsSetValue 18131->18132 18133 7ff60860a74a FlsSetValue 18131->18133 18134 7ff60860a766 FlsSetValue 18132->18134 18135 7ff60860a778 18132->18135 18136 7ff60860a753 18133->18136 18134->18136 18137 7ff60860a3c4 _get_daylight 11 API calls 18135->18137 18138 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18136->18138 18139 7ff60860a780 18137->18139 18138->18125 18140 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18139->18140 18140->18127 18164 7ff608611674 18141->18164 18143 7ff608611439 18179 7ff608611104 18143->18179 18146 7ff608611456 18146->18116 18147 7ff60860cacc _fread_nolock 12 API calls 18148 7ff608611467 18147->18148 18149 7ff60861146f 18148->18149 18151 7ff60861147e 18148->18151 18150 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18149->18150 18150->18146 18151->18151 18186 7ff6086117ac 18151->18186 18154 7ff60861157a 18155 7ff608604444 _get_daylight 11 API calls 18154->18155 18156 7ff60861157f 18155->18156 18159 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18156->18159 18157 7ff6086115d5 18158 7ff60861163c 18157->18158 18197 7ff608610f34 18157->18197 18163 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18158->18163 18159->18146 18160 7ff608611594 18160->18157 18161 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18160->18161 18161->18157 18163->18146 18165 7ff608611697 18164->18165 18166 7ff6086116a1 18165->18166 18212 7ff60860f788 EnterCriticalSection 18165->18212 18169 7ff608611713 18166->18169 18171 7ff60860920c _CreateFrameInfo 45 API calls 18166->18171 18169->18143 18173 7ff60861172b 18171->18173 18174 7ff608611782 18173->18174 18176 7ff60860a6f4 50 API calls 18173->18176 18174->18143 18177 7ff60861176c 18176->18177 18178 7ff608611404 65 API calls 18177->18178 18178->18174 18180 7ff608604a1c 45 API calls 18179->18180 18181 7ff608611118 18180->18181 18182 7ff608611136 18181->18182 18183 7ff608611124 GetOEMCP 18181->18183 18184 7ff60861113b GetACP 18182->18184 18185 7ff60861114b 18182->18185 18183->18185 18184->18185 18185->18146 18185->18147 18187 7ff608611104 47 API calls 18186->18187 18188 7ff6086117d9 18187->18188 18189 7ff60861192f 18188->18189 18191 7ff608611816 IsValidCodePage 18188->18191 18196 7ff608611830 memcpy_s 18188->18196 18190 7ff6085fad80 _wfindfirst32i64 8 API calls 18189->18190 18192 7ff608611571 18190->18192 18191->18189 18193 7ff608611827 18191->18193 18192->18154 18192->18160 18194 7ff608611856 GetCPInfo 18193->18194 18193->18196 18194->18189 18194->18196 18213 7ff60861121c 18196->18213 18284 7ff60860f788 EnterCriticalSection 18197->18284 18214 7ff608611259 GetCPInfo 18213->18214 18223 7ff60861134f 18213->18223 18219 7ff60861126c 18214->18219 18214->18223 18215 7ff6085fad80 _wfindfirst32i64 8 API calls 18217 7ff6086113ee 18215->18217 18217->18189 18224 7ff608611f60 18219->18224 18222 7ff608616f04 54 API calls 18222->18223 18223->18215 18225 7ff608604a1c 45 API calls 18224->18225 18226 7ff608611fa2 18225->18226 18227 7ff60860e7f0 _fread_nolock MultiByteToWideChar 18226->18227 18229 7ff608611fd8 18227->18229 18228 7ff608611fdf 18230 7ff6085fad80 _wfindfirst32i64 8 API calls 18228->18230 18229->18228 18231 7ff60860cacc _fread_nolock 12 API calls 18229->18231 18233 7ff60861209c 18229->18233 18235 7ff608612008 memcpy_s 18229->18235 18232 7ff6086112e3 18230->18232 18231->18235 18239 7ff608616f04 18232->18239 18233->18228 18234 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18233->18234 18234->18228 18235->18233 18236 7ff60860e7f0 _fread_nolock MultiByteToWideChar 18235->18236 18237 7ff60861207e 18236->18237 18237->18233 18238 7ff608612082 GetStringTypeW 18237->18238 18238->18233 18240 7ff608604a1c 45 API calls 18239->18240 18241 7ff608616f29 18240->18241 18244 7ff608616bd0 18241->18244 18245 7ff608616c11 18244->18245 18246 7ff60860e7f0 _fread_nolock MultiByteToWideChar 18245->18246 18250 7ff608616c5b 18246->18250 18247 7ff608616ed9 18248 7ff6085fad80 _wfindfirst32i64 8 API calls 18247->18248 18249 7ff608611316 18248->18249 18249->18222 18250->18247 18251 7ff60860cacc _fread_nolock 12 API calls 18250->18251 18253 7ff608616c93 18250->18253 18263 7ff608616d91 18250->18263 18251->18253 18252 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18252->18247 18254 7ff60860e7f0 _fread_nolock MultiByteToWideChar 18253->18254 18253->18263 18255 7ff608616d06 18254->18255 18255->18263 18275 7ff60860e18c 18255->18275 18258 7ff608616d51 18260 7ff60860e18c __crtLCMapStringW 6 API calls 18258->18260 18258->18263 18259 7ff608616da2 18261 7ff60860cacc _fread_nolock 12 API calls 18259->18261 18262 7ff608616e74 18259->18262 18265 7ff608616dc0 18259->18265 18260->18263 18261->18265 18262->18263 18264 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18262->18264 18263->18247 18263->18252 18264->18263 18265->18263 18266 7ff60860e18c __crtLCMapStringW 6 API calls 18265->18266 18267 7ff608616e40 18266->18267 18267->18262 18268 7ff608616e76 18267->18268 18269 7ff608616e60 18267->18269 18271 7ff60860f0b8 WideCharToMultiByte 18268->18271 18270 7ff60860f0b8 WideCharToMultiByte 18269->18270 18272 7ff608616e6e 18270->18272 18271->18272 18272->18262 18273 7ff608616e8e 18272->18273 18273->18263 18274 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18273->18274 18274->18263 18276 7ff60860ddb8 __crtLCMapStringW 5 API calls 18275->18276 18277 7ff60860e1ca 18276->18277 18278 7ff60860e1d2 18277->18278 18281 7ff60860e278 18277->18281 18278->18258 18278->18259 18278->18263 18280 7ff60860e23b LCMapStringW 18280->18278 18282 7ff60860ddb8 __crtLCMapStringW 5 API calls 18281->18282 18283 7ff60860e2a6 __crtLCMapStringW 18282->18283 18283->18280 18781 7ff60860fa08 18782 7ff60860fa2c 18781->18782 18785 7ff60860fa3c 18781->18785 18783 7ff608604444 _get_daylight 11 API calls 18782->18783 18806 7ff60860fa31 18783->18806 18784 7ff60860fd1c 18787 7ff608604444 _get_daylight 11 API calls 18784->18787 18785->18784 18786 7ff60860fa5e 18785->18786 18788 7ff60860fa7f 18786->18788 18912 7ff6086100c4 18786->18912 18789 7ff60860fd21 18787->18789 18792 7ff60860faf1 18788->18792 18793 7ff60860faa5 18788->18793 18798 7ff60860fae5 18788->18798 18791 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18789->18791 18791->18806 18795 7ff60860dd40 _get_daylight 11 API calls 18792->18795 18810 7ff60860fab4 18792->18810 18927 7ff608608518 18793->18927 18794 7ff60860fb9e 18805 7ff60860fbbb 18794->18805 18811 7ff60860fc0d 18794->18811 18799 7ff60860fb07 18795->18799 18798->18794 18798->18810 18933 7ff6086164ac 18798->18933 18802 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18799->18802 18801 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18801->18806 18807 7ff60860fb15 18802->18807 18803 7ff60860facd 18803->18798 18813 7ff6086100c4 45 API calls 18803->18813 18804 7ff60860faaf 18808 7ff608604444 _get_daylight 11 API calls 18804->18808 18809 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18805->18809 18807->18798 18807->18810 18815 7ff60860dd40 _get_daylight 11 API calls 18807->18815 18808->18810 18812 7ff60860fbc4 18809->18812 18810->18801 18811->18810 18814 7ff6086124fc 40 API calls 18811->18814 18820 7ff60860fbc9 18812->18820 18969 7ff6086124fc 18812->18969 18813->18798 18816 7ff60860fc4a 18814->18816 18817 7ff60860fb37 18815->18817 18818 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18816->18818 18823 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18817->18823 18824 7ff60860fc54 18818->18824 18821 7ff60860fd10 18820->18821 18827 7ff60860dd40 _get_daylight 11 API calls 18820->18827 18826 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18821->18826 18822 7ff60860fbf5 18825 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18822->18825 18823->18798 18824->18810 18824->18820 18825->18820 18826->18806 18828 7ff60860fc98 18827->18828 18829 7ff60860fca9 18828->18829 18830 7ff60860fca0 18828->18830 18832 7ff6086091ac __std_exception_copy 37 API calls 18829->18832 18831 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18830->18831 18833 7ff60860fca7 18831->18833 18834 7ff60860fcb8 18832->18834 18838 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18833->18838 18835 7ff60860fd4b 18834->18835 18836 7ff60860fcc0 18834->18836 18837 7ff608609dd0 _wfindfirst32i64 17 API calls 18835->18837 18978 7ff6086165c4 18836->18978 18840 7ff60860fd5f 18837->18840 18838->18806 18842 7ff60860fd88 18840->18842 18851 7ff60860fd98 18840->18851 18845 7ff608604444 _get_daylight 11 API calls 18842->18845 18843 7ff60860fce7 18847 7ff608604444 _get_daylight 11 API calls 18843->18847 18844 7ff60860fd08 18846 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18844->18846 18874 7ff60860fd8d 18845->18874 18846->18821 18848 7ff60860fcec 18847->18848 18849 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18848->18849 18849->18833 18850 7ff60861007b 18853 7ff608604444 _get_daylight 11 API calls 18850->18853 18851->18850 18852 7ff60860fdba 18851->18852 18854 7ff60860fdd7 18852->18854 18997 7ff6086101ac 18852->18997 18855 7ff608610080 18853->18855 18858 7ff60860fe4b 18854->18858 18860 7ff60860fdff 18854->18860 18864 7ff60860fe3f 18854->18864 18857 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18855->18857 18857->18874 18862 7ff60860fe73 18858->18862 18865 7ff60860dd40 _get_daylight 11 API calls 18858->18865 18879 7ff60860fe0e 18858->18879 18859 7ff60860fefe 18873 7ff60860ff1b 18859->18873 18880 7ff60860ff6e 18859->18880 19012 7ff608608554 18860->19012 18862->18864 18867 7ff60860dd40 _get_daylight 11 API calls 18862->18867 18862->18879 18864->18859 18864->18879 19018 7ff60861636c 18864->19018 18869 7ff60860fe65 18865->18869 18872 7ff60860fe95 18867->18872 18868 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18868->18874 18875 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18869->18875 18870 7ff60860fe27 18870->18864 18882 7ff6086101ac 45 API calls 18870->18882 18871 7ff60860fe09 18876 7ff608604444 _get_daylight 11 API calls 18871->18876 18877 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18872->18877 18878 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18873->18878 18875->18862 18876->18879 18877->18864 18881 7ff60860ff24 18878->18881 18879->18868 18880->18879 18883 7ff6086124fc 40 API calls 18880->18883 18885 7ff6086124fc 40 API calls 18881->18885 18888 7ff60860ff2a 18881->18888 18882->18864 18884 7ff60860ffac 18883->18884 18886 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18884->18886 18887 7ff60860ff56 18885->18887 18890 7ff60860ffb6 18886->18890 18891 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18887->18891 18889 7ff60861006f 18888->18889 18893 7ff60860dd40 _get_daylight 11 API calls 18888->18893 18892 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18889->18892 18890->18879 18890->18888 18891->18888 18892->18874 18894 7ff60860fffb 18893->18894 18895 7ff60861000c 18894->18895 18896 7ff608610003 18894->18896 18898 7ff60860f924 _wfindfirst32i64 37 API calls 18895->18898 18897 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18896->18897 18899 7ff60861000a 18897->18899 18900 7ff60861001a 18898->18900 18904 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18899->18904 18901 7ff6086100af 18900->18901 18902 7ff608610022 SetEnvironmentVariableW 18900->18902 18903 7ff608609dd0 _wfindfirst32i64 17 API calls 18901->18903 18905 7ff608610046 18902->18905 18906 7ff608610067 18902->18906 18907 7ff6086100c3 18903->18907 18904->18874 18909 7ff608604444 _get_daylight 11 API calls 18905->18909 18908 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18906->18908 18908->18889 18910 7ff60861004b 18909->18910 18911 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18910->18911 18911->18899 18913 7ff6086100f9 18912->18913 18914 7ff6086100e1 18912->18914 18915 7ff60860dd40 _get_daylight 11 API calls 18913->18915 18914->18788 18916 7ff60861011d 18915->18916 18917 7ff60861017e 18916->18917 18921 7ff60860dd40 _get_daylight 11 API calls 18916->18921 18922 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18916->18922 18923 7ff6086091ac __std_exception_copy 37 API calls 18916->18923 18924 7ff60861018d 18916->18924 18926 7ff6086101a2 18916->18926 18919 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18917->18919 18918 7ff60860920c _CreateFrameInfo 45 API calls 18920 7ff6086101a8 18918->18920 18919->18914 18921->18916 18922->18916 18923->18916 18925 7ff608609dd0 _wfindfirst32i64 17 API calls 18924->18925 18925->18926 18926->18918 18928 7ff608608531 18927->18928 18929 7ff608608528 18927->18929 18928->18803 18928->18804 18929->18928 19042 7ff608607ff0 18929->19042 18934 7ff6086164b9 18933->18934 18935 7ff60861565c 18933->18935 18937 7ff608604a1c 45 API calls 18934->18937 18936 7ff60861569f 18935->18936 18940 7ff608615669 18935->18940 18938 7ff6086156c9 18936->18938 18947 7ff6086156ee 18936->18947 18942 7ff6086164ed 18937->18942 18941 7ff608604444 _get_daylight 11 API calls 18938->18941 18939 7ff608604444 _get_daylight 11 API calls 18944 7ff608615673 18939->18944 18940->18939 18955 7ff608615610 18940->18955 18945 7ff6086156ce 18941->18945 18943 7ff6086164f2 18942->18943 18946 7ff608616503 18942->18946 18950 7ff60861651a 18942->18950 18943->18798 18948 7ff608609db0 _invalid_parameter_noinfo 37 API calls 18944->18948 18949 7ff608609db0 _invalid_parameter_noinfo 37 API calls 18945->18949 18951 7ff608604444 _get_daylight 11 API calls 18946->18951 18957 7ff608604a1c 45 API calls 18947->18957 18958 7ff6086156d9 18947->18958 18952 7ff60861567e 18948->18952 18949->18958 18953 7ff608616536 18950->18953 18954 7ff608616524 18950->18954 18956 7ff608616508 18951->18956 18952->18798 18960 7ff608616547 18953->18960 18961 7ff60861655e 18953->18961 18959 7ff608604444 _get_daylight 11 API calls 18954->18959 18955->18798 18962 7ff608609db0 _invalid_parameter_noinfo 37 API calls 18956->18962 18957->18958 18958->18798 18963 7ff608616529 18959->18963 19104 7ff6086156ac 18960->19104 19113 7ff608618388 18961->19113 18962->18943 18966 7ff608609db0 _invalid_parameter_noinfo 37 API calls 18963->18966 18966->18943 18968 7ff608604444 _get_daylight 11 API calls 18968->18943 18970 7ff60861253b 18969->18970 18971 7ff60861251e 18969->18971 18973 7ff608612545 18970->18973 19153 7ff608616fb8 18970->19153 18971->18970 18972 7ff60861252c 18971->18972 18974 7ff608604444 _get_daylight 11 API calls 18972->18974 19160 7ff60860f98c 18973->19160 18977 7ff608612531 memcpy_s 18974->18977 18977->18822 18979 7ff608604a1c 45 API calls 18978->18979 18980 7ff60861662a 18979->18980 18981 7ff608616638 18980->18981 18982 7ff60860dfcc 5 API calls 18980->18982 18983 7ff608604504 14 API calls 18981->18983 18982->18981 18984 7ff608616694 18983->18984 18985 7ff608616724 18984->18985 18986 7ff608604a1c 45 API calls 18984->18986 18988 7ff608616735 18985->18988 18990 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18985->18990 18987 7ff6086166a7 18986->18987 18989 7ff6086166b0 18987->18989 18992 7ff60860dfcc 5 API calls 18987->18992 18991 7ff60860fce3 18988->18991 18993 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18988->18993 18994 7ff608604504 14 API calls 18989->18994 18990->18988 18991->18843 18991->18844 18992->18989 18993->18991 18995 7ff60861670b 18994->18995 18995->18985 18996 7ff608616713 SetEnvironmentVariableW 18995->18996 18996->18985 18998 7ff6086101ec 18997->18998 18999 7ff6086101cf 18997->18999 19000 7ff60860dd40 _get_daylight 11 API calls 18998->19000 18999->18854 19001 7ff608610210 19000->19001 19002 7ff608610271 19001->19002 19006 7ff60860dd40 _get_daylight 11 API calls 19001->19006 19007 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19001->19007 19008 7ff60860f924 _wfindfirst32i64 37 API calls 19001->19008 19009 7ff608610280 19001->19009 19011 7ff608610294 19001->19011 19004 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19002->19004 19003 7ff60860920c _CreateFrameInfo 45 API calls 19005 7ff60861029a 19003->19005 19004->18999 19006->19001 19007->19001 19008->19001 19010 7ff608609dd0 _wfindfirst32i64 17 API calls 19009->19010 19010->19011 19011->19003 19013 7ff60860856d 19012->19013 19014 7ff608608564 19012->19014 19013->18870 19013->18871 19014->19013 19015 7ff608608064 40 API calls 19014->19015 19016 7ff608608576 19015->19016 19016->19013 19017 7ff608608424 12 API calls 19016->19017 19017->19013 19019 7ff608616379 19018->19019 19023 7ff6086163a6 19018->19023 19020 7ff60861637e 19019->19020 19019->19023 19021 7ff608604444 _get_daylight 11 API calls 19020->19021 19024 7ff608616383 19021->19024 19022 7ff6086163ea 19025 7ff608604444 _get_daylight 11 API calls 19022->19025 19023->19022 19026 7ff608616409 19023->19026 19040 7ff6086163de __crtLCMapStringW 19023->19040 19027 7ff608609db0 _invalid_parameter_noinfo 37 API calls 19024->19027 19028 7ff6086163ef 19025->19028 19029 7ff608616413 19026->19029 19030 7ff608616425 19026->19030 19031 7ff60861638e 19027->19031 19032 7ff608609db0 _invalid_parameter_noinfo 37 API calls 19028->19032 19033 7ff608604444 _get_daylight 11 API calls 19029->19033 19034 7ff608604a1c 45 API calls 19030->19034 19031->18864 19032->19040 19035 7ff608616418 19033->19035 19036 7ff608616432 19034->19036 19037 7ff608609db0 _invalid_parameter_noinfo 37 API calls 19035->19037 19036->19040 19172 7ff608617f44 19036->19172 19037->19040 19040->18864 19041 7ff608604444 _get_daylight 11 API calls 19041->19040 19043 7ff608608005 19042->19043 19044 7ff608608009 19042->19044 19043->18928 19057 7ff608608344 19043->19057 19045 7ff608611730 65 API calls 19044->19045 19046 7ff60860800e 19045->19046 19065 7ff608611a6c GetEnvironmentStringsW 19046->19065 19049 7ff60860801b 19051 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19049->19051 19050 7ff608608027 19085 7ff6086080d4 19050->19085 19051->19043 19054 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19055 7ff60860804e 19054->19055 19056 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19055->19056 19056->19043 19058 7ff60860836d 19057->19058 19063 7ff608608386 19057->19063 19058->18928 19059 7ff60860f0b8 WideCharToMultiByte 19059->19063 19060 7ff60860dd40 _get_daylight 11 API calls 19060->19063 19061 7ff608608416 19062 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19061->19062 19062->19058 19063->19058 19063->19059 19063->19060 19063->19061 19064 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19063->19064 19064->19063 19066 7ff608611a9c 19065->19066 19067 7ff608608013 19065->19067 19068 7ff60860f0b8 WideCharToMultiByte 19066->19068 19067->19049 19067->19050 19069 7ff608611aed 19068->19069 19070 7ff608611af4 FreeEnvironmentStringsW 19069->19070 19071 7ff60860cacc _fread_nolock 12 API calls 19069->19071 19070->19067 19072 7ff608611b07 19071->19072 19073 7ff608611b18 19072->19073 19074 7ff608611b0f 19072->19074 19076 7ff60860f0b8 WideCharToMultiByte 19073->19076 19075 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19074->19075 19077 7ff608611b16 19075->19077 19078 7ff608611b3b 19076->19078 19077->19070 19079 7ff608611b49 19078->19079 19080 7ff608611b3f 19078->19080 19082 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19079->19082 19081 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19080->19081 19083 7ff608611b47 FreeEnvironmentStringsW 19081->19083 19082->19083 19083->19067 19086 7ff6086080f9 19085->19086 19087 7ff60860dd40 _get_daylight 11 API calls 19086->19087 19088 7ff60860812f 19087->19088 19090 7ff6086081aa 19088->19090 19093 7ff60860dd40 _get_daylight 11 API calls 19088->19093 19094 7ff608608199 19088->19094 19095 7ff6086091ac __std_exception_copy 37 API calls 19088->19095 19098 7ff6086081cf 19088->19098 19101 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19088->19101 19102 7ff608608137 19088->19102 19089 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19092 7ff60860802f 19089->19092 19091 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19090->19091 19091->19092 19092->19054 19093->19088 19096 7ff608608300 11 API calls 19094->19096 19095->19088 19097 7ff6086081a1 19096->19097 19099 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19097->19099 19100 7ff608609dd0 _wfindfirst32i64 17 API calls 19098->19100 19099->19102 19103 7ff6086081e2 19100->19103 19101->19088 19102->19089 19105 7ff6086156c9 19104->19105 19106 7ff6086156e0 19104->19106 19107 7ff608604444 _get_daylight 11 API calls 19105->19107 19106->19105 19109 7ff6086156ee 19106->19109 19108 7ff6086156ce 19107->19108 19110 7ff608609db0 _invalid_parameter_noinfo 37 API calls 19108->19110 19111 7ff6086156d9 19109->19111 19112 7ff608604a1c 45 API calls 19109->19112 19110->19111 19111->18943 19112->19111 19114 7ff608604a1c 45 API calls 19113->19114 19115 7ff6086183ad 19114->19115 19118 7ff608618004 19115->19118 19122 7ff608618052 19118->19122 19119 7ff6085fad80 _wfindfirst32i64 8 API calls 19120 7ff608616585 19119->19120 19120->18943 19120->18968 19121 7ff6086180d9 19123 7ff60860e7f0 _fread_nolock MultiByteToWideChar 19121->19123 19127 7ff6086180dd 19121->19127 19122->19121 19124 7ff6086180c4 GetCPInfo 19122->19124 19122->19127 19125 7ff608618171 19123->19125 19124->19121 19124->19127 19126 7ff60860cacc _fread_nolock 12 API calls 19125->19126 19125->19127 19128 7ff6086181a8 19125->19128 19126->19128 19127->19119 19128->19127 19129 7ff60860e7f0 _fread_nolock MultiByteToWideChar 19128->19129 19130 7ff608618216 19129->19130 19131 7ff6086182f8 19130->19131 19132 7ff60860e7f0 _fread_nolock MultiByteToWideChar 19130->19132 19131->19127 19133 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19131->19133 19134 7ff60861823c 19132->19134 19133->19127 19134->19131 19135 7ff60860cacc _fread_nolock 12 API calls 19134->19135 19136 7ff608618269 19134->19136 19135->19136 19136->19131 19137 7ff60860e7f0 _fread_nolock MultiByteToWideChar 19136->19137 19138 7ff6086182e0 19137->19138 19139 7ff6086182e6 19138->19139 19140 7ff608618300 19138->19140 19139->19131 19142 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19139->19142 19147 7ff60860e010 19140->19147 19142->19131 19144 7ff60861833f 19144->19127 19146 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19144->19146 19145 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19145->19144 19146->19127 19148 7ff60860ddb8 __crtLCMapStringW 5 API calls 19147->19148 19149 7ff60860e04e 19148->19149 19150 7ff60860e278 __crtLCMapStringW 5 API calls 19149->19150 19151 7ff60860e056 19149->19151 19152 7ff60860e0bf CompareStringW 19150->19152 19151->19144 19151->19145 19152->19151 19154 7ff608616fda HeapSize 19153->19154 19155 7ff608616fc1 19153->19155 19156 7ff608604444 _get_daylight 11 API calls 19155->19156 19157 7ff608616fc6 19156->19157 19158 7ff608609db0 _invalid_parameter_noinfo 37 API calls 19157->19158 19159 7ff608616fd1 19158->19159 19159->18973 19161 7ff60860f9ab 19160->19161 19162 7ff60860f9a1 19160->19162 19164 7ff60860f9b0 19161->19164 19170 7ff60860f9b7 _get_daylight 19161->19170 19163 7ff60860cacc _fread_nolock 12 API calls 19162->19163 19169 7ff60860f9a9 19163->19169 19165 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19164->19165 19165->19169 19166 7ff60860f9ea HeapReAlloc 19166->19169 19166->19170 19167 7ff60860f9bd 19168 7ff608604444 _get_daylight 11 API calls 19167->19168 19168->19169 19169->18977 19170->19166 19170->19167 19171 7ff6086126b0 _get_daylight 2 API calls 19170->19171 19171->19170 19173 7ff608617f6d __crtLCMapStringW 19172->19173 19174 7ff60861646e 19173->19174 19175 7ff60860e010 6 API calls 19173->19175 19174->19040 19174->19041 19175->19174 19265 7ff6086196f9 19266 7ff608619708 19265->19266 19267 7ff608619712 19265->19267 19269 7ff60860f7e8 LeaveCriticalSection 19266->19269 18319 7ff608604290 18320 7ff60860429b 18319->18320 18328 7ff60860e354 18320->18328 18341 7ff60860f788 EnterCriticalSection 18328->18341 19294 7ff60860b9f0 19305 7ff60860f788 EnterCriticalSection 19294->19305 19310 7ff6086107f0 19321 7ff608616764 19310->19321 19322 7ff608616771 19321->19322 19323 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19322->19323 19324 7ff60861678d 19322->19324 19323->19322 19325 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19324->19325 19326 7ff6086107f9 19324->19326 19325->19324 19327 7ff60860f788 EnterCriticalSection 19326->19327 14700 7ff6085fa370 14701 7ff6085fa39e 14700->14701 14702 7ff6085fa385 14700->14702 14702->14701 14705 7ff60860cacc 14702->14705 14706 7ff60860cb17 14705->14706 14711 7ff60860cadb _get_daylight 14705->14711 14715 7ff608604444 14706->14715 14708 7ff60860cafe RtlAllocateHeap 14709 7ff6085fa3fc 14708->14709 14708->14711 14711->14706 14711->14708 14712 7ff6086126b0 14711->14712 14718 7ff6086126f0 14712->14718 14724 7ff60860a798 GetLastError 14715->14724 14717 7ff60860444d 14717->14709 14723 7ff60860f788 EnterCriticalSection 14718->14723 14725 7ff60860a7d9 FlsSetValue 14724->14725 14730 7ff60860a7bc 14724->14730 14726 7ff60860a7eb 14725->14726 14729 7ff60860a7c9 SetLastError 14725->14729 14741 7ff60860dd40 14726->14741 14729->14717 14730->14725 14730->14729 14732 7ff60860a818 FlsSetValue 14735 7ff60860a836 14732->14735 14736 7ff60860a824 FlsSetValue 14732->14736 14733 7ff60860a808 FlsSetValue 14734 7ff60860a811 14733->14734 14748 7ff608609e18 14734->14748 14754 7ff60860a3c4 14735->14754 14736->14734 14746 7ff60860dd51 _get_daylight 14741->14746 14742 7ff60860dda2 14745 7ff608604444 _get_daylight 10 API calls 14742->14745 14743 7ff60860dd86 RtlAllocateHeap 14744 7ff60860a7fa 14743->14744 14743->14746 14744->14732 14744->14733 14745->14744 14746->14742 14746->14743 14747 7ff6086126b0 _get_daylight 2 API calls 14746->14747 14747->14746 14749 7ff608609e1d RtlRestoreThreadPreferredUILanguages 14748->14749 14750 7ff608609e4c 14748->14750 14749->14750 14751 7ff608609e38 GetLastError 14749->14751 14750->14729 14752 7ff608609e45 Concurrency::details::SchedulerProxy::DeleteThis 14751->14752 14753 7ff608604444 _get_daylight 9 API calls 14752->14753 14753->14750 14759 7ff60860a29c 14754->14759 14771 7ff60860f788 EnterCriticalSection 14759->14771 14777 7ff60860e8dc 14778 7ff60860eace 14777->14778 14780 7ff60860e91e _isindst 14777->14780 14779 7ff608604444 _get_daylight 11 API calls 14778->14779 14796 7ff60860eabe 14779->14796 14780->14778 14783 7ff60860e99e _isindst 14780->14783 14798 7ff6086153b4 14783->14798 14788 7ff60860eafa 14839 7ff608609dd0 IsProcessorFeaturePresent 14788->14839 14795 7ff60860e9fb 14795->14796 14823 7ff6086153f8 14795->14823 14830 7ff6085fad80 14796->14830 14799 7ff60860e9bc 14798->14799 14800 7ff6086153c3 14798->14800 14805 7ff6086147b8 14799->14805 14843 7ff60860f788 EnterCriticalSection 14800->14843 14806 7ff6086147c1 14805->14806 14808 7ff60860e9d1 14805->14808 14807 7ff608604444 _get_daylight 11 API calls 14806->14807 14809 7ff6086147c6 14807->14809 14808->14788 14811 7ff6086147e8 14808->14811 14844 7ff608609db0 14809->14844 14812 7ff6086147f1 14811->14812 14816 7ff60860e9e2 14811->14816 14813 7ff608604444 _get_daylight 11 API calls 14812->14813 14814 7ff6086147f6 14813->14814 14815 7ff608609db0 _invalid_parameter_noinfo 37 API calls 14814->14815 14815->14816 14816->14788 14817 7ff608614818 14816->14817 14818 7ff60860e9f3 14817->14818 14819 7ff608614821 14817->14819 14818->14788 14818->14795 14820 7ff608604444 _get_daylight 11 API calls 14819->14820 14821 7ff608614826 14820->14821 14822 7ff608609db0 _invalid_parameter_noinfo 37 API calls 14821->14822 14822->14818 14884 7ff60860f788 EnterCriticalSection 14823->14884 14832 7ff6085fad89 14830->14832 14831 7ff6085fae40 IsProcessorFeaturePresent 14834 7ff6085fae58 14831->14834 14832->14831 14833 7ff6085fad94 14832->14833 14885 7ff6085fb034 RtlCaptureContext 14834->14885 14840 7ff608609de3 14839->14840 14890 7ff608609ae4 14840->14890 14846 7ff608609c48 14844->14846 14847 7ff608609c73 14846->14847 14850 7ff608609ce4 14847->14850 14849 7ff608609c9a 14858 7ff608609a2c 14850->14858 14854 7ff608609d1f 14854->14849 14856 7ff608609dd0 _wfindfirst32i64 17 API calls 14857 7ff608609daf 14856->14857 14859 7ff608609a48 GetLastError 14858->14859 14860 7ff608609a83 14858->14860 14861 7ff608609a58 14859->14861 14860->14854 14864 7ff608609a98 14860->14864 14867 7ff60860a860 14861->14867 14865 7ff608609acc 14864->14865 14866 7ff608609ab4 GetLastError SetLastError 14864->14866 14865->14854 14865->14856 14866->14865 14868 7ff60860a89a FlsSetValue 14867->14868 14869 7ff60860a87f FlsGetValue 14867->14869 14871 7ff60860a8a7 14868->14871 14872 7ff608609a73 SetLastError 14868->14872 14870 7ff60860a894 14869->14870 14869->14872 14870->14868 14873 7ff60860dd40 _get_daylight 11 API calls 14871->14873 14872->14860 14874 7ff60860a8b6 14873->14874 14875 7ff60860a8d4 FlsSetValue 14874->14875 14876 7ff60860a8c4 FlsSetValue 14874->14876 14878 7ff60860a8e0 FlsSetValue 14875->14878 14879 7ff60860a8f2 14875->14879 14877 7ff60860a8cd 14876->14877 14880 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14877->14880 14878->14877 14881 7ff60860a3c4 _get_daylight 11 API calls 14879->14881 14880->14872 14882 7ff60860a8fa 14881->14882 14883 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14882->14883 14883->14872 14886 7ff6085fb04e RtlLookupFunctionEntry 14885->14886 14887 7ff6085fb064 RtlVirtualUnwind 14886->14887 14888 7ff6085fae6b 14886->14888 14887->14886 14887->14888 14889 7ff6085fae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14888->14889 14891 7ff608609b1e _wfindfirst32i64 memcpy_s 14890->14891 14892 7ff608609b46 RtlCaptureContext RtlLookupFunctionEntry 14891->14892 14893 7ff608609bb6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14892->14893 14894 7ff608609b80 RtlVirtualUnwind 14892->14894 14897 7ff608609c08 _wfindfirst32i64 14893->14897 14894->14893 14895 7ff6085fad80 _wfindfirst32i64 8 API calls 14896 7ff608609c27 GetCurrentProcess TerminateProcess 14895->14896 14897->14895 19328 7ff6086194de 19330 7ff6086194ee 19328->19330 19332 7ff6086042f8 LeaveCriticalSection 19330->19332 18675 7ff608619664 18678 7ff6086042f8 LeaveCriticalSection 18675->18678 18679 7ff608608a50 18682 7ff6086089d0 18679->18682 18689 7ff60860f788 EnterCriticalSection 18682->18689 17801 7ff608608554 17802 7ff60860856d 17801->17802 17803 7ff608608564 17801->17803 17803->17802 17807 7ff608608064 17803->17807 17808 7ff60860807d 17807->17808 17815 7ff608608079 17807->17815 17828 7ff608611b7c GetEnvironmentStringsW 17808->17828 17811 7ff60860808a 17813 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17811->17813 17812 7ff608608096 17835 7ff6086081e4 17812->17835 17813->17815 17815->17802 17820 7ff608608424 17815->17820 17817 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17818 7ff6086080bd 17817->17818 17819 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17818->17819 17819->17815 17825 7ff60860845e 17820->17825 17826 7ff608608447 17820->17826 17821 7ff60860e7f0 MultiByteToWideChar _fread_nolock 17821->17825 17822 7ff60860dd40 _get_daylight 11 API calls 17822->17825 17823 7ff6086084d2 17824 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17823->17824 17824->17826 17825->17821 17825->17822 17825->17823 17825->17826 17827 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17825->17827 17826->17802 17827->17825 17829 7ff608611ba0 17828->17829 17830 7ff608608082 17828->17830 17831 7ff60860cacc _fread_nolock 12 API calls 17829->17831 17830->17811 17830->17812 17832 7ff608611bd7 memcpy_s 17831->17832 17833 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17832->17833 17834 7ff608611bf7 FreeEnvironmentStringsW 17833->17834 17834->17830 17836 7ff60860820c 17835->17836 17837 7ff60860dd40 _get_daylight 11 API calls 17836->17837 17849 7ff608608247 17837->17849 17838 7ff60860824f 17839 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17838->17839 17841 7ff60860809e 17839->17841 17840 7ff6086082c9 17842 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17840->17842 17841->17817 17842->17841 17843 7ff60860dd40 _get_daylight 11 API calls 17843->17849 17844 7ff6086082b8 17854 7ff608608300 17844->17854 17845 7ff60860f924 _wfindfirst32i64 37 API calls 17845->17849 17848 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17848->17838 17849->17838 17849->17840 17849->17843 17849->17844 17849->17845 17850 7ff6086082ec 17849->17850 17852 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17849->17852 17851 7ff608609dd0 _wfindfirst32i64 17 API calls 17850->17851 17853 7ff6086082fe 17851->17853 17852->17849 17855 7ff6086082c0 17854->17855 17856 7ff608608305 17854->17856 17855->17848 17857 7ff60860832e 17856->17857 17858 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17856->17858 17859 7ff608609e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17857->17859 17858->17856 17859->17855

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00007FF608614E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 135 7ff608614e20-7ff608614e5b call 7ff6086147a8 call 7ff6086147b0 call 7ff608614818 142 7ff608614e61-7ff608614e6c call 7ff6086147b8 135->142 143 7ff608615085-7ff6086150d1 call 7ff608609dd0 call 7ff6086147a8 call 7ff6086147b0 call 7ff608614818 135->143 142->143 148 7ff608614e72-7ff608614e7c 142->148 168 7ff6086150d7-7ff6086150e2 call 7ff6086147b8 143->168 169 7ff60861520f-7ff60861527d call 7ff608609dd0 call 7ff6086106b8 143->169 150 7ff608614e9e-7ff608614ea2 148->150 151 7ff608614e7e-7ff608614e81 148->151 155 7ff608614ea5-7ff608614ead 150->155 153 7ff608614e84-7ff608614e8f 151->153 156 7ff608614e9a-7ff608614e9c 153->156 157 7ff608614e91-7ff608614e98 153->157 155->155 159 7ff608614eaf-7ff608614ec2 call 7ff60860cacc 155->159 156->150 161 7ff608614ecb-7ff608614ed9 156->161 157->153 157->156 166 7ff608614eda-7ff608614ee6 call 7ff608609e18 159->166 167 7ff608614ec4-7ff608614ec6 call 7ff608609e18 159->167 176 7ff608614eed-7ff608614ef5 166->176 167->161 168->169 178 7ff6086150e8-7ff6086150f3 call 7ff6086147e8 168->178 188 7ff60861528b-7ff60861528e 169->188 189 7ff60861527f-7ff608615286 169->189 176->176 179 7ff608614ef7-7ff608614f08 call 7ff60860f924 176->179 178->169 190 7ff6086150f9-7ff60861511c call 7ff608609e18 GetTimeZoneInformation 178->190 179->143 187 7ff608614f0e-7ff608614f64 call 7ff6085fc210 * 4 call 7ff608614d3c 179->187 247 7ff608614f66-7ff608614f6a 187->247 193 7ff608615290 188->193 194 7ff6086152c5-7ff6086152d8 call 7ff60860cacc 188->194 192 7ff60861531b-7ff60861531e 189->192 202 7ff608615122-7ff608615143 190->202 203 7ff6086151e4-7ff60861520e call 7ff6086147a0 call 7ff608614790 call 7ff608614798 190->203 199 7ff608615293 call 7ff60861509c 192->199 200 7ff608615324-7ff60861532c call 7ff608614e20 192->200 193->199 208 7ff6086152da 194->208 209 7ff6086152e3-7ff6086152fe call 7ff6086106b8 194->209 214 7ff608615298-7ff6086152c4 call 7ff608609e18 call 7ff6085fad80 199->214 200->214 210 7ff60861514e-7ff608615155 202->210 211 7ff608615145-7ff60861514b 202->211 215 7ff6086152dc-7ff6086152e1 call 7ff608609e18 208->215 232 7ff608615300-7ff608615303 209->232 233 7ff608615305-7ff608615317 call 7ff608609e18 209->233 216 7ff608615157-7ff60861515f 210->216 217 7ff608615169 210->217 211->210 215->193 216->217 223 7ff608615161-7ff608615167 216->223 225 7ff60861516b-7ff6086151df call 7ff6085fc210 * 4 call 7ff608611c7c call 7ff608615334 * 2 217->225 223->225 225->203 232->215 233->192 249 7ff608614f6c 247->249 250 7ff608614f70-7ff608614f74 247->250 249->250 250->247 252 7ff608614f76-7ff608614f9b call 7ff608617c64 250->252 258 7ff608614f9e-7ff608614fa2 252->258 260 7ff608614fb1-7ff608614fb5 258->260 261 7ff608614fa4-7ff608614faf 258->261 260->258 261->260 263 7ff608614fb7-7ff608614fbb 261->263 266 7ff60861503c-7ff608615040 263->266 267 7ff608614fbd-7ff608614fe5 call 7ff608617c64 263->267 268 7ff608615047-7ff608615054 266->268 269 7ff608615042-7ff608615044 266->269 275 7ff608614fe7 267->275 276 7ff608615003-7ff608615007 267->276 271 7ff608615056-7ff60861506c call 7ff608614d3c 268->271 272 7ff60861506f-7ff60861507e call 7ff6086147a0 call 7ff608614790 268->272 269->268 271->272 272->143 279 7ff608614fea-7ff608614ff1 275->279 276->266 281 7ff608615009-7ff608615027 call 7ff608617c64 276->281 279->276 282 7ff608614ff3-7ff608615001 279->282 287 7ff608615033-7ff60861503a 281->287 282->276 282->279 287->266 288 7ff608615029-7ff60861502d 287->288 288->266 289 7ff60861502f 288->289 289->287
                                                                                                                                                                                APIs
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF608614E65
                                                                                                                                                                                  • Part of subcall function 00007FF6086147B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147CC
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                  • Part of subcall function 00007FF608609DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF608609DAF,?,?,?,?,?,00007FF6086021EC), ref: 00007FF608609DD9
                                                                                                                                                                                  • Part of subcall function 00007FF608609DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF608609DAF,?,?,?,?,?,00007FF6086021EC), ref: 00007FF608609DFE
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF608614E54
                                                                                                                                                                                  • Part of subcall function 00007FF608614818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60861482C
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150CA
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150DB
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150EC
                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60861532C), ref: 00007FF608615113
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                                                                                                                                                • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                • API String ID: 1458651798-690618308
                                                                                                                                                                                • Opcode ID: 1310a1f81422e98324325f84e60ea7e6e32ca99eb05a918d86cd9d502ccd45c4
                                                                                                                                                                                • Instruction ID: 4007b483e0f8854a000a216607d03ecdbd995aef0ef6b4675f25da1e28e8776d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1310a1f81422e98324325f84e60ea7e6e32ca99eb05a918d86cd9d502ccd45c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD1C326E2825286EB20DF31D4415B96792FF84B94F6A4035FA4DC7686DF3CE841A748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608615D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 320 7ff608615d6c-7ff608615ddf call 7ff608615aa0 323 7ff608615df9-7ff608615e03 call 7ff608606cfc 320->323 324 7ff608615de1-7ff608615dea call 7ff608604424 320->324 329 7ff608615e1e-7ff608615e87 CreateFileW 323->329 330 7ff608615e05-7ff608615e1c call 7ff608604424 call 7ff608604444 323->330 331 7ff608615ded-7ff608615df4 call 7ff608604444 324->331 333 7ff608615e89-7ff608615e8f 329->333 334 7ff608615f04-7ff608615f0f GetFileType 329->334 330->331 348 7ff60861613a-7ff60861615a 331->348 337 7ff608615ed1-7ff608615eff GetLastError call 7ff6086043b8 333->337 338 7ff608615e91-7ff608615e95 333->338 340 7ff608615f11-7ff608615f4c GetLastError call 7ff6086043b8 CloseHandle 334->340 341 7ff608615f62-7ff608615f69 334->341 337->331 338->337 346 7ff608615e97-7ff608615ecf CreateFileW 338->346 340->331 354 7ff608615f52-7ff608615f5d call 7ff608604444 340->354 344 7ff608615f6b-7ff608615f6f 341->344 345 7ff608615f71-7ff608615f74 341->345 351 7ff608615f7a-7ff608615fcf call 7ff608606c14 344->351 345->351 352 7ff608615f76 345->352 346->334 346->337 359 7ff608615fee-7ff60861601f call 7ff608615820 351->359 360 7ff608615fd1-7ff608615fdd call 7ff608615ca8 351->360 352->351 354->331 365 7ff608616021-7ff608616023 359->365 366 7ff608616025-7ff608616067 359->366 360->359 367 7ff608615fdf 360->367 368 7ff608615fe1-7ff608615fe9 call 7ff608609f90 365->368 369 7ff608616089-7ff608616094 366->369 370 7ff608616069-7ff60861606d 366->370 367->368 368->348 373 7ff608616138 369->373 374 7ff60861609a-7ff60861609e 369->374 370->369 372 7ff60861606f-7ff608616084 370->372 372->369 373->348 374->373 376 7ff6086160a4-7ff6086160e9 CloseHandle CreateFileW 374->376 377 7ff6086160eb-7ff608616119 GetLastError call 7ff6086043b8 call 7ff608606e3c 376->377 378 7ff60861611e-7ff608616133 376->378 377->378 378->373
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                • Instruction ID: ac482f640f924cea31d6770aef09407ad56fa8b615f90428cf31074cdd2e86b6
                                                                                                                                                                                • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                • Instruction Fuzzy Hash: 44C1C136B38A4185EB10CFB9C4956AD7761FB88BA8B260235EF1E97396CF38D051D704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathW.KERNEL32(?,00000000,?,00007FF6085F674D), ref: 00007FF6085F681A
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: GetEnvironmentVariableW.KERNEL32(00007FF6085F36E7), ref: 00007FF6085F69CA
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6085F69E7
                                                                                                                                                                                  • Part of subcall function 00007FF6086066B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086066CD
                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6085F68D1
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2770: MessageBoxW.USER32 ref: 00007FF6085F2841
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                • Opcode ID: 3863800b2665c7901903b481e41fcfda7d0e5020c540a2559d82cfcc8f27efd6
                                                                                                                                                                                • Instruction ID: d5a4453c48f5715f48afe8fee4234818bd9b7235a3093ce652e7ebfb3926e55b
                                                                                                                                                                                • Opcode Fuzzy Hash: 3863800b2665c7901903b481e41fcfda7d0e5020c540a2559d82cfcc8f27efd6
                                                                                                                                                                                • Instruction Fuzzy Hash: 3351DE11F6D64240FEA6EB7299152BA52829F69BC0F654034FD0EC7B97ED2DE801970C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 773 7ff60861509c-7ff6086150d1 call 7ff6086147a8 call 7ff6086147b0 call 7ff608614818 780 7ff6086150d7-7ff6086150e2 call 7ff6086147b8 773->780 781 7ff60861520f-7ff60861527d call 7ff608609dd0 call 7ff6086106b8 773->781 780->781 786 7ff6086150e8-7ff6086150f3 call 7ff6086147e8 780->786 792 7ff60861528b-7ff60861528e 781->792 793 7ff60861527f-7ff608615286 781->793 786->781 794 7ff6086150f9-7ff60861511c call 7ff608609e18 GetTimeZoneInformation 786->794 796 7ff608615290 792->796 797 7ff6086152c5-7ff6086152d8 call 7ff60860cacc 792->797 795 7ff60861531b-7ff60861531e 793->795 804 7ff608615122-7ff608615143 794->804 805 7ff6086151e4-7ff60861520e call 7ff6086147a0 call 7ff608614790 call 7ff608614798 794->805 801 7ff608615293 call 7ff60861509c 795->801 802 7ff608615324-7ff60861532c call 7ff608614e20 795->802 796->801 809 7ff6086152da 797->809 810 7ff6086152e3-7ff6086152fe call 7ff6086106b8 797->810 814 7ff608615298-7ff6086152c4 call 7ff608609e18 call 7ff6085fad80 801->814 802->814 811 7ff60861514e-7ff608615155 804->811 812 7ff608615145-7ff60861514b 804->812 815 7ff6086152dc-7ff6086152e1 call 7ff608609e18 809->815 829 7ff608615300-7ff608615303 810->829 830 7ff608615305-7ff608615317 call 7ff608609e18 810->830 816 7ff608615157-7ff60861515f 811->816 817 7ff608615169 811->817 812->811 815->796 816->817 822 7ff608615161-7ff608615167 816->822 823 7ff60861516b-7ff6086151df call 7ff6085fc210 * 4 call 7ff608611c7c call 7ff608615334 * 2 817->823 822->823 823->805 829->815 830->795
                                                                                                                                                                                APIs
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150CA
                                                                                                                                                                                  • Part of subcall function 00007FF608614818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60861482C
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150DB
                                                                                                                                                                                  • Part of subcall function 00007FF6086147B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147CC
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150EC
                                                                                                                                                                                  • Part of subcall function 00007FF6086147E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147FC
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60861532C), ref: 00007FF608615113
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                                                                                                                                                • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                                                                • API String ID: 2248164782-690618308
                                                                                                                                                                                • Opcode ID: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                • Instruction ID: 2cd7ef39c7543f9f3274b8a3f703b3a6a6692fdd6485496c18f1d2b3eebc5ce0
                                                                                                                                                                                • Opcode Fuzzy Hash: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                • Instruction Fuzzy Hash: BA51A732A2864286EB50DF31D9815A9B761FF88784F664136FB4DC3697DF3CE8009748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                • Opcode ID: 5847c22176c5e6ffa64d806c8113d362e9c7d2cce0bf01d512148f94a6c3d8fd
                                                                                                                                                                                • Instruction ID: 4c30eb5468f9082379aeb6ef1b9fc2422e6dc533fb0d5abcedba9d294eaa14fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 5847c22176c5e6ffa64d806c8113d362e9c7d2cce0bf01d512148f94a6c3d8fd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F519E72A5AA02C2EF96CF34D55017833A1EF58B58B658135EA0DC779ADF3CE540CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 53 7ff6085f1440-7ff6085f1457 call 7ff6085f6720 56 7ff6085f1462-7ff6085f1485 call 7ff6085f6a40 53->56 57 7ff6085f1459-7ff6085f1461 53->57 60 7ff6085f14a7-7ff6085f14ad 56->60 61 7ff6085f1487-7ff6085f14a2 call 7ff6085f24d0 56->61 63 7ff6085f14e0-7ff6085f14f4 call 7ff6085ff934 60->63 64 7ff6085f14af-7ff6085f14ba call 7ff6085f3cb0 60->64 69 7ff6085f1635-7ff6085f1647 61->69 71 7ff6085f1516-7ff6085f151a 63->71 72 7ff6085f14f6-7ff6085f1511 call 7ff6085f24d0 63->72 70 7ff6085f14bf-7ff6085f14c5 64->70 70->63 73 7ff6085f14c7-7ff6085f14db call 7ff6085f2770 70->73 75 7ff6085f1534-7ff6085f1554 call 7ff6086040b0 71->75 76 7ff6085f151c-7ff6085f1528 call 7ff6085f1050 71->76 82 7ff6085f1617-7ff6085f161d 72->82 73->82 87 7ff6085f1575-7ff6085f157b 75->87 88 7ff6085f1556-7ff6085f1570 call 7ff6085f24d0 75->88 83 7ff6085f152d-7ff6085f152f 76->83 85 7ff6085f161f call 7ff6085ff2ac 82->85 86 7ff6085f162b-7ff6085f162e call 7ff6085ff2ac 82->86 83->82 95 7ff6085f1624 85->95 96 7ff6085f1633 86->96 92 7ff6085f1605-7ff6085f1608 call 7ff60860409c 87->92 93 7ff6085f1581-7ff6085f1586 87->93 99 7ff6085f160d-7ff6085f1612 88->99 92->99 94 7ff6085f1590-7ff6085f15b2 call 7ff6085ff5fc 93->94 102 7ff6085f15b4-7ff6085f15cc call 7ff6085ffd3c 94->102 103 7ff6085f15e5-7ff6085f15ec 94->103 95->86 96->69 99->82 108 7ff6085f15d5-7ff6085f15e3 102->108 109 7ff6085f15ce-7ff6085f15d1 102->109 105 7ff6085f15f3-7ff6085f15fb call 7ff6085f24d0 103->105 112 7ff6085f1600 105->112 108->105 109->94 111 7ff6085f15d3 109->111 111->112 112->92
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                • API String ID: 0-666925554
                                                                                                                                                                                • Opcode ID: 2450ac564ef51e53d0e66f3a399139c582a11f4a3f3593ce6261dec13eff207d
                                                                                                                                                                                • Instruction ID: a313aab8d840de24918739205e1b42cd2822288beceecf30b8258625eaaece41
                                                                                                                                                                                • Opcode Fuzzy Hash: 2450ac564ef51e53d0e66f3a399139c582a11f4a3f3593ce6261dec13eff207d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D51EE61B99A4281FEA3DB71E4046B973A0AF60BD4F654031EE0DC7B97EE3CE1459708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F78A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                • Opcode ID: 500119c5a9ae615ecc00e2d7aa11743cea450a806e1a39ca2f3b0d7f68f094e6
                                                                                                                                                                                • Instruction ID: e131f6ce723267b29565f7594fb3a6dd47a428c811871864fac6ad324eac800d
                                                                                                                                                                                • Opcode Fuzzy Hash: 500119c5a9ae615ecc00e2d7aa11743cea450a806e1a39ca2f3b0d7f68f094e6
                                                                                                                                                                                • Instruction Fuzzy Hash: A541913166CA8282EB51DF70E4446AA7361FB847A5F640231FA9EC76D6DF3CD404CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                                                                • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                • Instruction ID: 28c9877cda981ff165983da0fe0ab213daaa243e93b3434c57a75014a5b2ac49
                                                                                                                                                                                • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                • Instruction Fuzzy Hash: F5413232A1878282DA20DB70F4452AAB3A0FB95364F610335F6AD83BE6DF7CD0549B44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 383 7ff6085f1000-7ff6085f3686 call 7ff6085ff080 call 7ff6085ff078 call 7ff6085f7600 call 7ff6085ff078 call 7ff6085fadb0 call 7ff608604270 call 7ff608604f14 call 7ff6085f1af0 401 7ff6085f368c-7ff6085f369b call 7ff6085f3ba0 383->401 402 7ff6085f379a 383->402 401->402 407 7ff6085f36a1-7ff6085f36b4 call 7ff6085f3a70 401->407 404 7ff6085f379f-7ff6085f37bf call 7ff6085fad80 402->404 407->402 411 7ff6085f36ba-7ff6085f36cd call 7ff6085f3b20 407->411 411->402 414 7ff6085f36d3-7ff6085f36fa call 7ff6085f6990 411->414 417 7ff6085f373c-7ff6085f3764 call 7ff6085f6f90 call 7ff6085f19d0 414->417 418 7ff6085f36fc-7ff6085f370b call 7ff6085f6990 414->418 428 7ff6085f384d-7ff6085f385e 417->428 429 7ff6085f376a-7ff6085f3780 call 7ff6085f19d0 417->429 418->417 424 7ff6085f370d-7ff6085f3713 418->424 426 7ff6085f3715-7ff6085f371d 424->426 427 7ff6085f371f-7ff6085f3739 call 7ff60860409c call 7ff6085f6f90 424->427 426->427 427->417 432 7ff6085f3873-7ff6085f388b call 7ff6085f7a30 428->432 433 7ff6085f3860-7ff6085f386a call 7ff6085f3280 428->433 442 7ff6085f3782-7ff6085f3795 call 7ff6085f2770 429->442 443 7ff6085f37c0-7ff6085f37c3 429->443 447 7ff6085f389e-7ff6085f38a5 SetDllDirectoryW 432->447 448 7ff6085f388d-7ff6085f3899 call 7ff6085f2770 432->448 445 7ff6085f386c 433->445 446 7ff6085f38ab-7ff6085f38b8 call 7ff6085f5e40 433->446 442->402 443->428 444 7ff6085f37c9-7ff6085f37e0 call 7ff6085f3cb0 443->444 456 7ff6085f37e2-7ff6085f37e5 444->456 457 7ff6085f37e7-7ff6085f3813 call 7ff6085f7200 444->457 445->432 458 7ff6085f38ba-7ff6085f38ca call 7ff6085f5ae0 446->458 459 7ff6085f3906-7ff6085f390b call 7ff6085f5dc0 446->459 447->446 448->402 461 7ff6085f3822-7ff6085f3838 call 7ff6085f2770 456->461 471 7ff6085f3815-7ff6085f381d call 7ff6085ff2ac 457->471 472 7ff6085f383d-7ff6085f384b 457->472 458->459 470 7ff6085f38cc-7ff6085f38db call 7ff6085f5640 458->470 467 7ff6085f3910-7ff6085f3913 459->467 461->402 468 7ff6085f3919-7ff6085f3926 467->468 469 7ff6085f39c6-7ff6085f39d5 call 7ff6085f3110 467->469 474 7ff6085f3930-7ff6085f393a 468->474 469->402 487 7ff6085f39db-7ff6085f3a12 call 7ff6085f6f20 call 7ff6085f6990 call 7ff6085f53e0 469->487 485 7ff6085f38fc-7ff6085f3901 call 7ff6085f5890 470->485 486 7ff6085f38dd-7ff6085f38e9 call 7ff6085f55d0 470->486 471->461 472->433 478 7ff6085f3943-7ff6085f3945 474->478 479 7ff6085f393c-7ff6085f3941 474->479 483 7ff6085f3991-7ff6085f39c1 call 7ff6085f3270 call 7ff6085f30b0 call 7ff6085f3260 call 7ff6085f5890 call 7ff6085f5dc0 478->483 484 7ff6085f3947-7ff6085f396a call 7ff6085f1b30 478->484 479->474 479->478 483->404 484->402 497 7ff6085f3970-7ff6085f397b 484->497 485->459 486->485 498 7ff6085f38eb-7ff6085f38fa call 7ff6085f5c90 486->498 487->402 511 7ff6085f3a18-7ff6085f3a2b call 7ff6085f3270 call 7ff6085f6fd0 487->511 501 7ff6085f3980-7ff6085f398f 497->501 498->467 501->483 501->501 518 7ff6085f3a30-7ff6085f3a4d call 7ff6085f5890 call 7ff6085f5dc0 511->518 523 7ff6085f3a4f-7ff6085f3a52 call 7ff6085f6c90 518->523 524 7ff6085f3a57-7ff6085f3a61 call 7ff6085f1ab0 518->524 523->524 524->404
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FF6085F3BA0: GetModuleFileNameW.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F3BD1
                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF6085F38A5
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: GetEnvironmentVariableW.KERNEL32(00007FF6085F36E7), ref: 00007FF6085F69CA
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6085F69E7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                • Opcode ID: 14b8ea64f198fadaf0557001e19ed6d8158f90a61459a8f328a8e8e1ed856478
                                                                                                                                                                                • Instruction ID: 9a2e49606680afb0e39775bcdfc6e453eb60039a1e293824f0024f0e1cd54bb1
                                                                                                                                                                                • Opcode Fuzzy Hash: 14b8ea64f198fadaf0557001e19ed6d8158f90a61459a8f328a8e8e1ed856478
                                                                                                                                                                                • Instruction Fuzzy Hash: 67B19321A5EA8341FEA2EB3195511FD2791BF64784F644131EA4DC7797EF2CE604C708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 528 7ff6085f1050-7ff6085f10ab call 7ff6085fa610 531 7ff6085f10d3-7ff6085f10eb call 7ff6086040b0 528->531 532 7ff6085f10ad-7ff6085f10d2 call 7ff6085f2770 528->532 537 7ff6085f10ed-7ff6085f1104 call 7ff6085f24d0 531->537 538 7ff6085f1109-7ff6085f1119 call 7ff6086040b0 531->538 543 7ff6085f126c-7ff6085f1281 call 7ff6085fa2f0 call 7ff60860409c * 2 537->543 544 7ff6085f111b-7ff6085f1132 call 7ff6085f24d0 538->544 545 7ff6085f1137-7ff6085f1147 538->545 561 7ff6085f1286-7ff6085f12a0 543->561 544->543 546 7ff6085f1150-7ff6085f1175 call 7ff6085ff5fc 545->546 554 7ff6085f125e 546->554 555 7ff6085f117b-7ff6085f1185 call 7ff6085ff370 546->555 557 7ff6085f1264 554->557 555->554 562 7ff6085f118b-7ff6085f1197 555->562 557->543 563 7ff6085f11a0-7ff6085f11c8 call 7ff6085f8a60 562->563 566 7ff6085f1241-7ff6085f125c call 7ff6085f2770 563->566 567 7ff6085f11ca-7ff6085f11cd 563->567 566->557 568 7ff6085f11cf-7ff6085f11d9 567->568 569 7ff6085f123c 567->569 572 7ff6085f1203-7ff6085f1206 568->572 573 7ff6085f11db-7ff6085f11e8 call 7ff6085ffd3c 568->573 569->566 574 7ff6085f1208-7ff6085f1216 call 7ff6085fbb60 572->574 575 7ff6085f1219-7ff6085f121e 572->575 579 7ff6085f11ed-7ff6085f11f0 573->579 574->575 575->563 578 7ff6085f1220-7ff6085f1223 575->578 583 7ff6085f1225-7ff6085f1228 578->583 584 7ff6085f1237-7ff6085f123a 578->584 580 7ff6085f11f2-7ff6085f11fc call 7ff6085ff370 579->580 581 7ff6085f11fe-7ff6085f1201 579->581 580->575 580->581 581->566 583->566 586 7ff6085f122a-7ff6085f1232 583->586 584->557 586->546
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                • API String ID: 2030045667-1655038675
                                                                                                                                                                                • Opcode ID: fb25f745df464e20138d1470271bd21ea6706bdcc7bc579a4e09f6b848cc895b
                                                                                                                                                                                • Instruction ID: b897070a194e6086e6ebd6a355cc177a7bbf1ecc6a102f75841e28ec1bb89243
                                                                                                                                                                                • Opcode Fuzzy Hash: fb25f745df464e20138d1470271bd21ea6706bdcc7bc579a4e09f6b848cc895b
                                                                                                                                                                                • Instruction Fuzzy Hash: BF51F722A8DA4281EAA2DB72E4403BA7291FB54794F644131EE4DC3787EF3CE544C748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 660 7ff60860af2c-7ff60860af52 661 7ff60860af6d-7ff60860af71 660->661 662 7ff60860af54-7ff60860af68 call 7ff608604424 call 7ff608604444 660->662 664 7ff60860b347-7ff60860b353 call 7ff608604424 call 7ff608604444 661->664 665 7ff60860af77-7ff60860af7e 661->665 680 7ff60860b35e 662->680 683 7ff60860b359 call 7ff608609db0 664->683 665->664 666 7ff60860af84-7ff60860afb2 665->666 666->664 669 7ff60860afb8-7ff60860afbf 666->669 672 7ff60860afd8-7ff60860afdb 669->672 673 7ff60860afc1-7ff60860afd3 call 7ff608604424 call 7ff608604444 669->673 678 7ff60860afe1-7ff60860afe7 672->678 679 7ff60860b343-7ff60860b345 672->679 673->683 678->679 684 7ff60860afed-7ff60860aff0 678->684 681 7ff60860b361-7ff60860b378 679->681 680->681 683->680 684->673 687 7ff60860aff2-7ff60860b017 684->687 689 7ff60860b019-7ff60860b01b 687->689 690 7ff60860b04a-7ff60860b051 687->690 693 7ff60860b01d-7ff60860b024 689->693 694 7ff60860b042-7ff60860b048 689->694 691 7ff60860b026-7ff60860b03d call 7ff608604424 call 7ff608604444 call 7ff608609db0 690->691 692 7ff60860b053-7ff60860b07b call 7ff60860cacc call 7ff608609e18 * 2 690->692 723 7ff60860b1d0 691->723 725 7ff60860b098-7ff60860b0c3 call 7ff60860b754 692->725 726 7ff60860b07d-7ff60860b093 call 7ff608604444 call 7ff608604424 692->726 693->691 693->694 695 7ff60860b0c8-7ff60860b0df 694->695 698 7ff60860b15a-7ff60860b164 call 7ff608612a3c 695->698 699 7ff60860b0e1-7ff60860b0e9 695->699 710 7ff60860b16a-7ff60860b17f 698->710 711 7ff60860b1ee 698->711 699->698 704 7ff60860b0eb-7ff60860b0ed 699->704 704->698 708 7ff60860b0ef-7ff60860b105 704->708 708->698 713 7ff60860b107-7ff60860b113 708->713 710->711 715 7ff60860b181-7ff60860b193 GetConsoleMode 710->715 719 7ff60860b1f3-7ff60860b213 ReadFile 711->719 713->698 717 7ff60860b115-7ff60860b117 713->717 715->711 722 7ff60860b195-7ff60860b19d 715->722 717->698 724 7ff60860b119-7ff60860b131 717->724 720 7ff60860b219-7ff60860b221 719->720 721 7ff60860b30d-7ff60860b316 GetLastError 719->721 720->721 727 7ff60860b227 720->727 730 7ff60860b318-7ff60860b32e call 7ff608604444 call 7ff608604424 721->730 731 7ff60860b333-7ff60860b336 721->731 722->719 729 7ff60860b19f-7ff60860b1c1 ReadConsoleW 722->729 732 7ff60860b1d3-7ff60860b1dd call 7ff608609e18 723->732 724->698 733 7ff60860b133-7ff60860b13f 724->733 725->695 726->723 735 7ff60860b22e-7ff60860b243 727->735 737 7ff60860b1e2-7ff60860b1ec 729->737 738 7ff60860b1c3 GetLastError 729->738 730->723 742 7ff60860b1c9-7ff60860b1cb call 7ff6086043b8 731->742 743 7ff60860b33c-7ff60860b33e 731->743 732->681 733->698 741 7ff60860b141-7ff60860b143 733->741 735->732 746 7ff60860b245-7ff60860b250 735->746 737->735 738->742 741->698 750 7ff60860b145-7ff60860b155 741->750 742->723 743->732 752 7ff60860b277-7ff60860b27f 746->752 753 7ff60860b252-7ff60860b26b call 7ff60860ab44 746->753 750->698 756 7ff60860b2fb-7ff60860b308 call 7ff60860a984 752->756 757 7ff60860b281-7ff60860b293 752->757 760 7ff60860b270-7ff60860b272 753->760 756->760 761 7ff60860b2ee-7ff60860b2f6 757->761 762 7ff60860b295 757->762 760->732 761->732 764 7ff60860b29a-7ff60860b2a1 762->764 765 7ff60860b2dd-7ff60860b2e8 764->765 766 7ff60860b2a3-7ff60860b2a7 764->766 765->761 767 7ff60860b2a9-7ff60860b2b0 766->767 768 7ff60860b2c3 766->768 767->768 770 7ff60860b2b2-7ff60860b2b6 767->770 769 7ff60860b2c9-7ff60860b2d9 768->769 769->764 771 7ff60860b2db 769->771 770->768 772 7ff60860b2b8-7ff60860b2c1 770->772 771->761 772->769
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: e471fda82800abc54a56dc717a795f79fca71cd335feafb027c42e82f3e97f2c
                                                                                                                                                                                • Instruction ID: 7e504ce691ef2e12c1426cf0df0e75d0c6b23b06eb368415b356633400b6e74a
                                                                                                                                                                                • Opcode Fuzzy Hash: e471fda82800abc54a56dc717a795f79fca71cd335feafb027c42e82f3e97f2c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1FC1C52292C78681E660DB3594402BF6B91EF81B91F778131FA4D87792DF7CE845AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 850 7ff60860c430-7ff60860c455 851 7ff60860c45b-7ff60860c45e 850->851 852 7ff60860c723 850->852 853 7ff60860c497-7ff60860c4c3 851->853 854 7ff60860c460-7ff60860c492 call 7ff608609ce4 851->854 855 7ff60860c725-7ff60860c735 852->855 857 7ff60860c4ce-7ff60860c4d4 853->857 858 7ff60860c4c5-7ff60860c4cc 853->858 854->855 860 7ff60860c4d6-7ff60860c4df call 7ff60860b7f0 857->860 861 7ff60860c4e4-7ff60860c4f9 call 7ff608612a3c 857->861 858->854 858->857 860->861 865 7ff60860c4ff-7ff60860c508 861->865 866 7ff60860c613-7ff60860c61c 861->866 865->866 867 7ff60860c50e-7ff60860c512 865->867 868 7ff60860c61e-7ff60860c624 866->868 869 7ff60860c670-7ff60860c695 WriteFile 866->869 870 7ff60860c523-7ff60860c52e 867->870 871 7ff60860c514-7ff60860c51c call 7ff608603a20 867->871 874 7ff60860c626-7ff60860c629 868->874 875 7ff60860c65c-7ff60860c66e call 7ff60860bee8 868->875 872 7ff60860c697-7ff60860c69d GetLastError 869->872 873 7ff60860c6a0 869->873 877 7ff60860c53f-7ff60860c554 GetConsoleMode 870->877 878 7ff60860c530-7ff60860c539 870->878 871->870 872->873 880 7ff60860c6a3 873->880 881 7ff60860c648-7ff60860c65a call 7ff60860c108 874->881 882 7ff60860c62b-7ff60860c62e 874->882 897 7ff60860c600-7ff60860c607 875->897 887 7ff60860c55a-7ff60860c560 877->887 888 7ff60860c60c 877->888 878->866 878->877 890 7ff60860c6a8 880->890 881->897 883 7ff60860c6b4-7ff60860c6be 882->883 884 7ff60860c634-7ff60860c646 call 7ff60860bfec 882->884 891 7ff60860c71c-7ff60860c721 883->891 892 7ff60860c6c0-7ff60860c6c5 883->892 884->897 895 7ff60860c566-7ff60860c569 887->895 896 7ff60860c5e9-7ff60860c5fb call 7ff60860ba70 887->896 888->866 898 7ff60860c6ad 890->898 891->855 899 7ff60860c6c7-7ff60860c6ca 892->899 900 7ff60860c6f3-7ff60860c6fd 892->900 902 7ff60860c56b-7ff60860c56e 895->902 903 7ff60860c574-7ff60860c582 895->903 896->897 897->890 898->883 905 7ff60860c6cc-7ff60860c6db 899->905 906 7ff60860c6e3-7ff60860c6ee call 7ff608604400 899->906 907 7ff60860c6ff-7ff60860c702 900->907 908 7ff60860c704-7ff60860c713 900->908 902->898 902->903 909 7ff60860c5e0-7ff60860c5e4 903->909 910 7ff60860c584 903->910 905->906 906->900 907->852 907->908 908->891 909->880 912 7ff60860c588-7ff60860c59f call 7ff608612b08 910->912 916 7ff60860c5d7-7ff60860c5dd GetLastError 912->916 917 7ff60860c5a1-7ff60860c5ad 912->917 916->909 918 7ff60860c5cc-7ff60860c5d3 917->918 919 7ff60860c5af-7ff60860c5c1 call 7ff608612b08 917->919 918->909 921 7ff60860c5d5 918->921 919->916 923 7ff60860c5c3-7ff60860c5ca 919->923 921->912 923->918
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60860C41B), ref: 00007FF60860C54C
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60860C41B), ref: 00007FF60860C5D7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                • Instruction ID: 3914baa74c10dc08d709bf65e875702cd1bd0a3e9c0868e828842897382383db
                                                                                                                                                                                • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 6791F322E3865185F761CF7594406BE2BA0BB04B88F355239FE4EA7695DF38D441EB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                • Instruction ID: 021703318ca67b9b8c7368ab405e324aeb9c9e0f781d2a52e9a4c8c3cfec4428
                                                                                                                                                                                • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                • Instruction Fuzzy Hash: FC514972F286214AFB14CF7489416BD27A1BB44358F264A35FD1E93AE5DF3DA402DB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086047D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                • Opcode ID: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                                                                                                                                                • Instruction ID: c35280864762ee46ff33d0023dad2c217709d8527f87b6b3d340dc8f3f51075a
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d39917c2a5e172715dc0149da862f2fc663c363b49fcf3998972eea944cc0d9
                                                                                                                                                                                • Instruction Fuzzy Hash: AC518322E296418AFB24DFB1D4403BE33A1AB4875CF264535EF0D9B699DF38D441AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                                                                • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                • Instruction ID: 8e2fdf99a86e9435233f719f4b67b25bb97e833c1a5f7c8675abf9f09b20bb07
                                                                                                                                                                                • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                • Instruction Fuzzy Hash: B9318C11E9C103C1FE96EBB4D4553BE2391AF613A4FA54034E90ECB6D7DE2CA805924E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608604680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                • Instruction ID: d997f9a9d01b4e5dd4744aa90bdbb9795b413966a7ff174275d91b14cddefa73
                                                                                                                                                                                • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                • Instruction Fuzzy Hash: F041B522D2878183E764DB71950037A6360FB957A8F219334F75C83AD6DF6CA5E09B0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FF39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                • Instruction ID: 015717555191951efec87de1f8a35c60a1ad88dcfe86b88f9650eefb959d02ac
                                                                                                                                                                                • Opcode Fuzzy Hash: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F51F961B4924286EBAADE35940467A6291FF54BB8F344734DE6CC7BCBCF3CD4018608
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB0B0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3548387204-0
                                                                                                                                                                                • Opcode ID: 4011c0cc7ad8475efb9850599936c3c033b15381ca9ef591f27f0db506bfe258
                                                                                                                                                                                • Instruction ID: 99b8c6df8be903abe5e22d21d119480133f229ee7a87c79fc06c2105897ed4bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 4011c0cc7ad8475efb9850599936c3c033b15381ca9ef591f27f0db506bfe258
                                                                                                                                                                                • Instruction Fuzzy Hash: 5711CE40E9820382FE96FBB088522FA11810F70360FB50434F90DC62C3EE5CB9459A2F
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A028 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF608609EA5,?,?,00000000,00007FF608609F5A), ref: 00007FF60860A096
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF608609EA5,?,?,00000000,00007FF608609F5A), ref: 00007FF60860A0A0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1687624791-0
                                                                                                                                                                                • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                • Instruction ID: ca64f16a23225db9b79ff343fb645459b71b9362912695f61e80e3c1f02576fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 4421CF11B2C75241FE50D7B0E45427E1292AF94BE9F3A4235FA2EC77C2CE6CA445AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608611B7C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF608608082,?,?,00000000,00007FF608608576,?,?,?,?,00007FF608610524,?,?,00000000), ref: 00007FF608611B90
                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF608608082,?,?,00000000,00007FF608608576,?,?,?,?,00007FF608610524,?,?,00000000), ref: 00007FF608611BFA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                                                                • Opcode ID: c9abf3fb88e9e7683cd18dab2d1401d5d0104a974878565528d56d1604261888
                                                                                                                                                                                • Instruction ID: 94cbea91211843403fd357f73c81a45095384cb184559fde5f5e347145b98683
                                                                                                                                                                                • Opcode Fuzzy Hash: c9abf3fb88e9e7683cd18dab2d1401d5d0104a974878565528d56d1604261888
                                                                                                                                                                                • Instruction Fuzzy Hash: 0701A511F2976581EE10EB31B41102A7361AF55FE0B6D5630EF6D537D6DE2CE8429348
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF60860B79D), ref: 00007FF60860B650
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF60860B79D), ref: 00007FF60860B65A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                • Instruction ID: ea97186f350ad6b8c08d4f02ffc6958dfd7bdcb523da6c17ab5226ade24c21ca
                                                                                                                                                                                • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F11BF62A28B9181DA10CB35F40416AA361EB45BF4F654331FABD8B7E9CF3CD0119B08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF608604891), ref: 00007FF6086049AF
                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF608604891), ref: 00007FF6086049C5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                • Instruction ID: e7734463d1094fe63ab17e0f84cf1591a1410e802ca08becd51c98f97ea85b52
                                                                                                                                                                                • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                • Instruction Fuzzy Hash: 2C119171A2C65282EA64CB61A41103BB760EB85775F610235F79DC19E8EF2CD054EF0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608609E18 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 588628887-0
                                                                                                                                                                                • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                • Instruction ID: 9d7aa19e45977943fa8d031a2254763d62b6c92beaccd690c97bdfc36f8ee8b1
                                                                                                                                                                                • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                • Instruction Fuzzy Hash: 1CE08650F2920282FF28DBF2684513612615F84B85F265034EA0DC6253DE2CAC55AA4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                • Instruction ID: 06ba402f885750e629b71e05839bba45287b20c1c9b85c62ed67f445dd81b0c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 0141C33292860183EA38CA35E54027A77A1EB95B61F314131E68EC77D5CF2CE502EF5D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                • Opcode ID: 7565fb096b254b385f23bb216aa3176f8fe77f3b5ce837117806d0bae9b96eab
                                                                                                                                                                                • Instruction ID: abbd213a9186f9ef5b7b60e061731b2be9e93e6d28661cf4ea701cf06b7c4e3d
                                                                                                                                                                                • Opcode Fuzzy Hash: 7565fb096b254b385f23bb216aa3176f8fe77f3b5ce837117806d0bae9b96eab
                                                                                                                                                                                • Instruction Fuzzy Hash: 4221D621B4929155FEA2DB3265043FAA681BF59BC8FA94430EE0D87787CF7DE101C608
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                • Instruction ID: ad84810ccc2586f803a4d2336b71b0f025f9d737f3aae26b277a55a0ff7ef0ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                • Instruction Fuzzy Hash: 31319E21A3876281E711DBB5D80037E2690EB80B96F620135FA1D873D3CF7CA841AB1D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086054C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                • Instruction ID: f2e269ff24905d50b2e37935f1fe9938352448b2fe1b617fa605ff90d1d75dd3
                                                                                                                                                                                • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                • Instruction Fuzzy Hash: AF119621A2C64181EA60DF6194042BFA2A0FF84B84F664431FB4DEBB96CF7CD400AF0D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                • Instruction ID: 1b532bab95069edac2c42bd3947ecf0bb43aa49073b7b4fb900b92a939bf3463
                                                                                                                                                                                • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E215332A2864187DB61CF28E445369B6A0EBD4B94F294235F75E876D6DF3CD4009B08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FF61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                • Instruction ID: a9456f7bbfd135c1fc92845539af5a977d5296db0a0842423a68007cd1586e98
                                                                                                                                                                                • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D010422B4874241EA51DB72990106AB691FF91FE4F688630EE6C87BE7CE3CD401870C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860DD40 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF60860A8B6,?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E), ref: 00007FF60860DD95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                • Instruction ID: 64e24347fec1e45234a93b8dbb6f3b604aeaac10f9a041ab77b2c4a3470e305e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                • Instruction Fuzzy Hash: A7F06D54B3920A41FE95EBF699113B602805F88B80F2E9730E90EC63C2ED1CE480AB1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860CACC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF6085FFE44,?,?,?,00007FF608601356,?,?,?,?,?,00007FF608602949), ref: 00007FF60860CB0A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                • Instruction ID: 08c52eac9b23059a4b8a5fd24f979cf1c4849e5b2f98d02c14f4b5e26557d76d
                                                                                                                                                                                • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                • Instruction Fuzzy Hash: 42F05800B3D24245FE24DAB1581167711814F887A0F6A0730FD2ED62C2EE2CE880AA1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00007FF6085F3DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                • API String ID: 190572456-3109299426
                                                                                                                                                                                • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                • Instruction ID: 0fc9cf13d9ecdc6eb82b35813161e3c7e6a07ce7b6b18cb63b19c03b703e851f
                                                                                                                                                                                • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E420C64A6EF0790FE86DB34E8401B42361AF18795FBA5131E90D86366FF7CA558E308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                • Instruction ID: 0094441d0e61b526b175255470181fd204f10e98dc550e1b08635db8f20cad3b
                                                                                                                                                                                • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FA18A32219B9187EB14CF61E58479AB370F788B95F60412AEB8D83B25CF3DE165CB44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086131CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                • Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                • Instruction ID: 774af0b8bdb680a63cba7cd78086e54112e6ff5bafe7baf6695139af9e67a65f
                                                                                                                                                                                • Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                • Instruction Fuzzy Hash: 85B2F772A282828BEB65CF34D5407FD37A1FB54344F695135EA0E97B86DF3CA9009B48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F74B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F74D7
                                                                                                                                                                                • FormatMessageW.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F7506
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF6085F755C
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                • Instruction ID: b78a422c186a0a6d0808c4859a6e8885a75049ba2460705f08ea72a8b3446a54
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                • Instruction Fuzzy Hash: EC216571B68A4282EB61DF31F84427A7361FF58385FA80035E54DC26A6EF7CE505D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                • Instruction ID: 2d7dcdc9a7a9cd267ec232a58db3bc1dc9526f5f77ed2ef46b38e58a8fb3b243
                                                                                                                                                                                • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                • Instruction Fuzzy Hash: A9316E72619A8186EBA1CFB0E8803ED7360FB94754F544439DA4D87B99DF3CC548C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608609AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                • Instruction ID: 734d3bd2048168b24acc606fd27fb8bcfe05f0f7cd3041637ae3ec4934c787b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                • Instruction Fuzzy Hash: B8317132618B8186DB60CF75E8403AE73A5FB89764F650135EA8D83B9ADF3CC545CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086109B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                • Opcode ID: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                • Instruction ID: 7366ec89cd8406478fab083bc95ab2480a41ed247062c92bea136b2994fdf8e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                • Instruction Fuzzy Hash: A3B1D622B39A9641EE60DB31D4002BA6391EF44BE4F694131FE4D87BC6DE3CE481D709
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608612D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                • Instruction ID: ae4146069fbbcdfe7bb3c88343c2bf007df79842acbca39b5ec9cea08f5df568
                                                                                                                                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                • Instruction Fuzzy Hash: E5C11672B2828687EB24CF25E14466AB7A1F784B84F5A8134EB4E87745DF3DE800CB44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608618B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                • Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                • Instruction ID: 8f5a7b08e7a6a9487b74cda4121d59f533449cf4760b89ce9d000522a960d335
                                                                                                                                                                                • Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                • Instruction Fuzzy Hash: 44B15D73A14B898BEB15CF39C8463687BA0F784B48F2A8931EA5D837A5CF39D451D704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                • Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                • Instruction ID: 11646f690930b3431e60229151a1a5220b1aefc76f468aa6be50da7da7a00710
                                                                                                                                                                                • Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                • Instruction Fuzzy Hash: 78F0A432A2978186E7A1CF70F4457667390BF54778F140735EA6D426D5DF3CD009DA04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608602C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $
                                                                                                                                                                                • API String ID: 0-227171996
                                                                                                                                                                                • Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                • Instruction ID: dae5649dfe985b646e7582aaa59f5da11dc916e1d7dc37da14064d66490c59d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8EE1B67292864682EB69CE35816413B33A0FF44B88F364135EA4E877D4DF39E841EB4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860D098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                                                                • Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                • Instruction ID: 1695bbef8d7c38d1ed993056cd95e6bbe997154e5987e98680ffac2c07a8d5b6
                                                                                                                                                                                • Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                • Instruction Fuzzy Hash: D6518922B283C586E724CE75D80176ABB91E744B94F198371EBA887BC6CE3DD440CB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860FA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                                                                • Opcode ID: 04d9243f6b9625233bc016496bd2fdd1fb5932fa142bb1ac96e4e6f166bb5390
                                                                                                                                                                                • Instruction ID: f567145969ce6d6d881103835496cdc6044ad318b8e546bb7e05ba3994fc2273
                                                                                                                                                                                • Opcode Fuzzy Hash: 04d9243f6b9625233bc016496bd2fdd1fb5932fa142bb1ac96e4e6f166bb5390
                                                                                                                                                                                • Instruction Fuzzy Hash: B0029E22A3D64681FE65EB31A40127B2681AF45B90F7B4635FD5DC73D2DE3CA811AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860CC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                                                                • Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                • Instruction ID: 117230d17699691f1ee987f29e2d9c3e08c520fdce1c911445feac4f2cc7e174
                                                                                                                                                                                • Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                • Instruction Fuzzy Hash: 7BA15962B187C546EB21CB39A0007AA7B90EB51BC4F268231EE4D877D5DE3DD405EB09
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608606F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                • Opcode ID: 4c247519fec7f2e45a3b3aff1f89ae521a273667efd57766d02954a47e18fb02
                                                                                                                                                                                • Instruction ID: a52880ab7921da4e54f89050fed2eea9d009c1951c3038c106e3eec2c58523d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 4c247519fec7f2e45a3b3aff1f89ae521a273667efd57766d02954a47e18fb02
                                                                                                                                                                                • Instruction Fuzzy Hash: 9551CE11F2864241FA64EB32590157B5291AF85BC4F3A4134FE0EC77D2EE3EF452AA4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086125A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                • Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                • Instruction ID: 75145c3cfe8af86b736a35e44ae01ab3088635e82a63ce832fd2555a0ce89e62
                                                                                                                                                                                • Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                • Instruction Fuzzy Hash: 68B09220E27A02D2EE09AB716C8321423A47F48701FAA0038D50C90321DF2C64BA7704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608602800 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                • Instruction ID: 8ffb814156a76ccb4988efdf0c3081d50ea4a3515668feb005783935dd6498cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                • Instruction Fuzzy Hash: F6D1F922A2860285EB6ACE35856827F23A1FF05B48F360135EE0D87795DF3DD845EB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F80A0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                • Instruction ID: 03b0c16789541d29329cff131e729998c676e90272b9066a166754f327e4c246
                                                                                                                                                                                • Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                • Instruction Fuzzy Hash: B5C193722141E08BE2C9EB29E46987E7391F79934DBD4403BEB8747B8ACB3CA414D750
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608601E70 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                • Instruction ID: 603a18c341a840ba9d351691dfbdc9e2043c047cd188714c92812d7a79bca5c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                • Instruction Fuzzy Hash: 12B16B7292874585E766CF39C06822E3BA0EB46B48F364176EB4E87395CF29D441EB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860D718 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                • Instruction ID: 0ba70c24ca342fabb6bb71d9a1d001b51fbc87cbe796b4f426ca8a08f3f66e14
                                                                                                                                                                                • Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 1181D472A2878185EB74CBA9944037BBA90FB45794F254335EB9D87B99DF3CD400AF08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608615820 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                • Instruction ID: 1aad33f7ba40cb3550a8bce736ac5a593cf673506b7b66ecb68c1e6a894f6857
                                                                                                                                                                                • Opcode Fuzzy Hash: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                • Instruction Fuzzy Hash: F161EB22E6829246FF64C9398458379A681BFC0370F3E4635F62FC66D7DE6DD840A709
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608600BA4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                • Instruction ID: ac364366020219229478a08ad0ba0dfcf84913b09cce1d470b9857b062b9ba33
                                                                                                                                                                                • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F518176A28A5586E724CB39D04033A37A0EB44B58F355131EE4D877D5CF3AE842DB4A
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086013C4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                • Instruction ID: 16908e8dd4e5268d1855543768f357949e104c4519a9c0cdb093705c13df59ae
                                                                                                                                                                                • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                • Instruction Fuzzy Hash: CD518676A24651C2E725CB39D04023A37A0EB46B58F354131EE8D8B7A5CF3AE842DB4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608600FB4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                • Instruction ID: 93e39d5a2a50ef1ecb3b8188e672866042fd7460611cfbf197af083984fb6ac5
                                                                                                                                                                                • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                • Instruction Fuzzy Hash: 48518376A3865182E724CB39C04023A37A0FB46B68F354131EE8D87795CF7AE843DB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086009A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                • Instruction ID: 8a3a5d79974333f08ca2e432f68bba31c370ef8bb2e55da4259c2ff596411bc6
                                                                                                                                                                                • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                • Instruction Fuzzy Hash: BF51A336A28A5586E724CB39C04037E37A1EB44B58F364131EE4C97796DF3AE842DF49
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086011C0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                • Instruction ID: 796d4d779745455f1aa7c29dd8390efa08c35d4ef7d37a2fe158910717cc0554
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                • Instruction Fuzzy Hash: 40519336A2865185E724CB39C04123E37A1EB46B58F364131EE4C97798DF3AEC83DB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608600DB0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                • Instruction ID: d2e925a5f5e142b7d73089f04b1549638f004a6ce1667bbc4699f54f8d55d98f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                • Instruction Fuzzy Hash: 7351A136A28A5186E764CB39D04033A37A0EB45B58F364131EE4C97795CF3AEC52EB49
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608604F50 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                • Instruction ID: 54cd3030fa081fe7383506c759b8b9d63d1144df5b74b8bd414ffa1275adb7eb
                                                                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                • Instruction Fuzzy Hash: 95410852C2D64E84F961C93845087BE2680AF727A4D7A52B0FD9BE33C3DD1C2986ED4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608608BA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 588628887-0
                                                                                                                                                                                • Opcode ID: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                • Instruction ID: a6147b5452a3c6053cf49f0e1416fa46468c2276a2b630383cdd7d33ce857385
                                                                                                                                                                                • Opcode Fuzzy Hash: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                • Instruction Fuzzy Hash: 38411672B24A5882EF44CF3AD95456A73A1BB48FD4F5A9032EE0DC7B64DE3CC4429708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608606560 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 661748548992a33f3a500b93372cab8c74f62ef7f3472380e8fefb9c58a103fd
                                                                                                                                                                                • Instruction ID: e4a9be05fc6aa865967cbc09239356d83039a0262b50e6dd61d833a0054e0b6c
                                                                                                                                                                                • Opcode Fuzzy Hash: 661748548992a33f3a500b93372cab8c74f62ef7f3472380e8fefb9c58a103fd
                                                                                                                                                                                • Instruction Fuzzy Hash: F9319332B28B4242E665DF35A44012B6695AF84B90F254238FA8E93BD6DF3CD0129A0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086189B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                • Instruction ID: 8e1e76230cf77152c8d41dc0be4fd79a19acb8b91cd79203d9d984eeb465239a
                                                                                                                                                                                • Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                • Instruction Fuzzy Hash: 2CF06871B286658BFB98CF79A80262977D0F7083C0F509039F58DC3B04DA3C98619F08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB880 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                • Instruction ID: 7f20a39953a160f5dc18c33ffbaadcdc5d38db1dfdb77d1bfd8557198bc5eeae
                                                                                                                                                                                • Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                • Instruction Fuzzy Hash: 5AA0022195DC16D0EE86DB60E8550306371FBA0711B650031E80DC10A29F3CE440E309
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F55D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                • API String ID: 2238633743-1453502826
                                                                                                                                                                                • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                • Instruction ID: d40631a09e23d4d5bfdd39b3926e8aab2a9e6a8b088eafc8853d89db64e4dffc
                                                                                                                                                                                • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                • Instruction Fuzzy Hash: B0E12264AADF1385FE86CB74A85007823A5AF14782FB95135E44D863A6FF7CF548B308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                • Instruction ID: 469a5111ce7bce764d5b7d8773c9e09269bd69c6788f0630fc8c20a666ca3aaa
                                                                                                                                                                                • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A511826618BA186DA34DF32E4181BAB7A1FB98B66F004121EFCF83685DF3CD045DB14
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608600228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                • Instruction ID: 1b2e33b6d772936f5b98770d139f041584167a12f10c36fa2dca58ff7d2d8c80
                                                                                                                                                                                • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                • Instruction Fuzzy Hash: 2C12C661E2C94386FB24DA34E05477B7292FB80750FA54035F6998A6C4DF3CE980AF4E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                • Opcode ID: 44be890017858426c06e3a431533ca429609ac2673187faf0580b8e89f8ad970
                                                                                                                                                                                • Instruction ID: ba0a635dd327d8225eef5192e4e2e100840870fc2e304edf39fc82b04f874bfd
                                                                                                                                                                                • Opcode Fuzzy Hash: 44be890017858426c06e3a431533ca429609ac2673187faf0580b8e89f8ad970
                                                                                                                                                                                • Instruction Fuzzy Hash: D841B361B99A42C1EE56DB31E4002BA73A0FF64794F654431DE4D87B46EE3CE542D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FDC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                • Instruction ID: 0cea1a786cf1fc84a447c306f9712dd7b2e75c41059ebba556d3b4f40df2f8d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                • Instruction Fuzzy Hash: 27E1A072A487458AEBA1DF35D4412AD7BB4FB64798F200535EE8D87B9ACF38E580C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF60860E152,?,?,0000025C75516A08,00007FF60860A223,?,?,?,00007FF60860A11A,?,?,?,00007FF608605472), ref: 00007FF60860DF34
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000,?,00007FF60860E152,?,?,0000025C75516A08,00007FF60860A223,?,?,?,00007FF60860A11A,?,?,?,00007FF608605472), ref: 00007FF60860DF40
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                • Instruction ID: ea1c6078d1c0c3d35cbac94f93dff1db207aa7528d9eec9e9c6e916cb1aae6b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                • Instruction Fuzzy Hash: E0412821B3AA1241FA56CB72A8005762392BF54BA0F6A4335ED0DC7795EF3CE845E70C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F769F
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F76EF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                • Opcode ID: 2aaccfe3370f25a3dd16e726b297608570a69e4cd66187ba5598d1d45a3b0ced
                                                                                                                                                                                • Instruction ID: fab08154c17353650a542dabf05a6be640387d6bbe5cb9353c677a049eb331de
                                                                                                                                                                                • Opcode Fuzzy Hash: 2aaccfe3370f25a3dd16e726b297608570a69e4cd66187ba5598d1d45a3b0ced
                                                                                                                                                                                • Instruction Fuzzy Hash: 5441F432A1EBC281EA61CF21F44016AB7A4FB98790F684034EE8D83B96DF3CD055D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F7B81
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F7BF5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                • Opcode ID: bd1dbe9bdc4e325520a389bb739d5baca1f56465b0b7a014c0b5d934fc12bc42
                                                                                                                                                                                • Instruction ID: ef9ad1c160a68e09faee81800b303181f9138ad0541f053d4219a86095e4832b
                                                                                                                                                                                • Opcode Fuzzy Hash: bd1dbe9bdc4e325520a389bb739d5baca1f56465b0b7a014c0b5d934fc12bc42
                                                                                                                                                                                • Instruction Fuzzy Hash: 8521BC71A58B8285EB51DF32E84007977A1EB98B84F684135EA4DC3796EFBCE541D308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608609264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: f$p$p
                                                                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                                                                • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                • Instruction ID: 3538662d8efceafea380d9b53abef6413658760ec357671a7437a22d324cffc9
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                • Instruction Fuzzy Hash: EC12B462E2C14346FB24DB75D05467B7A93EB80754FAA4035F689866C6DF3CE480AF1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                • API String ID: 626452242-876015163
                                                                                                                                                                                • Opcode ID: 004115aedb211b95c9e8defd2268a4a6b82d29107b6468b4658149a0f76882de
                                                                                                                                                                                • Instruction ID: ed0d1ade4291c6b9a416d8154918d3e182b968d68f2bb771b9a4b410b58453b3
                                                                                                                                                                                • Opcode Fuzzy Hash: 004115aedb211b95c9e8defd2268a4a6b82d29107b6468b4658149a0f76882de
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B41C332A18B8282EA61CF35B44017A67A5FB58790F794135EB4DC7BA6EF3CD412D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FF6085F7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6085F67CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6085F64DF
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2770: MessageBoxW.USER32 ref: 00007FF6085F2841
                                                                                                                                                                                Strings
                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6085F64F3
                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6085F653A
                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6085F64B6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                • Instruction ID: bd30f1caa939ab1c5e383f0e4f5838563c5efed7d21bd47eb1682810654a2d3a
                                                                                                                                                                                • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                • Instruction Fuzzy Hash: 3031C851B6D78240FEA2E731E5553BA5291AFB87C1FA40431DA4ED27DBEE2CE5088708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FCEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCF6D
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCF7B
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFA5
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFEB
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFF7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                • Instruction ID: 6fafeb667fc9645307eb1ddec85689804581f6b95445bdca2c49d1d4c51adf61
                                                                                                                                                                                • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                • Instruction Fuzzy Hash: DB310721B5EA5291FE93DB22A80057563D8FF58BA0F694535ED1D87382EF3CE4458708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7AF0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                • Opcode ID: 4acbd98045038fd4d2c1bd21845f03b7508581de0be994fe0935300e8d9fa1b9
                                                                                                                                                                                • Instruction ID: c75601a9f19b37ef5055f890714bf15cea6029891e56852f64d7d4dff31199e9
                                                                                                                                                                                • Opcode Fuzzy Hash: 4acbd98045038fd4d2c1bd21845f03b7508581de0be994fe0935300e8d9fa1b9
                                                                                                                                                                                • Instruction Fuzzy Hash: 19218622B18A8281EF51CB39F40007AA361FF987D4F694531EB4CC3BAAEF6CD5418708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A62F
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A644
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A665
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A692
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6A3
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6B4
                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6CF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                • Opcode ID: e53f9a3808410a1863c1ef2783f3485e656d0f38709608aa6df1612cc06d1a2d
                                                                                                                                                                                • Instruction ID: cf84b062b2baf05f4a8ebf5239dadc0fe5d37e9f5b26815b503c06f2a2843be8
                                                                                                                                                                                • Opcode Fuzzy Hash: e53f9a3808410a1863c1ef2783f3485e656d0f38709608aa6df1612cc06d1a2d
                                                                                                                                                                                • Instruction Fuzzy Hash: 77214C20E3C72242FA58E7B1565657B62525F44BF1F360B74F83E87AD6DE2CA8006A4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                • Instruction ID: f1818fbfbf323a82460a9b6a5b487097809ce1fa28881d5884e401b4de68336b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                • Instruction Fuzzy Hash: 43119621728A5186E750DB62E855325B2A1FB48FE5F690234FD5DC7795CF3CD8048748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A7A7
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A7DD
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A80A
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A81B
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A82C
                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A847
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                • Opcode ID: 26096caa631d402a253fbee1aabd66e5c698970658d3e692cace22327da93207
                                                                                                                                                                                • Instruction ID: ce17395cb8733c608c37bd56f5d5612830009f037137a654a0307694d0646bdd
                                                                                                                                                                                • Opcode Fuzzy Hash: 26096caa631d402a253fbee1aabd66e5c698970658d3e692cace22327da93207
                                                                                                                                                                                • Instruction Fuzzy Hash: AF116F20E2C76242F954D7B1654607F51525F44BF1F364774F93E87AD6DE2CA801BA0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FC8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                • String ID: csm$f
                                                                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                                                                • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                • Instruction ID: ac216b1f0aa7e75a637b297b6ff08200638f6760edf104ece81e54b24f513f08
                                                                                                                                                                                • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E51D732B5962686D796DF35D404A393796FB64B88F218530DE4A8774ADF38FC41C708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                • Instruction ID: 9f1dcd61890613e4c5e3848cad22dae1ae820f557310724eee617ae07ed545b6
                                                                                                                                                                                • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                • Instruction Fuzzy Hash: 56317372A19A8285EB21DF71E8551EA6360FF48788F540135FA4ECBB56DF3CD145CB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F74B0: GetLastError.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F74D7
                                                                                                                                                                                  • Part of subcall function 00007FF6085F74B0: FormatMessageW.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F7506
                                                                                                                                                                                  • Part of subcall function 00007FF6085F7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF6085F2748
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                • Instruction ID: 191f6a34fb97996ac007f1b1dae93f0b9567896ce0d7f1939ebfb564a84581a2
                                                                                                                                                                                • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                • Instruction Fuzzy Hash: C131A472629AC281EB71DB60E4507EA6365FF94788F504036E68D83A9ADF3CD305CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086088E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                • Instruction ID: 6ac510672483662bf716126ea21b81974c17b63d273b18b2bd4916c489fe4668
                                                                                                                                                                                • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF0C261B2AA0281EF10CB74E84533A6320AF857A2F690335E96D862F0CF2CD448E708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086187A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                • Instruction ID: f3147b06cbd7a4f40bd509174ba60f693b95e7054d30c20edacd28b0d9bfe8a1
                                                                                                                                                                                • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                • Instruction Fuzzy Hash: 1511BF22E38A0701FE94E535E44137914426F583A4F3E0230FA7E8B6D7CE2CAC41A249
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A87F
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A89E
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8C6
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8D7
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: cdf61458b760d7ddaaf607c46c93bce79fb7550c08439d36ce2b00083972c9c2
                                                                                                                                                                                • Instruction ID: 1af60167f90610db72d7ba773c0bccd8abd50119ecf70c4d797866bda9cb47f0
                                                                                                                                                                                • Opcode Fuzzy Hash: cdf61458b760d7ddaaf607c46c93bce79fb7550c08439d36ce2b00083972c9c2
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C117F20F2C76601FA58D3B5654217B51415F447E1F364774F83DCA6C6DE2CA802AA0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A705
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A724
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A74C
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A75D
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A76E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: abc4588a7e8f9684bbd4571b792111094c26aa3ad506f269400aeaeb7f669891
                                                                                                                                                                                • Instruction ID: c0da317b464d2bf31bd6fb28a4a0259d3e45b92df4241dcbd3210f0d2730a524
                                                                                                                                                                                • Opcode Fuzzy Hash: abc4588a7e8f9684bbd4571b792111094c26aa3ad506f269400aeaeb7f669891
                                                                                                                                                                                • Instruction Fuzzy Hash: 70115A28E2C31701F998E3B1481607B12924F457B2F368B74FA3ECA2C3DD2CB8016A5D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                • Instruction ID: cb94b703d2bc715ec516e6f6530ecd5331e872b7f57d67b338c772aad6a48f1d
                                                                                                                                                                                • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D818F32E2C20285E778CE35815127A36A0AB51B98F778031FA49D72D6DF2DE901AB4D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FE108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                • Instruction ID: f96cfa5542c7ab2cb09c6ab161a7c261645280fbf61227015baaa3a7486acd26
                                                                                                                                                                                • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D616A32A08B458AEB61CF75D4817AD77A0FB54B88F244225EF4D97BAADF38E045C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FE464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                • Instruction ID: 1d4b9b9da787d5bbe2905728735de5ca3478a877f65e2cbc23bd005360657ece
                                                                                                                                                                                • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8451A37294824586EBB5CF35A54526C77A0FB64B88F644135EA8C8BBE6CF3CF450CB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                • Instruction ID: 2438f950cc6f269f272cc3a8e55fb866cd286d7ffaa5ece66e547fbba816fa31
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                • Instruction Fuzzy Hash: 27319772628AC181EA71DB60E4517DA6355FF947C8F504035F68D8769ADF3CD305CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F3BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F3BD1
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                • Instruction ID: 96fa6e3ddbde9e75ef82459ab33de85b5d9a57707f1bbdfc28939543a14c6cb8
                                                                                                                                                                                • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D01A761B6D65281FEA3EB30E8153F91251AF6C7C5F640031E84EC7797EE5CE144A708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                • Instruction ID: 0f1c2a733a027d6e7c8ac84b328e5b5ca9d1ce5e3b4418726f26f35a6c69ee6d
                                                                                                                                                                                • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                • Instruction Fuzzy Hash: 39D1F332B28A8489E711CF75D4402AD37B1FB447E8B258235EE4ED7B99DE38D406DB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                • Instruction ID: e679da842bab25467dcbc1ce14ae1812745cb70a61c10556aa026016c65f1ef3
                                                                                                                                                                                • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 81110021E5855281FA93C7B9E5443B96252EF99780F689031F94987B8FCE3CD4C14208
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608614D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                • Opcode ID: 6905acbfd6d9976ecdbc32ab445a222704bc8f30f61d617dd49fa92c981ecd4a
                                                                                                                                                                                • Instruction ID: 7ad7a3143a60a1d540b6448ecb87e07c8211127a1eb67dd7da2667f6bf01cdd4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6905acbfd6d9976ecdbc32ab445a222704bc8f30f61d617dd49fa92c981ecd4a
                                                                                                                                                                                • Instruction Fuzzy Hash: 85410812A2828245FF60DB35E40137A6691EF80BA4F394235FF5C87ADADE3CD4919B0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608607E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF608607E9E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6085FB105), ref: 00007FF608607EBC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                                • API String ID: 2553983749-3233492432
                                                                                                                                                                                • Opcode ID: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                • Instruction ID: ccfa881b535f2731d784bf0d66dfe9569ccfbbac39662fe7cbd924d57209578e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                • Instruction Fuzzy Hash: 03419132A28B4685EB14DF31A4400BE67A5EF447C4B664035FE0E83B86DF3DE891974C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                • String ID: U
                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                • Instruction ID: a6757f47645881f70e795b1467bc1ca287cbccba3e142576b0c03642e267f2ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                • Instruction Fuzzy Hash: 6441B422628A4186DB20CF75E8443AA7761FB98794F514131EE4DC7B94DF3CD445DB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                • String ID: :
                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                • Opcode ID: f313d8180a861e56bccf2815f1d1ece0432639354f6a49a09631fb8acf204548
                                                                                                                                                                                • Instruction ID: bb0e5a7cbb6c7add6652c9456226e519b1411f4b0fc760a064e11e08efcbef33
                                                                                                                                                                                • Opcode Fuzzy Hash: f313d8180a861e56bccf2815f1d1ece0432639354f6a49a09631fb8acf204548
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F2106B2B2865181EB22CB31D04426E73B2FB88B44F664835E68C83285DF7ED9449B48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                • Instruction ID: e907d6e4e71ac068530e4f9203b825cd4973e73ce9a45a1fa041fcbc52fc7d69
                                                                                                                                                                                • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                • Instruction Fuzzy Hash: DA21B672738B8181EB61DB60F4517EA6354FB94788F904035EA8D87A96DF3CD205CB44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                • Instruction ID: 87e9a2091f9a17bee63e005eec87aa377b98974e781b392ae51ad3ed6ad26a7d
                                                                                                                                                                                • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21B672738A8281EB61DB60F4517EA6355FB94788F904035EA8D87A96DF3CD205CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FEFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                • Instruction ID: fb69902e57dcfb1d1fb3770614fac66a3a565fe27e967eeb5bef6d440b766cdd
                                                                                                                                                                                • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                • Instruction Fuzzy Hash: 46114C32618B8182EB62CF25F44026977A4FB98B94F284231EE8D47B69DF3DD551CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.2903128727.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000000.00000002.2903111422.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903160355.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903182528.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000000.00000002.2903223543.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: :
                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                • Instruction ID: b04e9a7423d479e95e4f531977e31b9cf776ea3c5bcad26e3c305914e60317b7
                                                                                                                                                                                • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F018F6192860286FB71EF70946227F23A0EF54708FA61035F64EC66D2DE2CE544EE1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:2.2%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                Signature Coverage:1.1%
                                                                                                                                                                                Total number of Nodes:892
                                                                                                                                                                                Total number of Limit Nodes:27
                                                                                                                                                                                execution_graph 62635 7ffdfac1e1a0 62636 7ffdfac1ed8a 62635->62636 62643 7ffdfac1e1b8 62635->62643 62637 7ffdfac1eca3 LoadLibraryA 62638 7ffdfac1ecbd 62637->62638 62640 7ffdfac1ecc6 GetProcAddress 62638->62640 62638->62643 62640->62638 62641 7ffdfac1ece7 62640->62641 62642 7ffdfac1ecf2 VirtualProtect VirtualProtect 62642->62636 62643->62637 62643->62642 62644 7ff6085f1f70 62645 7ff6085f1feb GetWindowLongPtrW 62644->62645 62647 7ff6085f1f85 62644->62647 62670 7ff6085f2030 GetDC 62645->62670 62650 7ff6085f1f92 62647->62650 62651 7ff6085f1fba SetWindowLongPtrW 62647->62651 62648 7ff6085f1fa4 EndDialog 62653 7ff6085f1faa 62648->62653 62650->62648 62650->62653 62655 7ff6085f1b90 62651->62655 62680 7ff6085f2470 62655->62680 62659 7ff6085f1c43 SystemParametersInfoW 62660 7ff6085f1c77 62659->62660 62661 7ff6085f1c67 CreateFontIndirectW 62659->62661 62662 7ff6085f1c7a 8 API calls 62660->62662 62661->62662 62663 7ff6085f1e6a SendMessageW SendMessageW SendMessageW SendMessageW 62662->62663 62664 7ff6085f1ed7 SendMessageW SendMessageW GetClientRect 62662->62664 62663->62664 62665 7ff6085f1f1a 62664->62665 62666 7ff6085f1f38 62664->62666 62667 7ff6085f2030 17 API calls 62665->62667 62686 7ff6085fad80 62666->62686 62667->62666 62671 7ff6085f20fd 62670->62671 62672 7ff6085f206d 62670->62672 62673 7ff6085f2102 MoveWindow MoveWindow MoveWindow MoveWindow 62671->62673 62674 7ff6085f209f SelectObject 62672->62674 62675 7ff6085f20ab DrawTextW 62672->62675 62678 7ff6085fad80 _wfindfirst32i64 8 API calls 62673->62678 62674->62675 62676 7ff6085f20d5 SelectObject 62675->62676 62677 7ff6085f20e1 ReleaseDC 62675->62677 62676->62677 62677->62673 62679 7ff6085f2008 InvalidateRect 62678->62679 62679->62653 62681 7ff6085f2495 62680->62681 62695 7ff608603e38 62681->62695 62684 7ff6085fc210 62685 7ff6085fc1f0 62684->62685 62685->62659 62685->62685 62687 7ff6085fad89 62686->62687 62688 7ff6085f1f48 62687->62688 62689 7ff6085fae40 IsProcessorFeaturePresent 62687->62689 62690 7ff6085fae58 62689->62690 62718 7ff6085fb034 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 62690->62718 62692 7ff6085fae6b 62719 7ff6085fae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 62692->62719 62696 7ff608603e92 62695->62696 62697 7ff608603eb7 62696->62697 62699 7ff608603ef3 62696->62699 62713 7ff608609ce4 37 API calls 2 library calls 62697->62713 62714 7ff6086021f0 48 API calls _invalid_parameter_noinfo 62699->62714 62701 7ff608603ee1 62702 7ff6085fad80 _wfindfirst32i64 8 API calls 62701->62702 62704 7ff6085f1bde GetDialogBaseUnits MulDiv MulDiv 62702->62704 62704->62684 62705 7ff608603f8e 62706 7ff608603ffa 62705->62706 62708 7ff608603fa0 62705->62708 62709 7ff608603fd4 62705->62709 62712 7ff608603fa9 62705->62712 62706->62709 62710 7ff608604004 62706->62710 62708->62709 62708->62712 62717 7ff608609e18 11 API calls 2 library calls 62709->62717 62716 7ff608609e18 11 API calls 2 library calls 62710->62716 62715 7ff608609e18 11 API calls 2 library calls 62712->62715 62713->62701 62714->62705 62715->62701 62716->62701 62717->62701 62718->62692 62720 7ff6085fa620 62721 7ff6085fa643 62720->62721 62722 7ff6085fa65f memcpy_s 62720->62722 62724 7ff60860cacc 62721->62724 62725 7ff60860cb17 62724->62725 62729 7ff60860cadb _get_daylight 62724->62729 62732 7ff608604444 11 API calls _get_daylight 62725->62732 62726 7ff60860cafe RtlAllocateHeap 62728 7ff60860cb15 62726->62728 62726->62729 62728->62722 62729->62725 62729->62726 62731 7ff6086126b0 EnterCriticalSection LeaveCriticalSection _get_daylight 62729->62731 62731->62729 62732->62728 62733 7ff6085fb19c 62756 7ff6085fb36c 62733->62756 62736 7ff6085fb2e8 62856 7ff6085fb69c 7 API calls 2 library calls 62736->62856 62737 7ff6085fb1b8 __scrt_acquire_startup_lock 62739 7ff6085fb2f2 62737->62739 62740 7ff6085fb1d6 62737->62740 62857 7ff6085fb69c 7 API calls 2 library calls 62739->62857 62746 7ff6085fb1f7 __scrt_release_startup_lock 62740->62746 62762 7ff608608674 62740->62762 62743 7ff6085fb1fb 62744 7ff6085fb2fd __FrameHandler3::FrameUnwindToEmptyState 62745 7ff6085fb281 62766 7ff6085fb7e8 62745->62766 62746->62743 62746->62745 62853 7ff608608984 45 API calls 62746->62853 62748 7ff6085fb286 62769 7ff6085f1000 62748->62769 62753 7ff6085fb2a9 62753->62744 62855 7ff6085fb500 7 API calls __scrt_initialize_crt 62753->62855 62755 7ff6085fb2c0 62755->62743 62858 7ff6085fb96c 62756->62858 62759 7ff6085fb39b __scrt_initialize_crt 62761 7ff6085fb1b0 62759->62761 62860 7ff6085fcac8 7 API calls 2 library calls 62759->62860 62761->62736 62761->62737 62764 7ff608608687 62762->62764 62763 7ff6086086ae 62763->62746 62764->62763 62861 7ff6085fb0b0 62764->62861 62767 7ff6085fc210 __scrt_get_show_window_mode 62766->62767 62768 7ff6085fb7ff GetStartupInfoW 62767->62768 62768->62748 62770 7ff6085f100b 62769->62770 62936 7ff6085f7600 62770->62936 62772 7ff6085f101d 62943 7ff608604f14 62772->62943 62774 7ff6085f367b 62950 7ff6085f1af0 62774->62950 62778 7ff6085fad80 _wfindfirst32i64 8 API calls 62779 7ff6085f37ae 62778->62779 62854 7ff6085fb82c GetModuleHandleW 62779->62854 62780 7ff6085f3699 62844 7ff6085f379a 62780->62844 62966 7ff6085f3b20 62780->62966 62782 7ff6085f36cb 62782->62844 62969 7ff6085f6990 62782->62969 62784 7ff6085f36e7 62785 7ff6085f3733 62784->62785 62787 7ff6085f6990 61 API calls 62784->62787 62984 7ff6085f6f90 62785->62984 62792 7ff6085f3708 __std_exception_copy 62787->62792 62788 7ff6085f3748 62988 7ff6085f19d0 62788->62988 62791 7ff6085f383d 62794 7ff6085f3868 62791->62794 63089 7ff6085f3280 59 API calls 62791->63089 62792->62785 62798 7ff6085f6f90 58 API calls 62792->62798 62793 7ff6085f19d0 121 API calls 62797 7ff6085f377e 62793->62797 62802 7ff6085f38ab 62794->62802 62999 7ff6085f7a30 62794->62999 62800 7ff6085f3782 62797->62800 62801 7ff6085f37c0 62797->62801 62798->62785 62799 7ff6085f3888 62803 7ff6085f389e SetDllDirectoryW 62799->62803 62804 7ff6085f388d 62799->62804 63064 7ff6085f2770 59 API calls 2 library calls 62800->63064 62801->62791 63065 7ff6085f3cb0 62801->63065 63013 7ff6085f5e40 62802->63013 62803->62802 63090 7ff6085f2770 59 API calls 2 library calls 62804->63090 62811 7ff6085f37e2 63088 7ff6085f2770 59 API calls 2 library calls 62811->63088 62812 7ff6085f3906 62819 7ff6085f39c6 62812->62819 62825 7ff6085f3919 62812->62825 62815 7ff6085f3810 62815->62791 62818 7ff6085f3815 62815->62818 62817 7ff6085f38c8 62817->62812 63092 7ff6085f5640 161 API calls 3 library calls 62817->63092 63084 7ff6085ff2ac 62818->63084 63054 7ff6085f3110 62819->63054 62823 7ff6085f38d9 62826 7ff6085f38fc 62823->62826 62827 7ff6085f38dd 62823->62827 62824 7ff6085f39d3 62824->62844 63101 7ff6085f6f20 57 API calls __std_exception_copy 62824->63101 62832 7ff6085f3965 62825->62832 63096 7ff6085f1b30 62825->63096 63095 7ff6085f5890 FreeLibrary 62826->63095 63093 7ff6085f55d0 91 API calls 62827->63093 62832->62844 63017 7ff6085f30b0 62832->63017 62833 7ff6085f38e7 62833->62826 62835 7ff6085f38eb 62833->62835 62834 7ff6085f39fb 62836 7ff6085f6990 61 API calls 62834->62836 63094 7ff6085f5c90 60 API calls 62835->63094 62839 7ff6085f3a07 62836->62839 62842 7ff6085f3a18 62839->62842 62839->62844 62840 7ff6085f39a1 63100 7ff6085f5890 FreeLibrary 62840->63100 62841 7ff6085f38fa 62841->62812 63102 7ff6085f6fd0 63 API calls 2 library calls 62842->63102 62844->62778 62846 7ff6085f3a30 63103 7ff6085f5890 FreeLibrary 62846->63103 62848 7ff6085f3a3c 62849 7ff6085f3a57 62848->62849 63104 7ff6085f6c90 67 API calls 2 library calls 62848->63104 63105 7ff6085f1ab0 74 API calls __std_exception_copy 62849->63105 62852 7ff6085f3a5f 62852->62844 62853->62745 62854->62753 62855->62755 62856->62739 62857->62744 62859 7ff6085fb38e __scrt_dllmain_crt_thread_attach 62858->62859 62859->62759 62859->62761 62860->62761 62862 7ff6085fb0c0 62861->62862 62878 7ff60860579c 62862->62878 62864 7ff6085fb0cc 62884 7ff6085fb3b8 62864->62884 62867 7ff6085fb0e4 _RTC_Initialize 62876 7ff6085fb139 62867->62876 62889 7ff6085fb568 62867->62889 62868 7ff6085fb165 62868->62764 62870 7ff6085fb0f9 62892 7ff608607e6c 62870->62892 62874 7ff6085fb10e 62875 7ff608608a80 45 API calls 62874->62875 62875->62876 62877 7ff6085fb155 62876->62877 62918 7ff6085fb69c 7 API calls 2 library calls 62876->62918 62877->62764 62879 7ff6086057ad 62878->62879 62881 7ff6086057b5 62879->62881 62919 7ff608604444 11 API calls _get_daylight 62879->62919 62881->62864 62882 7ff6086057c4 62920 7ff608609db0 37 API calls _invalid_parameter_noinfo 62882->62920 62885 7ff6085fb3c9 62884->62885 62888 7ff6085fb3ce __scrt_acquire_startup_lock 62884->62888 62885->62888 62921 7ff6085fb69c 7 API calls 2 library calls 62885->62921 62887 7ff6085fb442 62888->62867 62922 7ff6085fb52c 62889->62922 62891 7ff6085fb571 62891->62870 62893 7ff608607e8c 62892->62893 62900 7ff6085fb105 62892->62900 62894 7ff608607e94 62893->62894 62895 7ff608607eaa GetModuleFileNameW 62893->62895 62927 7ff608604444 11 API calls _get_daylight 62894->62927 62899 7ff608607ed5 62895->62899 62897 7ff608607e99 62928 7ff608609db0 37 API calls _invalid_parameter_noinfo 62897->62928 62929 7ff608607e0c 11 API calls 2 library calls 62899->62929 62900->62876 62917 7ff6085fb63c InitializeSListHead 62900->62917 62902 7ff608607f15 62903 7ff608607f1d 62902->62903 62906 7ff608607f35 62902->62906 62930 7ff608604444 11 API calls _get_daylight 62903->62930 62905 7ff608607f22 62931 7ff608609e18 11 API calls 2 library calls 62905->62931 62907 7ff608607f57 62906->62907 62911 7ff608607f83 62906->62911 62912 7ff608607f9c 62906->62912 62935 7ff608609e18 11 API calls 2 library calls 62907->62935 62909 7ff608607f30 62909->62900 62932 7ff608609e18 11 API calls 2 library calls 62911->62932 62934 7ff608609e18 11 API calls 2 library calls 62912->62934 62915 7ff608607f8c 62933 7ff608609e18 11 API calls 2 library calls 62915->62933 62918->62868 62919->62882 62921->62887 62923 7ff6085fb546 62922->62923 62925 7ff6085fb53f 62922->62925 62926 7ff608608eec 40 API calls 62923->62926 62925->62891 62926->62925 62927->62897 62929->62902 62930->62905 62931->62909 62932->62915 62933->62909 62934->62907 62935->62900 62938 7ff6085f761f 62936->62938 62937 7ff6085f7670 WideCharToMultiByte 62937->62938 62940 7ff6085f7718 62937->62940 62938->62937 62938->62940 62941 7ff6085f76c6 WideCharToMultiByte 62938->62941 62942 7ff6085f7627 __std_exception_copy 62938->62942 63106 7ff6085f2620 57 API calls 2 library calls 62940->63106 62941->62938 62941->62940 62942->62772 62946 7ff60860ec40 62943->62946 62944 7ff60860ec93 63107 7ff608609ce4 37 API calls 2 library calls 62944->63107 62946->62944 62947 7ff60860ece6 62946->62947 63108 7ff60860eb18 71 API calls _fread_nolock 62947->63108 62949 7ff60860ecbc 62949->62774 62951 7ff6085f1b05 62950->62951 62952 7ff6085f1b20 62951->62952 63109 7ff6085f24d0 59 API calls 3 library calls 62951->63109 62952->62844 62954 7ff6085f3ba0 62952->62954 63110 7ff6085fadb0 62954->63110 62957 7ff6085f3bf2 63113 7ff6085f7b40 59 API calls 62957->63113 62958 7ff6085f3bdb 63112 7ff6085f2620 57 API calls 2 library calls 62958->63112 62961 7ff6085f3bee 62963 7ff6085fad80 _wfindfirst32i64 8 API calls 62961->62963 62962 7ff6085f3c05 62962->62961 63114 7ff6085f2770 59 API calls 2 library calls 62962->63114 62965 7ff6085f3c2f 62963->62965 62965->62780 62967 7ff6085f1b30 49 API calls 62966->62967 62968 7ff6085f3b3d 62967->62968 62968->62782 62970 7ff6085f699a 62969->62970 62971 7ff6085f7a30 57 API calls 62970->62971 62972 7ff6085f69bc GetEnvironmentVariableW 62971->62972 62973 7ff6085f69d4 ExpandEnvironmentStringsW 62972->62973 62974 7ff6085f6a26 62972->62974 63115 7ff6085f7b40 59 API calls 62973->63115 62975 7ff6085fad80 _wfindfirst32i64 8 API calls 62974->62975 62977 7ff6085f6a38 62975->62977 62977->62784 62978 7ff6085f69fc 62978->62974 62979 7ff6085f6a06 62978->62979 63116 7ff60860910c 37 API calls 2 library calls 62979->63116 62981 7ff6085f6a0e 62982 7ff6085fad80 _wfindfirst32i64 8 API calls 62981->62982 62983 7ff6085f6a1e 62982->62983 62983->62784 62985 7ff6085f7a30 57 API calls 62984->62985 62986 7ff6085f6fa7 SetEnvironmentVariableW 62985->62986 62987 7ff6085f6fbf __std_exception_copy 62986->62987 62987->62788 62989 7ff6085f1b30 49 API calls 62988->62989 62990 7ff6085f1a00 62989->62990 62991 7ff6085f1b30 49 API calls 62990->62991 62997 7ff6085f1a7a 62990->62997 62992 7ff6085f1a22 62991->62992 62993 7ff6085f3b20 49 API calls 62992->62993 62992->62997 62994 7ff6085f1a3b 62993->62994 63117 7ff6085f17b0 62994->63117 62997->62791 62997->62793 62998 7ff6085ff2ac 74 API calls 62998->62997 63000 7ff6085f7a51 MultiByteToWideChar 62999->63000 63001 7ff6085f7ad7 MultiByteToWideChar 62999->63001 63002 7ff6085f7a9c 63000->63002 63003 7ff6085f7a77 63000->63003 63004 7ff6085f7b1f 63001->63004 63005 7ff6085f7afa 63001->63005 63002->63001 63010 7ff6085f7ab2 63002->63010 63200 7ff6085f2620 57 API calls 2 library calls 63003->63200 63004->62799 63202 7ff6085f2620 57 API calls 2 library calls 63005->63202 63008 7ff6085f7b0d 63008->62799 63009 7ff6085f7a8a 63009->62799 63201 7ff6085f2620 57 API calls 2 library calls 63010->63201 63012 7ff6085f7ac5 63012->62799 63014 7ff6085f5e55 63013->63014 63015 7ff6085f38b0 63014->63015 63203 7ff6085f24d0 59 API calls 3 library calls 63014->63203 63015->62812 63091 7ff6085f5ae0 122 API calls 2 library calls 63015->63091 63204 7ff6085f4960 63017->63204 63020 7ff6085f30fd 63020->62840 63022 7ff6085f30d4 63022->63020 63260 7ff6085f46e0 63022->63260 63024 7ff6085f30e0 63024->63020 63270 7ff6085f4840 63024->63270 63026 7ff6085f30ec 63026->63020 63027 7ff6085f333c 63026->63027 63028 7ff6085f3327 63026->63028 63030 7ff6085f335c 63027->63030 63041 7ff6085f3372 __std_exception_copy 63027->63041 63319 7ff6085f2770 59 API calls 2 library calls 63028->63319 63320 7ff6085f2770 59 API calls 2 library calls 63030->63320 63032 7ff6085fad80 _wfindfirst32i64 8 API calls 63033 7ff6085f34ca 63032->63033 63033->62840 63036 7ff6085f1b30 49 API calls 63036->63041 63037 7ff6085f360b 63325 7ff6085f2770 59 API calls 2 library calls 63037->63325 63039 7ff6085f35e5 63324 7ff6085f2770 59 API calls 2 library calls 63039->63324 63041->63036 63041->63037 63041->63039 63042 7ff6085f34d6 63041->63042 63053 7ff6085f3333 __std_exception_copy 63041->63053 63275 7ff6085f12b0 63041->63275 63321 7ff6085f1780 59 API calls 63041->63321 63043 7ff6085f3542 63042->63043 63322 7ff60860910c 37 API calls 2 library calls 63042->63322 63301 7ff6085f16d0 63043->63301 63047 7ff6085f3569 63323 7ff60860910c 37 API calls 2 library calls 63047->63323 63048 7ff6085f3577 63305 7ff6085f2ea0 63048->63305 63051 7ff6085f3575 63309 7ff6085f23b0 63051->63309 63053->63032 63055 7ff6085f31c4 63054->63055 63061 7ff6085f3183 63054->63061 63056 7ff6085f3203 63055->63056 63528 7ff6085f1ab0 74 API calls __std_exception_copy 63055->63528 63058 7ff6085fad80 _wfindfirst32i64 8 API calls 63056->63058 63059 7ff6085f3215 63058->63059 63059->62824 63061->63055 63472 7ff6085f2990 63061->63472 63527 7ff6085f1440 161 API calls 2 library calls 63061->63527 63529 7ff6085f1780 59 API calls 63061->63529 63064->62844 63066 7ff6085f3cbc 63065->63066 63067 7ff6085f7a30 57 API calls 63066->63067 63068 7ff6085f3ce7 63067->63068 63069 7ff6085f7a30 57 API calls 63068->63069 63070 7ff6085f3cfa 63069->63070 63627 7ff6086054c8 63070->63627 63073 7ff6085fad80 _wfindfirst32i64 8 API calls 63074 7ff6085f37da 63073->63074 63074->62811 63075 7ff6085f7200 63074->63075 63076 7ff6085f7224 63075->63076 63077 7ff6085ff934 73 API calls 63076->63077 63082 7ff6085f72fb __std_exception_copy 63076->63082 63078 7ff6085f723e 63077->63078 63078->63082 63795 7ff608607938 63078->63795 63080 7ff6085ff934 73 API calls 63083 7ff6085f7253 63080->63083 63081 7ff6085ff5fc _fread_nolock 53 API calls 63081->63083 63082->62815 63083->63080 63083->63081 63083->63082 63085 7ff6085ff2dc 63084->63085 63811 7ff6085ff088 63085->63811 63087 7ff6085ff2f5 63087->62811 63088->62844 63089->62794 63090->62844 63091->62817 63092->62823 63093->62833 63094->62841 63095->62812 63097 7ff6085f1b55 63096->63097 63098 7ff608603be4 49 API calls 63097->63098 63099 7ff6085f1b78 63098->63099 63099->62832 63100->62844 63101->62834 63102->62846 63103->62848 63104->62849 63105->62852 63106->62942 63107->62949 63108->62949 63109->62952 63111 7ff6085f3bac GetModuleFileNameW 63110->63111 63111->62957 63111->62958 63112->62961 63113->62962 63114->62961 63115->62978 63116->62981 63118 7ff6085f17d4 63117->63118 63119 7ff6085f17e4 63117->63119 63120 7ff6085f3cb0 116 API calls 63118->63120 63121 7ff6085f7200 83 API calls 63119->63121 63150 7ff6085f1842 63119->63150 63120->63119 63122 7ff6085f1815 63121->63122 63122->63150 63151 7ff6085ff934 63122->63151 63124 7ff6085fad80 _wfindfirst32i64 8 API calls 63126 7ff6085f19c0 63124->63126 63125 7ff6085f182b 63127 7ff6085f182f 63125->63127 63128 7ff6085f184c 63125->63128 63126->62997 63126->62998 63164 7ff6085f24d0 59 API calls 3 library calls 63127->63164 63155 7ff6085ff5fc 63128->63155 63132 7ff6085f1867 63165 7ff6085f24d0 59 API calls 3 library calls 63132->63165 63133 7ff6085ff934 73 API calls 63135 7ff6085f18d1 63133->63135 63136 7ff6085f18e3 63135->63136 63137 7ff6085f18fe 63135->63137 63166 7ff6085f24d0 59 API calls 3 library calls 63136->63166 63138 7ff6085ff5fc _fread_nolock 53 API calls 63137->63138 63140 7ff6085f1913 63138->63140 63140->63132 63141 7ff6085f1925 63140->63141 63158 7ff6085ff370 63141->63158 63144 7ff6085f193d 63167 7ff6085f2770 59 API calls 2 library calls 63144->63167 63146 7ff6085f1993 63147 7ff6085ff2ac 74 API calls 63146->63147 63146->63150 63147->63150 63148 7ff6085f1950 63148->63146 63168 7ff6085f2770 59 API calls 2 library calls 63148->63168 63150->63124 63152 7ff6085ff964 63151->63152 63169 7ff6085ff6c4 63152->63169 63154 7ff6085ff97d 63154->63125 63182 7ff6085ff61c 63155->63182 63159 7ff6085ff379 63158->63159 63160 7ff6085f1939 63158->63160 63198 7ff608604444 11 API calls _get_daylight 63159->63198 63160->63144 63160->63148 63162 7ff6085ff37e 63199 7ff608609db0 37 API calls _invalid_parameter_noinfo 63162->63199 63164->63150 63165->63150 63166->63150 63167->63150 63168->63146 63170 7ff6085ff72e 63169->63170 63171 7ff6085ff6ee 63169->63171 63170->63171 63173 7ff6085ff73a 63170->63173 63181 7ff608609ce4 37 API calls 2 library calls 63171->63181 63180 7ff6086042ec EnterCriticalSection 63173->63180 63174 7ff6085ff715 63174->63154 63176 7ff6085ff73f 63177 7ff6085ff848 71 API calls 63176->63177 63178 7ff6085ff751 63177->63178 63179 7ff6086042f8 _fread_nolock LeaveCriticalSection 63178->63179 63179->63174 63181->63174 63183 7ff6085ff646 63182->63183 63194 7ff6085f1861 63182->63194 63184 7ff6085ff655 __scrt_get_show_window_mode 63183->63184 63185 7ff6085ff692 63183->63185 63183->63194 63196 7ff608604444 11 API calls _get_daylight 63184->63196 63195 7ff6086042ec EnterCriticalSection 63185->63195 63188 7ff6085ff69a 63190 7ff6085ff39c _fread_nolock 51 API calls 63188->63190 63189 7ff6085ff66a 63197 7ff608609db0 37 API calls _invalid_parameter_noinfo 63189->63197 63192 7ff6085ff6b1 63190->63192 63193 7ff6086042f8 _fread_nolock LeaveCriticalSection 63192->63193 63193->63194 63194->63132 63194->63133 63196->63189 63198->63162 63200->63009 63201->63012 63202->63008 63203->63015 63205 7ff6085f4970 63204->63205 63206 7ff6085f1b30 49 API calls 63205->63206 63207 7ff6085f49a2 63206->63207 63208 7ff6085f49cb 63207->63208 63209 7ff6085f49ab 63207->63209 63211 7ff6085f4a22 63208->63211 63326 7ff6085f3d30 63208->63326 63339 7ff6085f2770 59 API calls 2 library calls 63209->63339 63212 7ff6085f3d30 49 API calls 63211->63212 63215 7ff6085f4a3b 63212->63215 63213 7ff6085f49c1 63219 7ff6085fad80 _wfindfirst32i64 8 API calls 63213->63219 63217 7ff6085f4a59 63215->63217 63341 7ff6085f2770 59 API calls 2 library calls 63215->63341 63216 7ff6085f49ec 63218 7ff6085f4a0a 63216->63218 63340 7ff6085f2770 59 API calls 2 library calls 63216->63340 63335 7ff6085f71b0 63217->63335 63329 7ff6085f3c40 63218->63329 63224 7ff6085f30be 63219->63224 63224->63020 63232 7ff6085f4ce0 63224->63232 63225 7ff6085f4a66 63227 7ff6085f4a8d 63225->63227 63228 7ff6085f4a6b 63225->63228 63343 7ff6085f3df0 112 API calls 63227->63343 63342 7ff6085f2620 57 API calls 2 library calls 63228->63342 63231 7ff6085f71b0 58 API calls 63231->63211 63233 7ff6085f6990 61 API calls 63232->63233 63235 7ff6085f4cf5 63233->63235 63234 7ff6085f4d10 63236 7ff6085f7a30 57 API calls 63234->63236 63235->63234 63371 7ff6085f2880 59 API calls 2 library calls 63235->63371 63238 7ff6085f4d54 63236->63238 63239 7ff6085f4d70 63238->63239 63240 7ff6085f4d59 63238->63240 63243 7ff6085f7a30 57 API calls 63239->63243 63372 7ff6085f2770 59 API calls 2 library calls 63240->63372 63242 7ff6085f4d65 63242->63022 63244 7ff6085f4da5 63243->63244 63246 7ff6085f1b30 49 API calls 63244->63246 63258 7ff6085f4daa __std_exception_copy 63244->63258 63248 7ff6085f4e27 63246->63248 63247 7ff6085f4f51 63247->63022 63249 7ff6085f4e53 63248->63249 63250 7ff6085f4e2e 63248->63250 63252 7ff6085f7a30 57 API calls 63249->63252 63373 7ff6085f2770 59 API calls 2 library calls 63250->63373 63254 7ff6085f4e6c 63252->63254 63253 7ff6085f4e43 63253->63022 63254->63258 63344 7ff6085f4ac0 63254->63344 63259 7ff6085f4f3a 63258->63259 63375 7ff6085f2770 59 API calls 2 library calls 63258->63375 63259->63022 63261 7ff6085f46f7 63260->63261 63261->63261 63262 7ff6085f4720 63261->63262 63269 7ff6085f4737 __std_exception_copy 63261->63269 63391 7ff6085f2770 59 API calls 2 library calls 63262->63391 63264 7ff6085f472c 63264->63024 63265 7ff6085f481b 63265->63024 63266 7ff6085f12b0 122 API calls 63266->63269 63269->63265 63269->63266 63392 7ff6085f2770 59 API calls 2 library calls 63269->63392 63393 7ff6085f1780 59 API calls 63269->63393 63272 7ff6085f4947 63270->63272 63273 7ff6085f485b 63270->63273 63272->63026 63273->63272 63274 7ff6085f2770 59 API calls 63273->63274 63394 7ff6085f1780 59 API calls 63273->63394 63274->63273 63276 7ff6085f12f8 63275->63276 63277 7ff6085f12c6 63275->63277 63278 7ff6085ff934 73 API calls 63276->63278 63279 7ff6085f3cb0 116 API calls 63277->63279 63280 7ff6085f130a 63278->63280 63281 7ff6085f12d6 63279->63281 63282 7ff6085f130e 63280->63282 63283 7ff6085f132f 63280->63283 63281->63276 63284 7ff6085f12de 63281->63284 63414 7ff6085f24d0 59 API calls 3 library calls 63282->63414 63289 7ff6085f1364 63283->63289 63290 7ff6085f1344 63283->63290 63413 7ff6085f2770 59 API calls 2 library calls 63284->63413 63287 7ff6085f1325 63287->63041 63288 7ff6085f12ee 63288->63041 63292 7ff6085f1395 63289->63292 63293 7ff6085f137e 63289->63293 63415 7ff6085f24d0 59 API calls 3 library calls 63290->63415 63294 7ff6085f135f __std_exception_copy 63292->63294 63296 7ff6085ff5fc _fread_nolock 53 API calls 63292->63296 63299 7ff6085f13de 63292->63299 63395 7ff6085f1050 63293->63395 63297 7ff6085f1421 63294->63297 63298 7ff6085ff2ac 74 API calls 63294->63298 63296->63292 63297->63041 63298->63297 63416 7ff6085f24d0 59 API calls 3 library calls 63299->63416 63303 7ff6085f16f5 63301->63303 63302 7ff6085f1738 63302->63047 63302->63048 63303->63302 63441 7ff6085f2770 59 API calls 2 library calls 63303->63441 63306 7ff6085f2ed4 63305->63306 63307 7ff6085f303f 63306->63307 63442 7ff60860910c 37 API calls 2 library calls 63306->63442 63307->63051 63310 7ff6085f23e9 63309->63310 63311 7ff6085f23dc 63309->63311 63313 7ff6085f23fe 63310->63313 63314 7ff6085f7a30 57 API calls 63310->63314 63312 7ff6085f7a30 57 API calls 63311->63312 63312->63310 63315 7ff6085f2413 63313->63315 63316 7ff6085f7a30 57 API calls 63313->63316 63314->63313 63443 7ff6085f2240 63315->63443 63316->63315 63318 7ff6085f242f __std_exception_copy 63318->63053 63319->63053 63320->63053 63321->63041 63322->63043 63323->63051 63324->63053 63325->63053 63327 7ff6085f1b30 49 API calls 63326->63327 63328 7ff6085f3d60 63327->63328 63328->63216 63330 7ff6085f3c4a 63329->63330 63331 7ff6085f7a30 57 API calls 63330->63331 63332 7ff6085f3c72 63331->63332 63333 7ff6085fad80 _wfindfirst32i64 8 API calls 63332->63333 63334 7ff6085f3c9a 63333->63334 63334->63211 63334->63231 63336 7ff6085f7a30 57 API calls 63335->63336 63337 7ff6085f71c7 LoadLibraryW 63336->63337 63338 7ff6085f71e4 __std_exception_copy 63337->63338 63338->63225 63339->63213 63340->63218 63341->63217 63342->63213 63343->63213 63351 7ff6085f4ada 63344->63351 63345 7ff6085fad80 _wfindfirst32i64 8 API calls 63346 7ff6085f4cb0 63345->63346 63374 7ff6085f7c30 59 API calls __std_exception_copy 63346->63374 63349 7ff6085f4bf3 63370 7ff6085f4c91 63349->63370 63378 7ff608609184 63349->63378 63351->63349 63353 7ff6085f4cc9 63351->63353 63351->63370 63376 7ff6086056d0 47 API calls 63351->63376 63377 7ff6085f1780 59 API calls 63351->63377 63388 7ff6085f2770 59 API calls 2 library calls 63353->63388 63356 7ff6085f4c16 63357 7ff608609184 _fread_nolock 37 API calls 63356->63357 63358 7ff6085f4c28 63357->63358 63385 7ff6086057dc 39 API calls 3 library calls 63358->63385 63360 7ff6085f4c34 63386 7ff608605d64 73 API calls 63360->63386 63362 7ff6085f4c46 63387 7ff608605d64 73 API calls 63362->63387 63364 7ff6085f4c58 63365 7ff608604f14 71 API calls 63364->63365 63366 7ff6085f4c69 63365->63366 63367 7ff608604f14 71 API calls 63366->63367 63368 7ff6085f4c7d 63367->63368 63369 7ff608604f14 71 API calls 63368->63369 63369->63370 63370->63345 63371->63234 63372->63242 63373->63253 63374->63258 63375->63247 63376->63351 63377->63351 63379 7ff60860918d 63378->63379 63380 7ff6085f4c0a 63378->63380 63389 7ff608604444 11 API calls _get_daylight 63379->63389 63384 7ff6086057dc 39 API calls 3 library calls 63380->63384 63382 7ff608609192 63390 7ff608609db0 37 API calls _invalid_parameter_noinfo 63382->63390 63384->63356 63385->63360 63386->63362 63387->63364 63388->63370 63389->63382 63391->63264 63392->63269 63393->63269 63394->63273 63396 7ff6085f10a6 63395->63396 63397 7ff6085f10d3 63396->63397 63398 7ff6085f10ad 63396->63398 63401 7ff6085f10ed 63397->63401 63402 7ff6085f1109 63397->63402 63421 7ff6085f2770 59 API calls 2 library calls 63398->63421 63400 7ff6085f10c0 63400->63294 63422 7ff6085f24d0 59 API calls 3 library calls 63401->63422 63404 7ff6085f111b 63402->63404 63407 7ff6085f1137 memcpy_s 63402->63407 63423 7ff6085f24d0 59 API calls 3 library calls 63404->63423 63406 7ff6085ff5fc _fread_nolock 53 API calls 63406->63407 63407->63406 63408 7ff6085f1104 __std_exception_copy 63407->63408 63409 7ff6085f11fe 63407->63409 63412 7ff6085ff370 37 API calls 63407->63412 63417 7ff6085ffd3c 63407->63417 63408->63294 63424 7ff6085f2770 59 API calls 2 library calls 63409->63424 63412->63407 63413->63288 63414->63287 63415->63294 63416->63294 63418 7ff6085ffd6c 63417->63418 63425 7ff6085ffa8c 63418->63425 63420 7ff6085ffd8a 63420->63407 63421->63400 63422->63408 63423->63408 63424->63408 63426 7ff6085ffaac 63425->63426 63427 7ff6085ffad9 63425->63427 63426->63427 63428 7ff6085ffae1 63426->63428 63429 7ff6085ffab6 63426->63429 63427->63420 63432 7ff6085ff9cc 63428->63432 63439 7ff608609ce4 37 API calls 2 library calls 63429->63439 63440 7ff6086042ec EnterCriticalSection 63432->63440 63434 7ff6085ff9e9 63435 7ff6085ffa0c 74 API calls 63434->63435 63436 7ff6085ff9f2 63435->63436 63437 7ff6086042f8 _fread_nolock LeaveCriticalSection 63436->63437 63438 7ff6085ff9fd 63437->63438 63438->63427 63439->63427 63441->63302 63442->63307 63444 7ff6085fadb0 63443->63444 63445 7ff6085f2259 GetModuleHandleW 63444->63445 63446 7ff6085f2295 __scrt_get_show_window_mode 63445->63446 63447 7ff6085f2470 48 API calls 63446->63447 63448 7ff6085f22d9 __scrt_get_show_window_mode 63447->63448 63462 7ff608605f44 63448->63462 63451 7ff608605f44 37 API calls 63452 7ff6085f230c 63451->63452 63453 7ff608605f44 37 API calls 63452->63453 63454 7ff6085f2319 DialogBoxIndirectParamW 63453->63454 63455 7ff6085f234f __std_exception_copy 63454->63455 63456 7ff6085f2375 63455->63456 63457 7ff6085f236f DeleteObject 63455->63457 63458 7ff6085f2381 DestroyIcon 63456->63458 63459 7ff6085f2387 63456->63459 63457->63456 63458->63459 63460 7ff6085fad80 _wfindfirst32i64 8 API calls 63459->63460 63461 7ff6085f2398 63460->63461 63461->63318 63463 7ff608605f62 63462->63463 63466 7ff6085f22ff 63462->63466 63463->63466 63470 7ff60860f924 37 API calls 2 library calls 63463->63470 63465 7ff608605f91 63465->63466 63467 7ff608605fb1 63465->63467 63466->63451 63471 7ff608609dd0 17 API calls _wfindfirst32i64 63467->63471 63470->63465 63473 7ff6085f29a6 63472->63473 63474 7ff6085f1b30 49 API calls 63473->63474 63475 7ff6085f29db 63474->63475 63476 7ff6085f3b20 49 API calls 63475->63476 63505 7ff6085f2de1 63475->63505 63477 7ff6085f2a4f 63476->63477 63530 7ff6085f2e00 63477->63530 63480 7ff6085f2a91 63538 7ff6085f6720 98 API calls 63480->63538 63481 7ff6085f2aca 63483 7ff6085f2e00 75 API calls 63481->63483 63485 7ff6085f2b1c 63483->63485 63484 7ff6085f2a99 63492 7ff6085f2aba 63484->63492 63539 7ff6085f6600 138 API calls 2 library calls 63484->63539 63486 7ff6085f2b20 63485->63486 63487 7ff6085f2b86 63485->63487 63540 7ff6085f6720 98 API calls 63486->63540 63491 7ff6085f2e00 75 API calls 63487->63491 63493 7ff6085f2bb2 63491->63493 63495 7ff6085f2ac3 63492->63495 63542 7ff6085f2770 59 API calls 2 library calls 63492->63542 63496 7ff6085f2c12 63493->63496 63497 7ff6085f2e00 75 API calls 63493->63497 63494 7ff6085f2b28 63494->63492 63541 7ff6085f6600 138 API calls 2 library calls 63494->63541 63500 7ff6085fad80 _wfindfirst32i64 8 API calls 63495->63500 63496->63505 63543 7ff6085f6720 98 API calls 63496->63543 63501 7ff6085f2be2 63497->63501 63503 7ff6085f2b7b 63500->63503 63501->63496 63506 7ff6085f2e00 75 API calls 63501->63506 63502 7ff6085f2b45 63502->63492 63504 7ff6085f2dc6 63502->63504 63503->63061 63547 7ff6085f2770 59 API calls 2 library calls 63504->63547 63506->63496 63507 7ff6085f1af0 59 API calls 63509 7ff6085f2c7f 63507->63509 63508 7ff6085f2c22 63508->63505 63508->63507 63520 7ff6085f2d3f 63508->63520 63509->63505 63512 7ff6085f1b30 49 API calls 63509->63512 63511 7ff6085f2d3a 63548 7ff6085f1ab0 74 API calls __std_exception_copy 63511->63548 63514 7ff6085f2ca7 63512->63514 63514->63504 63516 7ff6085f1b30 49 API calls 63514->63516 63515 7ff6085f2dab 63515->63504 63546 7ff6085f1440 161 API calls 2 library calls 63515->63546 63517 7ff6085f2cd4 63516->63517 63517->63504 63519 7ff6085f1b30 49 API calls 63517->63519 63521 7ff6085f2d01 63519->63521 63520->63515 63545 7ff6085f1780 59 API calls 63520->63545 63521->63504 63523 7ff6085f17b0 121 API calls 63521->63523 63524 7ff6085f2d23 63523->63524 63524->63520 63525 7ff6085f2d27 63524->63525 63544 7ff6085f2770 59 API calls 2 library calls 63525->63544 63527->63061 63528->63055 63529->63061 63531 7ff6085f2e34 63530->63531 63549 7ff608603be4 63531->63549 63534 7ff6085f2e6b 63536 7ff6085fad80 _wfindfirst32i64 8 API calls 63534->63536 63537 7ff6085f2a8d 63536->63537 63537->63480 63537->63481 63538->63484 63539->63492 63540->63494 63541->63502 63542->63495 63543->63508 63544->63511 63545->63520 63546->63515 63547->63511 63548->63505 63552 7ff608603c3e 63549->63552 63550 7ff608603c63 63584 7ff608609ce4 37 API calls 2 library calls 63550->63584 63551 7ff608603c9f 63585 7ff608601e70 49 API calls _invalid_parameter_noinfo 63551->63585 63552->63550 63552->63551 63555 7ff608603c8d 63557 7ff6085fad80 _wfindfirst32i64 8 API calls 63555->63557 63556 7ff608603d7c 63588 7ff608609e18 11 API calls 2 library calls 63556->63588 63560 7ff6085f2e5a 63557->63560 63559 7ff608603d36 63559->63556 63561 7ff608603d51 63559->63561 63562 7ff608603da0 63559->63562 63565 7ff608603d48 63559->63565 63560->63534 63567 7ff608604e08 63560->63567 63586 7ff608609e18 11 API calls 2 library calls 63561->63586 63562->63556 63563 7ff608603daa 63562->63563 63587 7ff608609e18 11 API calls 2 library calls 63563->63587 63565->63556 63565->63561 63568 7ff608604e25 63567->63568 63569 7ff608604e31 63567->63569 63589 7ff608604680 63568->63589 63614 7ff608604a1c 45 API calls __FrameHandler3::FrameUnwindToEmptyState 63569->63614 63572 7ff608604e59 63576 7ff608604e69 63572->63576 63615 7ff60860dfcc 5 API calls __crtLCMapStringW 63572->63615 63575 7ff608604ec1 63577 7ff608604ec5 63575->63577 63578 7ff608604ed9 63575->63578 63616 7ff608604504 14 API calls 3 library calls 63576->63616 63579 7ff608604e2a 63577->63579 63617 7ff608609e18 11 API calls 2 library calls 63577->63617 63580 7ff608604680 69 API calls 63578->63580 63579->63534 63582 7ff608604ee5 63580->63582 63582->63579 63618 7ff608609e18 11 API calls 2 library calls 63582->63618 63584->63555 63585->63559 63586->63555 63587->63555 63588->63555 63590 7ff60860469a 63589->63590 63591 7ff6086046b7 63589->63591 63619 7ff608604424 11 API calls _get_daylight 63590->63619 63591->63590 63593 7ff6086046ca CreateFileW 63591->63593 63594 7ff608604734 63593->63594 63595 7ff6086046fe 63593->63595 63623 7ff608604cf8 46 API calls 3 library calls 63594->63623 63622 7ff6086047d4 59 API calls 3 library calls 63595->63622 63596 7ff60860469f 63620 7ff608604444 11 API calls _get_daylight 63596->63620 63600 7ff60860470c 63603 7ff608604713 CloseHandle 63600->63603 63604 7ff608604729 CloseHandle 63600->63604 63601 7ff608604739 63605 7ff60860473d 63601->63605 63606 7ff608604768 63601->63606 63602 7ff6086046a7 63621 7ff608609db0 37 API calls _invalid_parameter_noinfo 63602->63621 63608 7ff6086046b2 63603->63608 63604->63608 63624 7ff6086043b8 11 API calls 2 library calls 63605->63624 63625 7ff608604ab8 51 API calls 63606->63625 63608->63579 63611 7ff608604775 63626 7ff608604bf4 21 API calls _fread_nolock 63611->63626 63613 7ff608604747 63613->63608 63614->63572 63615->63576 63616->63575 63617->63579 63618->63579 63619->63596 63620->63602 63622->63600 63623->63601 63624->63613 63625->63611 63626->63613 63628 7ff6086053fc 63627->63628 63629 7ff608605422 63628->63629 63631 7ff608605455 63628->63631 63658 7ff608604444 11 API calls _get_daylight 63629->63658 63633 7ff60860545b 63631->63633 63634 7ff608605468 63631->63634 63632 7ff608605427 63659 7ff608609db0 37 API calls _invalid_parameter_noinfo 63632->63659 63660 7ff608604444 11 API calls _get_daylight 63633->63660 63646 7ff60860a0f8 63634->63646 63638 7ff6085f3d09 63638->63073 63640 7ff60860547c 63661 7ff608604444 11 API calls _get_daylight 63640->63661 63641 7ff608605489 63653 7ff60860f49c 63641->63653 63644 7ff60860549c 63662 7ff6086042f8 LeaveCriticalSection 63644->63662 63663 7ff60860f788 EnterCriticalSection 63646->63663 63648 7ff60860a10f 63649 7ff60860a16c 19 API calls 63648->63649 63650 7ff60860a11a 63649->63650 63651 7ff60860f7e8 _isindst LeaveCriticalSection 63650->63651 63652 7ff608605472 63651->63652 63652->63640 63652->63641 63664 7ff60860f198 63653->63664 63656 7ff60860f4f6 63656->63644 63658->63632 63660->63638 63661->63638 63665 7ff60860f1d3 __vcrt_FlsAlloc 63664->63665 63674 7ff60860f39a 63665->63674 63679 7ff608615474 51 API calls 3 library calls 63665->63679 63667 7ff60860f471 63683 7ff608609db0 37 API calls _invalid_parameter_noinfo 63667->63683 63669 7ff60860f3a3 63669->63656 63676 7ff60861615c 63669->63676 63671 7ff60860f405 63671->63674 63680 7ff608615474 51 API calls 3 library calls 63671->63680 63673 7ff60860f424 63673->63674 63681 7ff608615474 51 API calls 3 library calls 63673->63681 63674->63669 63682 7ff608604444 11 API calls _get_daylight 63674->63682 63684 7ff60861575c 63676->63684 63679->63671 63680->63673 63681->63674 63682->63667 63685 7ff608615773 63684->63685 63688 7ff608615791 63684->63688 63738 7ff608604444 11 API calls _get_daylight 63685->63738 63687 7ff6086157ad 63695 7ff608615d6c 63687->63695 63688->63685 63688->63687 63689 7ff608615778 63739 7ff608609db0 37 API calls _invalid_parameter_noinfo 63689->63739 63693 7ff608615784 63693->63656 63741 7ff608615aa0 63695->63741 63698 7ff608615df9 63761 7ff608606cfc 63698->63761 63699 7ff608615de1 63773 7ff608604424 11 API calls _get_daylight 63699->63773 63702 7ff608615de6 63774 7ff608604444 11 API calls _get_daylight 63702->63774 63730 7ff6086157d8 63730->63693 63740 7ff608606cd4 LeaveCriticalSection 63730->63740 63738->63689 63742 7ff608615acc 63741->63742 63748 7ff608615ae6 63741->63748 63742->63748 63786 7ff608604444 11 API calls _get_daylight 63742->63786 63744 7ff608615adb 63787 7ff608609db0 37 API calls _invalid_parameter_noinfo 63744->63787 63746 7ff608615bb5 63754 7ff608615c12 63746->63754 63792 7ff60860576c 37 API calls 2 library calls 63746->63792 63747 7ff608615b64 63747->63746 63790 7ff608604444 11 API calls _get_daylight 63747->63790 63748->63747 63788 7ff608604444 11 API calls _get_daylight 63748->63788 63751 7ff608615c0e 63751->63754 63755 7ff608615c90 63751->63755 63753 7ff608615baa 63791 7ff608609db0 37 API calls _invalid_parameter_noinfo 63753->63791 63754->63698 63754->63699 63793 7ff608609dd0 17 API calls _wfindfirst32i64 63755->63793 63756 7ff608615b59 63789 7ff608609db0 37 API calls _invalid_parameter_noinfo 63756->63789 63794 7ff60860f788 EnterCriticalSection 63761->63794 63773->63702 63774->63730 63786->63744 63788->63756 63790->63753 63792->63751 63796 7ff608607968 63795->63796 63799 7ff608607444 63796->63799 63798 7ff608607981 63798->63083 63800 7ff60860745f 63799->63800 63801 7ff60860748e 63799->63801 63810 7ff608609ce4 37 API calls 2 library calls 63800->63810 63809 7ff6086042ec EnterCriticalSection 63801->63809 63804 7ff608607493 63806 7ff6086074b0 38 API calls 63804->63806 63805 7ff60860747f 63805->63798 63807 7ff60860749f 63806->63807 63808 7ff6086042f8 _fread_nolock LeaveCriticalSection 63807->63808 63808->63805 63810->63805 63812 7ff6085ff0a3 63811->63812 63814 7ff6085ff0d1 63811->63814 63822 7ff608609ce4 37 API calls 2 library calls 63812->63822 63815 7ff6085ff0c3 63814->63815 63821 7ff6086042ec EnterCriticalSection 63814->63821 63815->63087 63817 7ff6085ff0e8 63818 7ff6085ff104 72 API calls 63817->63818 63819 7ff6085ff0f4 63818->63819 63820 7ff6086042f8 _fread_nolock LeaveCriticalSection 63819->63820 63820->63815 63822->63815 63823 7ff608608554 63824 7ff608608564 63823->63824 63827 7ff60860856d 63823->63827 63824->63827 63829 7ff608608064 63824->63829 63830 7ff60860807d 63829->63830 63841 7ff608608079 63829->63841 63843 7ff608611b7c GetEnvironmentStringsW 63830->63843 63833 7ff60860808a 63869 7ff608609e18 11 API calls 2 library calls 63833->63869 63834 7ff608608096 63850 7ff6086081e4 63834->63850 63839 7ff6086080bd 63871 7ff608609e18 11 API calls 2 library calls 63839->63871 63841->63827 63842 7ff608608424 12 API calls 3 library calls 63841->63842 63842->63827 63844 7ff608611ba0 63843->63844 63845 7ff608608082 63843->63845 63846 7ff60860cacc _fread_nolock 12 API calls 63844->63846 63845->63833 63845->63834 63848 7ff608611bd7 memcpy_s 63846->63848 63872 7ff608609e18 11 API calls 2 library calls 63848->63872 63849 7ff608611bf7 FreeEnvironmentStringsW 63849->63845 63851 7ff60860820c 63850->63851 63873 7ff60860dd40 63851->63873 63854 7ff60860809e 63870 7ff608609e18 11 API calls 2 library calls 63854->63870 63855 7ff6086082c9 63885 7ff608609e18 11 API calls 2 library calls 63855->63885 63857 7ff60860dd40 _get_daylight 11 API calls 63862 7ff608608247 63857->63862 63858 7ff6086082b8 63883 7ff608608300 11 API calls __free_lconv_mon 63858->63883 63861 7ff6086082c0 63884 7ff608609e18 11 API calls 2 library calls 63861->63884 63862->63855 63862->63857 63862->63858 63863 7ff6086082ec 63862->63863 63866 7ff60860824f 63862->63866 63881 7ff60860f924 37 API calls 2 library calls 63862->63881 63882 7ff608609e18 11 API calls 2 library calls 63862->63882 63886 7ff608609dd0 17 API calls _wfindfirst32i64 63863->63886 63880 7ff608609e18 11 API calls 2 library calls 63866->63880 63869->63841 63870->63839 63871->63841 63872->63849 63874 7ff60860dd51 _get_daylight 63873->63874 63875 7ff60860dda2 63874->63875 63876 7ff60860dd86 RtlAllocateHeap 63874->63876 63887 7ff6086126b0 EnterCriticalSection LeaveCriticalSection _get_daylight 63874->63887 63888 7ff608604444 11 API calls _get_daylight 63875->63888 63876->63874 63877 7ff60860dda0 63876->63877 63877->63862 63880->63854 63881->63862 63882->63862 63883->63861 63884->63866 63885->63854 63887->63874 63888->63877 63889 7ffdfaddf490 GetSystemInfo 63890 7ffdfaddf4c4 63889->63890

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00007FF6085F1B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                • API String ID: 2446303242-1601438679
                                                                                                                                                                                • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                • Instruction ID: 0094441d0e61b526b175255470181fd204f10e98dc550e1b08635db8f20cad3b
                                                                                                                                                                                • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                • Instruction Fuzzy Hash: 2FA18A32219B9187EB14CF61E58479AB370F788B95F60412AEB8D83B25CF3DE165CB44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608615D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 262 7ff608615d6c-7ff608615ddf call 7ff608615aa0 265 7ff608615df9-7ff608615e03 call 7ff608606cfc 262->265 266 7ff608615de1-7ff608615dea call 7ff608604424 262->266 271 7ff608615e1e-7ff608615e87 CreateFileW 265->271 272 7ff608615e05-7ff608615e1c call 7ff608604424 call 7ff608604444 265->272 273 7ff608615ded-7ff608615df4 call 7ff608604444 266->273 275 7ff608615e89-7ff608615e8f 271->275 276 7ff608615f04-7ff608615f0f GetFileType 271->276 272->273 289 7ff60861613a-7ff60861615a 273->289 279 7ff608615ed1-7ff608615eff GetLastError call 7ff6086043b8 275->279 280 7ff608615e91-7ff608615e95 275->280 282 7ff608615f11-7ff608615f4c GetLastError call 7ff6086043b8 CloseHandle 276->282 283 7ff608615f62-7ff608615f69 276->283 279->273 280->279 287 7ff608615e97-7ff608615ecf CreateFileW 280->287 282->273 296 7ff608615f52-7ff608615f5d call 7ff608604444 282->296 285 7ff608615f6b-7ff608615f6f 283->285 286 7ff608615f71-7ff608615f74 283->286 292 7ff608615f7a-7ff608615fcf call 7ff608606c14 285->292 286->292 293 7ff608615f76 286->293 287->276 287->279 301 7ff608615fee-7ff60861601f call 7ff608615820 292->301 302 7ff608615fd1-7ff608615fdd call 7ff608615ca8 292->302 293->292 296->273 307 7ff608616021-7ff608616023 301->307 308 7ff608616025-7ff608616067 301->308 302->301 309 7ff608615fdf 302->309 310 7ff608615fe1-7ff608615fe9 call 7ff608609f90 307->310 311 7ff608616089-7ff608616094 308->311 312 7ff608616069-7ff60861606d 308->312 309->310 310->289 314 7ff608616138 311->314 315 7ff60861609a-7ff60861609e 311->315 312->311 313 7ff60861606f-7ff608616084 312->313 313->311 314->289 315->314 318 7ff6086160a4-7ff6086160e9 CloseHandle CreateFileW 315->318 319 7ff6086160eb-7ff608616119 GetLastError call 7ff6086043b8 call 7ff608606e3c 318->319 320 7ff60861611e-7ff608616133 318->320 319->320 320->314
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                • Instruction ID: ac482f640f924cea31d6770aef09407ad56fa8b615f90428cf31074cdd2e86b6
                                                                                                                                                                                • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                • Instruction Fuzzy Hash: 44C1C136B38A4185EB10CFB9C4956AD7761FB88BA8B260235EF1E97396CF38D051D704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAC1E1A0 Relevance: 6.9, APIs: 4, Instructions: 889librarymemoryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909443806.00007FFDFAC1E000.00000080.00000001.01000000.00000033.sdmp, Offset: 00007FFDFA9D0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909095728.00007FFDFA9D0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFA9D1000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAB78000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAB88000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAB91000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFABA1000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFABDC000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAC00000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAC08000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909115683.00007FFDFAC1C000.00000040.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909463523.00007FFDFAC1F000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfa9d0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3300690313-0
                                                                                                                                                                                • Opcode ID: 6b3173478ca9b23886ce1f47d2f3096a26882c4040b13926778e198bef896045
                                                                                                                                                                                • Instruction ID: f2f19148745dcad14f3004907bead0b09ec044d4c91d2e9852ce73c288a803b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 6b3173478ca9b23886ce1f47d2f3096a26882c4040b13926778e198bef896045
                                                                                                                                                                                • Instruction Fuzzy Hash: 6062273672819296E7198F38D86467D7BD0FB48785F045532EAAEC37C8EA7CEA45C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFADDF490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                • Opcode ID: 1d4a23596340e2b851e9cbd1cd717de596e1e73bc4475c85f957dec04d105ea9
                                                                                                                                                                                • Instruction ID: 71852ef054046c298a27e78735fc6dc4d992dff63f5c80f04adbd85476a4e064
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d4a23596340e2b851e9cbd1cd717de596e1e73bc4475c85f957dec04d105ea9
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EA1E924B09B4381EF9C8B45AC30A7422D4FF59B54F540AB9DD3E0B7E8EF7CA4918260
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F17B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                • API String ID: 2153230061-4158440160
                                                                                                                                                                                • Opcode ID: a51251cad8bdd6f63eb086e2266c1bc7e38ea0287e8a6b25b4250ed1431c47e8
                                                                                                                                                                                • Instruction ID: 4c30eb5468f9082379aeb6ef1b9fc2422e6dc533fb0d5abcedba9d294eaa14fa
                                                                                                                                                                                • Opcode Fuzzy Hash: a51251cad8bdd6f63eb086e2266c1bc7e38ea0287e8a6b25b4250ed1431c47e8
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F519E72A5AA02C2EF96CF34D55017833A1EF58B58B658135EA0DC779ADF3CE540CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                • String ID: P%
                                                                                                                                                                                • API String ID: 2147705588-2959514604
                                                                                                                                                                                • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                • Instruction ID: 469a5111ce7bce764d5b7d8773c9e09269bd69c6788f0630fc8c20a666ca3aaa
                                                                                                                                                                                • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A511826618BA186DA34DF32E4181BAB7A1FB98B66F004121EFCF83685DF3CD045DB14
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                • API String ID: 2030045667-3659356012
                                                                                                                                                                                • Opcode ID: 245357677abfff42803318754e30a7ecadaccb2c2f5a99fa632ccfeab3cb2070
                                                                                                                                                                                • Instruction ID: ba0a635dd327d8225eef5192e4e2e100840870fc2e304edf39fc82b04f874bfd
                                                                                                                                                                                • Opcode Fuzzy Hash: 245357677abfff42803318754e30a7ecadaccb2c2f5a99fa632ccfeab3cb2070
                                                                                                                                                                                • Instruction Fuzzy Hash: D841B361B99A42C1EE56DB31E4002BA73A0FF64794F654431DE4D87B46EE3CE542D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 325 7ff6085f1000-7ff6085f3686 call 7ff6085ff080 call 7ff6085ff078 call 7ff6085f7600 call 7ff6085ff078 call 7ff6085fadb0 call 7ff608604270 call 7ff608604f14 call 7ff6085f1af0 343 7ff6085f368c-7ff6085f369b call 7ff6085f3ba0 325->343 344 7ff6085f379a 325->344 343->344 349 7ff6085f36a1-7ff6085f36b4 call 7ff6085f3a70 343->349 346 7ff6085f379f-7ff6085f37bf call 7ff6085fad80 344->346 349->344 353 7ff6085f36ba-7ff6085f36cd call 7ff6085f3b20 349->353 353->344 356 7ff6085f36d3-7ff6085f36fa call 7ff6085f6990 353->356 359 7ff6085f373c-7ff6085f3764 call 7ff6085f6f90 call 7ff6085f19d0 356->359 360 7ff6085f36fc-7ff6085f370b call 7ff6085f6990 356->360 370 7ff6085f384d-7ff6085f385e 359->370 371 7ff6085f376a-7ff6085f3780 call 7ff6085f19d0 359->371 360->359 366 7ff6085f370d-7ff6085f3713 360->366 368 7ff6085f3715-7ff6085f371d 366->368 369 7ff6085f371f-7ff6085f3739 call 7ff60860409c call 7ff6085f6f90 366->369 368->369 369->359 375 7ff6085f3873-7ff6085f388b call 7ff6085f7a30 370->375 376 7ff6085f3860-7ff6085f386a call 7ff6085f3280 370->376 384 7ff6085f3782-7ff6085f3795 call 7ff6085f2770 371->384 385 7ff6085f37c0-7ff6085f37c3 371->385 389 7ff6085f389e-7ff6085f38a5 SetDllDirectoryW 375->389 390 7ff6085f388d-7ff6085f3899 call 7ff6085f2770 375->390 387 7ff6085f386c 376->387 388 7ff6085f38ab-7ff6085f38b8 call 7ff6085f5e40 376->388 384->344 385->370 386 7ff6085f37c9-7ff6085f37e0 call 7ff6085f3cb0 385->386 398 7ff6085f37e2-7ff6085f37e5 386->398 399 7ff6085f37e7-7ff6085f3813 call 7ff6085f7200 386->399 387->375 400 7ff6085f38ba-7ff6085f38ca call 7ff6085f5ae0 388->400 401 7ff6085f3906-7ff6085f390b call 7ff6085f5dc0 388->401 389->388 390->344 402 7ff6085f3822-7ff6085f3838 call 7ff6085f2770 398->402 411 7ff6085f3815-7ff6085f381d call 7ff6085ff2ac 399->411 412 7ff6085f383d-7ff6085f384b 399->412 400->401 410 7ff6085f38cc-7ff6085f38db call 7ff6085f5640 400->410 408 7ff6085f3910-7ff6085f3913 401->408 402->344 414 7ff6085f3919-7ff6085f3926 408->414 415 7ff6085f39c6-7ff6085f39ce call 7ff6085f3110 408->415 427 7ff6085f38fc-7ff6085f3901 call 7ff6085f5890 410->427 428 7ff6085f38dd-7ff6085f38e9 call 7ff6085f55d0 410->428 411->402 412->376 419 7ff6085f3930-7ff6085f393a 414->419 423 7ff6085f39d3-7ff6085f39d5 415->423 420 7ff6085f3943-7ff6085f3945 419->420 421 7ff6085f393c-7ff6085f3941 419->421 425 7ff6085f3991-7ff6085f399c call 7ff6085f3270 call 7ff6085f30b0 420->425 426 7ff6085f3947-7ff6085f396a call 7ff6085f1b30 420->426 421->419 421->420 423->344 429 7ff6085f39db-7ff6085f3a12 call 7ff6085f6f20 call 7ff6085f6990 call 7ff6085f53e0 423->429 446 7ff6085f39a1-7ff6085f39c1 call 7ff6085f3260 call 7ff6085f5890 call 7ff6085f5dc0 425->446 426->344 439 7ff6085f3970-7ff6085f397b 426->439 427->401 428->427 440 7ff6085f38eb-7ff6085f38fa call 7ff6085f5c90 428->440 429->344 452 7ff6085f3a18-7ff6085f3a4d call 7ff6085f3270 call 7ff6085f6fd0 call 7ff6085f5890 call 7ff6085f5dc0 429->452 443 7ff6085f3980-7ff6085f398f 439->443 440->408 443->425 443->443 446->346 465 7ff6085f3a4f-7ff6085f3a52 call 7ff6085f6c90 452->465 466 7ff6085f3a57-7ff6085f3a61 call 7ff6085f1ab0 452->466 465->466 466->346
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FF6085F3BA0: GetModuleFileNameW.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F3BD1
                                                                                                                                                                                • SetDllDirectoryW.KERNEL32 ref: 00007FF6085F38A5
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: GetEnvironmentVariableW.KERNEL32(00007FF6085F36E7), ref: 00007FF6085F69CA
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6085F69E7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                • API String ID: 2344891160-3602715111
                                                                                                                                                                                • Opcode ID: 12cd52130297aa365b88c15a9fb90bb519ecac815a0313e67c04479b8fa289d8
                                                                                                                                                                                • Instruction ID: 9a2e49606680afb0e39775bcdfc6e453eb60039a1e293824f0024f0e1cd54bb1
                                                                                                                                                                                • Opcode Fuzzy Hash: 12cd52130297aa365b88c15a9fb90bb519ecac815a0313e67c04479b8fa289d8
                                                                                                                                                                                • Instruction Fuzzy Hash: 67B19321A5EA8341FEA2EB3195511FD2791BF64784F644131EA4DC7797EF2CE604C708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 470 7ff6085f1050-7ff6085f10ab call 7ff6085fa610 473 7ff6085f10d3-7ff6085f10eb call 7ff6086040b0 470->473 474 7ff6085f10ad-7ff6085f10d2 call 7ff6085f2770 470->474 479 7ff6085f10ed-7ff6085f1104 call 7ff6085f24d0 473->479 480 7ff6085f1109-7ff6085f1119 call 7ff6086040b0 473->480 487 7ff6085f126c-7ff6085f12a0 call 7ff6085fa2f0 call 7ff60860409c * 2 479->487 485 7ff6085f111b-7ff6085f1132 call 7ff6085f24d0 480->485 486 7ff6085f1137-7ff6085f1147 480->486 485->487 489 7ff6085f1150-7ff6085f1175 call 7ff6085ff5fc 486->489 496 7ff6085f125e 489->496 497 7ff6085f117b-7ff6085f1185 call 7ff6085ff370 489->497 499 7ff6085f1264 496->499 497->496 504 7ff6085f118b-7ff6085f1197 497->504 499->487 505 7ff6085f11a0-7ff6085f11c8 call 7ff6085f8a60 504->505 508 7ff6085f1241-7ff6085f125c call 7ff6085f2770 505->508 509 7ff6085f11ca-7ff6085f11cd 505->509 508->499 510 7ff6085f11cf-7ff6085f11d9 509->510 511 7ff6085f123c 509->511 513 7ff6085f1203-7ff6085f1206 510->513 514 7ff6085f11db-7ff6085f11e8 call 7ff6085ffd3c 510->514 511->508 517 7ff6085f1208-7ff6085f1216 call 7ff6085fbb60 513->517 518 7ff6085f1219-7ff6085f121e 513->518 519 7ff6085f11ed-7ff6085f11f0 514->519 517->518 518->505 521 7ff6085f1220-7ff6085f1223 518->521 522 7ff6085f11f2-7ff6085f11fc call 7ff6085ff370 519->522 523 7ff6085f11fe-7ff6085f1201 519->523 525 7ff6085f1225-7ff6085f1228 521->525 526 7ff6085f1237-7ff6085f123a 521->526 522->518 522->523 523->508 525->508 527 7ff6085f122a-7ff6085f1232 525->527 526->499 527->489
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                • API String ID: 2030045667-1655038675
                                                                                                                                                                                • Opcode ID: 3a9efce4b36fbb84d92241327b306a502c211f54b2ef6d5cc631e41fdb8183c2
                                                                                                                                                                                • Instruction ID: b897070a194e6086e6ebd6a355cc177a7bbf1ecc6a102f75841e28ec1bb89243
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a9efce4b36fbb84d92241327b306a502c211f54b2ef6d5cc631e41fdb8183c2
                                                                                                                                                                                • Instruction Fuzzy Hash: BF51F722A8DA4281EAA2DB72E4403BA7291FB54794F644131EE4DC3787EF3CE544C748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 530 7ff60860af2c-7ff60860af52 531 7ff60860af6d-7ff60860af71 530->531 532 7ff60860af54-7ff60860af68 call 7ff608604424 call 7ff608604444 530->532 534 7ff60860b347-7ff60860b353 call 7ff608604424 call 7ff608604444 531->534 535 7ff60860af77-7ff60860af7e 531->535 548 7ff60860b35e 532->548 551 7ff60860b359 call 7ff608609db0 534->551 535->534 537 7ff60860af84-7ff60860afb2 535->537 537->534 540 7ff60860afb8-7ff60860afbf 537->540 543 7ff60860afd8-7ff60860afdb 540->543 544 7ff60860afc1-7ff60860afd3 call 7ff608604424 call 7ff608604444 540->544 546 7ff60860afe1-7ff60860afe7 543->546 547 7ff60860b343-7ff60860b345 543->547 544->551 546->547 553 7ff60860afed-7ff60860aff0 546->553 552 7ff60860b361-7ff60860b378 547->552 548->552 551->548 553->544 557 7ff60860aff2-7ff60860b017 553->557 559 7ff60860b019-7ff60860b01b 557->559 560 7ff60860b04a-7ff60860b051 557->560 563 7ff60860b01d-7ff60860b024 559->563 564 7ff60860b042-7ff60860b048 559->564 561 7ff60860b026-7ff60860b03d call 7ff608604424 call 7ff608604444 call 7ff608609db0 560->561 562 7ff60860b053-7ff60860b07b call 7ff60860cacc call 7ff608609e18 * 2 560->562 596 7ff60860b1d0 561->596 591 7ff60860b098-7ff60860b0c3 call 7ff60860b754 562->591 592 7ff60860b07d-7ff60860b093 call 7ff608604444 call 7ff608604424 562->592 563->561 563->564 565 7ff60860b0c8-7ff60860b0df 564->565 568 7ff60860b15a-7ff60860b164 call 7ff608612a3c 565->568 569 7ff60860b0e1-7ff60860b0e9 565->569 582 7ff60860b16a-7ff60860b17f 568->582 583 7ff60860b1ee 568->583 569->568 572 7ff60860b0eb-7ff60860b0ed 569->572 572->568 576 7ff60860b0ef-7ff60860b105 572->576 576->568 580 7ff60860b107-7ff60860b113 576->580 580->568 585 7ff60860b115-7ff60860b117 580->585 582->583 588 7ff60860b181-7ff60860b193 GetConsoleMode 582->588 587 7ff60860b1f3-7ff60860b213 ReadFile 583->587 585->568 590 7ff60860b119-7ff60860b131 585->590 593 7ff60860b219-7ff60860b221 587->593 594 7ff60860b30d-7ff60860b316 GetLastError 587->594 588->583 595 7ff60860b195-7ff60860b19d 588->595 590->568 601 7ff60860b133-7ff60860b13f 590->601 591->565 592->596 593->594 603 7ff60860b227 593->603 598 7ff60860b318-7ff60860b32e call 7ff608604444 call 7ff608604424 594->598 599 7ff60860b333-7ff60860b336 594->599 595->587 597 7ff60860b19f-7ff60860b1c1 ReadConsoleW 595->597 600 7ff60860b1d3-7ff60860b1dd call 7ff608609e18 596->600 605 7ff60860b1e2-7ff60860b1ec 597->605 606 7ff60860b1c3 GetLastError 597->606 598->596 610 7ff60860b1c9-7ff60860b1cb call 7ff6086043b8 599->610 611 7ff60860b33c-7ff60860b33e 599->611 600->552 601->568 609 7ff60860b141-7ff60860b143 601->609 613 7ff60860b22e-7ff60860b243 603->613 605->613 606->610 609->568 618 7ff60860b145-7ff60860b155 609->618 610->596 611->600 613->600 620 7ff60860b245-7ff60860b250 613->620 618->568 623 7ff60860b277-7ff60860b27f 620->623 624 7ff60860b252-7ff60860b26b call 7ff60860ab44 620->624 626 7ff60860b2fb-7ff60860b308 call 7ff60860a984 623->626 627 7ff60860b281-7ff60860b293 623->627 630 7ff60860b270-7ff60860b272 624->630 626->630 631 7ff60860b2ee-7ff60860b2f6 627->631 632 7ff60860b295 627->632 630->600 631->600 634 7ff60860b29a-7ff60860b2a1 632->634 635 7ff60860b2dd-7ff60860b2e8 634->635 636 7ff60860b2a3-7ff60860b2a7 634->636 635->631 637 7ff60860b2a9-7ff60860b2b0 636->637 638 7ff60860b2c3 636->638 637->638 639 7ff60860b2b2-7ff60860b2b6 637->639 640 7ff60860b2c9-7ff60860b2d9 638->640 639->638 641 7ff60860b2b8-7ff60860b2c1 639->641 640->634 642 7ff60860b2db 640->642 641->640 642->631
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 8a7ea174922ab27a82e47f0acd7f2615962b6b10b7015f8922ec8bcf0adb8b6c
                                                                                                                                                                                • Instruction ID: 7e504ce691ef2e12c1426cf0df0e75d0c6b23b06eb368415b356633400b6e74a
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a7ea174922ab27a82e47f0acd7f2615962b6b10b7015f8922ec8bcf0adb8b6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 1FC1C52292C78681E660DB3594402BF6B91EF81B91F778131FA4D87792DF7CE845AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                • String ID: Unhandled exception in script
                                                                                                                                                                                • API String ID: 3081866767-2699770090
                                                                                                                                                                                • Opcode ID: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                                                                                                                                                • Instruction ID: 9f1dcd61890613e4c5e3848cad22dae1ae820f557310724eee617ae07ed545b6
                                                                                                                                                                                • Opcode Fuzzy Hash: fcf731bf2ceca6e070dbdbaa780c49a73cf052ed135755c936a54f607c2ce467
                                                                                                                                                                                • Instruction Fuzzy Hash: 56317372A19A8285EB21DF71E8551EA6360FF48788F540135FA4ECBB56DF3CD145CB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1452418845-0
                                                                                                                                                                                • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                • Instruction ID: 8e2fdf99a86e9435233f719f4b67b25bb97e833c1a5f7c8675abf9f09b20bb07
                                                                                                                                                                                • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                • Instruction Fuzzy Hash: B9318C11E9C103C1FE96EBB4D4553BE2391AF613A4FA54034E90ECB6D7DE2CA805924E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608604680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                • Opcode ID: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                                                                                                                                                • Instruction ID: d997f9a9d01b4e5dd4744aa90bdbb9795b413966a7ff174275d91b14cddefa73
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                                                                                                                                                • Instruction Fuzzy Hash: F041B522D2878183E764DB71950037A6360FB957A8F219334F75C83AD6DF6CA5E09B0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1956198572-0
                                                                                                                                                                                • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                • Instruction ID: e679da842bab25467dcbc1ce14ae1812745cb70a61c10556aa026016c65f1ef3
                                                                                                                                                                                • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 81110021E5855281FA93C7B9E5443B96252EF99780F689031F94987B8FCE3CD4C14208
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FF39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                • Instruction ID: 015717555191951efec87de1f8a35c60a1ad88dcfe86b88f9650eefb959d02ac
                                                                                                                                                                                • Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8F51F961B4924286EBAADE35940467A6291FF54BB8F344734DE6CC7BCBCF3CD4018608
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB0B0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3548387204-0
                                                                                                                                                                                • Opcode ID: 4011c0cc7ad8475efb9850599936c3c033b15381ca9ef591f27f0db506bfe258
                                                                                                                                                                                • Instruction ID: 99b8c6df8be903abe5e22d21d119480133f229ee7a87c79fc06c2105897ed4bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 4011c0cc7ad8475efb9850599936c3c033b15381ca9ef591f27f0db506bfe258
                                                                                                                                                                                • Instruction Fuzzy Hash: 5711CE40E9820382FE96FBB088522FA11810F70360FB50434F90DC62C3EE5CB9459A2F
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A028 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF608609EA5,?,?,00000000,00007FF608609F5A), ref: 00007FF60860A096
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF608609EA5,?,?,00000000,00007FF608609F5A), ref: 00007FF60860A0A0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1687624791-0
                                                                                                                                                                                • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                • Instruction ID: ca64f16a23225db9b79ff343fb645459b71b9362912695f61e80e3c1f02576fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 4421CF11B2C75241FE50D7B0E45427E1292AF94BE9F3A4235FA2EC77C2CE6CA445AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608611B7C Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF608608082,?,?,00000000,00007FF608608576,?,?,?,?,00007FF608610524,?,?,00000000), ref: 00007FF608611B90
                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF608608082,?,?,00000000,00007FF608608576,?,?,?,?,00007FF608610524,?,?,00000000), ref: 00007FF608611BFA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                                                                • Opcode ID: d9d86f6fbb8791f569d27644bc3b0807fa357db287431418c1d7d921d6f8a6bf
                                                                                                                                                                                • Instruction ID: 94cbea91211843403fd357f73c81a45095384cb184559fde5f5e347145b98683
                                                                                                                                                                                • Opcode Fuzzy Hash: d9d86f6fbb8791f569d27644bc3b0807fa357db287431418c1d7d921d6f8a6bf
                                                                                                                                                                                • Instruction Fuzzy Hash: 0701A511F2976581EE10EB31B41102A7361AF55FE0B6D5630EF6D537D6DE2CE8429348
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF60860B79D), ref: 00007FF60860B650
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF60860B79D), ref: 00007FF60860B65A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                • Instruction ID: ea97186f350ad6b8c08d4f02ffc6958dfd7bdcb523da6c17ab5226ade24c21ca
                                                                                                                                                                                • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F11BF62A28B9181DA10CB35F40416AA361EB45BF4F654331FABD8B7E9CF3CD0119B08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                • Instruction ID: 06ba402f885750e629b71e05839bba45287b20c1c9b85c62ed67f445dd81b0c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 0141C33292860183EA38CA35E54027A77A1EB95B61F314131E68EC77D5CF2CE502EF5D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                • Opcode ID: d178c2b58a1e50610312ba0b955d9415aa0f7fff73eff64f957cc5af00e6b43d
                                                                                                                                                                                • Instruction ID: abbd213a9186f9ef5b7b60e061731b2be9e93e6d28661cf4ea701cf06b7c4e3d
                                                                                                                                                                                • Opcode Fuzzy Hash: d178c2b58a1e50610312ba0b955d9415aa0f7fff73eff64f957cc5af00e6b43d
                                                                                                                                                                                • Instruction Fuzzy Hash: 4221D621B4929155FEA2DB3265043FAA681BF59BC8FA94430EE0D87787CF7DE101C608
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                • Instruction ID: ad84810ccc2586f803a4d2336b71b0f025f9d737f3aae26b277a55a0ff7ef0ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                • Instruction Fuzzy Hash: 31319E21A3876281E711DBB5D80037E2690EB80B96F620135FA1D873D3CF7CA841AB1D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086054C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                • Instruction ID: f2e269ff24905d50b2e37935f1fe9938352448b2fe1b617fa605ff90d1d75dd3
                                                                                                                                                                                • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                • Instruction Fuzzy Hash: AF119621A2C64181EA60DF6194042BFA2A0FF84B84F664431FB4DEBB96CF7CD400AF0D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                • Instruction ID: 1b532bab95069edac2c42bd3947ecf0bb43aa49073b7b4fb900b92a939bf3463
                                                                                                                                                                                • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E215332A2864187DB61CF28E445369B6A0EBD4B94F294235F75E876D6DF3CD4009B08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FF61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                • Instruction ID: a9456f7bbfd135c1fc92845539af5a977d5296db0a0842423a68007cd1586e98
                                                                                                                                                                                • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D010422B4874241EA51DB72990106AB691FF91FE4F688630EE6C87BE7CE3CD401870C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860DD40 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF60860A8B6,?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E), ref: 00007FF60860DD95
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                • Instruction ID: 64e24347fec1e45234a93b8dbb6f3b604aeaac10f9a041ab77b2c4a3470e305e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                • Instruction Fuzzy Hash: A7F06D54B3920A41FE95EBF699113B602805F88B80F2E9730E90EC63C2ED1CE480AB1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860CACC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF6085FFE44,?,?,?,00007FF608601356,?,?,?,?,?,00007FF608602949), ref: 00007FF60860CB0A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                • Instruction ID: 08c52eac9b23059a4b8a5fd24f979cf1c4849e5b2f98d02c14f4b5e26557d76d
                                                                                                                                                                                • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                • Instruction Fuzzy Hash: 42F05800B3D24245FE24DAB1581167711814F887A0F6A0730FD2ED62C2EE2CE880AA1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F71B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FF6085F7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,?,00000000,00007FF6085F30BE), ref: 00007FF6085F71D3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2592636585-0
                                                                                                                                                                                • Opcode ID: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                                                                                                                                                • Instruction ID: 4bf4298aca326f1e3eb7e54f4acbc3af62ffb36a81b766293d6a511b10a24d01
                                                                                                                                                                                • Opcode Fuzzy Hash: 63080640ee8bd5a5197bc5957a639ee791a00d05320db4a40cef4a6e5ab977c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 0CE08611B2819542EE58DBB7A50646AA252EF4CBC0B689035EF4E47B56DD2DD8904A08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 00007FFDFAD7C168 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: iswdigit$btowclocaleconv
                                                                                                                                                                                • String ID: 0$0
                                                                                                                                                                                • API String ID: 240710166-203156872
                                                                                                                                                                                • Opcode ID: 675d41be0cf00d75d1ada4b196895601b11434e5614c0700cf96937b96f68ccb
                                                                                                                                                                                • Instruction ID: 0125eede9828690e0f62e8045b00f5dd0292511ac146a293f904b3485bd08ffb
                                                                                                                                                                                • Opcode Fuzzy Hash: 675d41be0cf00d75d1ada4b196895601b11434e5614c0700cf96937b96f68ccb
                                                                                                                                                                                • Instruction Fuzzy Hash: E781F672B085468AE72D8F25EC6067A72A1FB94789F444175DEAA472D8FF3CE846C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7AD8C Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 247COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memchr$isdigit$localeconv
                                                                                                                                                                                • String ID: 0$0123456789abcdefABCDEF
                                                                                                                                                                                • API String ID: 1981154758-1185640306
                                                                                                                                                                                • Opcode ID: 8ffd2bf09e8c44253b517b58556117e687359a4e00e140930174a96cdfc84e8b
                                                                                                                                                                                • Instruction ID: ca2b6706029950cbf53705c8deab7e2cb15bb8ea258f3b36f023889c602155d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ffd2bf09e8c44253b517b58556117e687359a4e00e140930174a96cdfc84e8b
                                                                                                                                                                                • Instruction Fuzzy Hash: D8915F72B1955646F72D8B10EC70B7A7B90FB49B48F489074DEAA436D9EA3CE807C740
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAC23058 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909503557.00007FFDFAC21000.00000040.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAC20000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909483553.00007FFDFAC20000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAC82000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACCE000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD1000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD6000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD30000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD33000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD35000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD38000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909825323.00007FFDFAD39000.00000080.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909852280.00007FFDFAD3B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfac20000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3282304195-0
                                                                                                                                                                                • Opcode ID: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                                                                                                                                                • Instruction ID: db7f52838715b0c87732919477350be84fecfa495ef2b019adada5fd61fa9ae0
                                                                                                                                                                                • Opcode Fuzzy Hash: d5821aaf4936ad9aa18e348792a4e6496cc638c229f42c96d8f2983ca85ed40f
                                                                                                                                                                                • Instruction Fuzzy Hash: 75313C76709A8585EB648F60E860BEE73A4FB84744F48407ADA5E47BD8DF3CD648C710
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetTempPathW.KERNEL32(?,00000000,?,00007FF6085F674D), ref: 00007FF6085F681A
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: GetEnvironmentVariableW.KERNEL32(00007FF6085F36E7), ref: 00007FF6085F69CA
                                                                                                                                                                                  • Part of subcall function 00007FF6085F6990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6085F69E7
                                                                                                                                                                                  • Part of subcall function 00007FF6086066B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086066CD
                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF6085F68D1
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2770: MessageBoxW.USER32 ref: 00007FF6085F2841
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                • API String ID: 3752271684-1116378104
                                                                                                                                                                                • Opcode ID: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                                                                                                                                                • Instruction ID: d5a4453c48f5715f48afe8fee4234818bd9b7235a3093ce652e7ebfb3926e55b
                                                                                                                                                                                • Opcode Fuzzy Hash: b4ad522e37175ac7074a900ecec4c645a4870e05ba81b0992846085732047fb7
                                                                                                                                                                                • Instruction Fuzzy Hash: 3351DE11F6D64240FEA6EB7299152BA52829F69BC0F654034FD0EC7B97ED2DE801970C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7C860 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 239COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: iswdigit$localeconv
                                                                                                                                                                                • String ID: 0$0$0123456789abcdefABCDEF
                                                                                                                                                                                • API String ID: 2634821343-613610638
                                                                                                                                                                                • Opcode ID: 78cd8ec09c4991f5f264e133ff1335a78946f8737c3c90b61b8a033288d857bc
                                                                                                                                                                                • Instruction ID: c55b6d9b5746a45bcb98468e08e4ed280bdcf02cc1b106648f5dc96b2c0b85d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 78cd8ec09c4991f5f264e133ff1335a78946f8737c3c90b61b8a033288d857bc
                                                                                                                                                                                • Instruction Fuzzy Hash: C8812962F085564AEB7D8F24EC20B7976A0FB44B85F089171DE9A476C8FB3CE946C740
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4A260 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$CloseFileFirst_invalid_parameter_noinfo_noreturnwcscpy_s
                                                                                                                                                                                • String ID: .$.
                                                                                                                                                                                • API String ID: 1484651601-3769392785
                                                                                                                                                                                • Opcode ID: a10e51b339d71574b24b37aa3cd3842c161a31a0e57b787af513ff17105fdf32
                                                                                                                                                                                • Instruction ID: c709200261aabcff963e0bce20492839e7487eaaa499bf59f852e3c1c5f6d1f1
                                                                                                                                                                                • Opcode Fuzzy Hash: a10e51b339d71574b24b37aa3cd3842c161a31a0e57b787af513ff17105fdf32
                                                                                                                                                                                • Instruction Fuzzy Hash: 5441CC22B2864281EB289FA5EC54A696360FB857A4F504231DF7D076E8FF7CD584C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FB69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                • Instruction ID: 2d7dcdc9a7a9cd267ec232a58db3bc1dc9526f5f77ed2ef46b38e58a8fb3b243
                                                                                                                                                                                • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                • Instruction Fuzzy Hash: A9316E72619A8186EBA1CFB0E8803ED7360FB94754F544439DA4D87B99DF3CC548C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608614E20 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF608614E65
                                                                                                                                                                                  • Part of subcall function 00007FF6086147B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147CC
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: HeapFree.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                  • Part of subcall function 00007FF608609DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF608609DAF,?,?,?,?,?,00007FF6086021EC), ref: 00007FF608609DD9
                                                                                                                                                                                  • Part of subcall function 00007FF608609DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF608609DAF,?,?,?,?,?,00007FF6086021EC), ref: 00007FF608609DFE
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF608614E54
                                                                                                                                                                                  • Part of subcall function 00007FF608614818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60861482C
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150CA
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150DB
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150EC
                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60861532C), ref: 00007FF608615113
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4070488512-0
                                                                                                                                                                                • Opcode ID: ba682b9d28aceaa82b71a2e62c51a8dc3a393592f1845cf9d57767218ab0a02b
                                                                                                                                                                                • Instruction ID: 4007b483e0f8854a000a216607d03ecdbd995aef0ef6b4675f25da1e28e8776d
                                                                                                                                                                                • Opcode Fuzzy Hash: ba682b9d28aceaa82b71a2e62c51a8dc3a393592f1845cf9d57767218ab0a02b
                                                                                                                                                                                • Instruction Fuzzy Hash: 3AD1C326E2825286EB20DF31D4415B96792FF84B94F6A4035FA4DC7686DF3CE841A748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608609AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                • Instruction ID: 734d3bd2048168b24acc606fd27fb8bcfe05f0f7cd3041637ae3ec4934c787b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                • Instruction Fuzzy Hash: B8317132618B8186DB60CF75E8403AE73A5FB89764F650135EA8D83B9ADF3CC545CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086109B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                • Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                • Instruction ID: 7366ec89cd8406478fab083bc95ab2480a41ed247062c92bea136b2994fdf8e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                • Instruction Fuzzy Hash: A3B1D622B39A9641EE60DB31D4002BA6391EF44BE4F694131FE4D87BC6DE3CE481D709
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAE4EEC0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 358COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519
                                                                                                                                                                                • String ID: database schema is locked: %s$out of memory$statement too long
                                                                                                                                                                                • API String ID: 817585512-1046679716
                                                                                                                                                                                • Opcode ID: 44ec7639c865cea51ae928aab1090ffee0e748b1dd5f4350f795b8f852689883
                                                                                                                                                                                • Instruction ID: a094823dbad67092d0705fdf8bd8e73d8742f9bb5d8d28216e4b705dcce6a99f
                                                                                                                                                                                • Opcode Fuzzy Hash: 44ec7639c865cea51ae928aab1090ffee0e748b1dd5f4350f795b8f852689883
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AF17326B0868386FB2CAB219420BFA6B95FB85F84F044175DE6E077D9DF7DE9418310
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861509C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150CA
                                                                                                                                                                                  • Part of subcall function 00007FF608614818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF60861482C
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150DB
                                                                                                                                                                                  • Part of subcall function 00007FF6086147B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147CC
                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF6086150EC
                                                                                                                                                                                  • Part of subcall function 00007FF6086147E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6086147FC
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: HeapFree.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF60861532C), ref: 00007FF608615113
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3458911817-0
                                                                                                                                                                                • Opcode ID: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                                                                                                                                                • Instruction ID: 2cd7ef39c7543f9f3274b8a3f703b3a6a6692fdd6485496c18f1d2b3eebc5ce0
                                                                                                                                                                                • Opcode Fuzzy Hash: 8dda7e1bb43cce3069c61b2343a9d469707a009ccb87a98b23344d3931a91aef
                                                                                                                                                                                • Instruction Fuzzy Hash: BA51A732A2864286EB50DF31D9815A9B761FF88784F664136FB4DC3697DF3CE8009748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD5290C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                • String ID: !x-sys-default-locale
                                                                                                                                                                                • API String ID: 4235545615-2729719199
                                                                                                                                                                                • Opcode ID: d9d753691e561dd40b8b0b4b10698939aa98df35f811bcea15b1cb09e8e6541f
                                                                                                                                                                                • Instruction ID: ce79b3a9cbeb70a0358392ce48ad74ade6bc234b95cb26733f65f6feddc58875
                                                                                                                                                                                • Opcode Fuzzy Hash: d9d753691e561dd40b8b0b4b10698939aa98df35f811bcea15b1cb09e8e6541f
                                                                                                                                                                                • Instruction Fuzzy Hash: 27018072B1878186E7188B11F850BA9A7A1F788798F444175E65D03BD8DF3CD445CB00
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4A6F0 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DiskFreeSpace_invalid_parameter_noinfo_noreturnmemmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3985054636-0
                                                                                                                                                                                • Opcode ID: c0802755806167d0a567caa2ebf5608b7605058f7d95d5f541a63b9c2708821e
                                                                                                                                                                                • Instruction ID: e3310459693cb3708628ad585e906a0e967befdc6ad241b7d9da1380b7660bbc
                                                                                                                                                                                • Opcode Fuzzy Hash: c0802755806167d0a567caa2ebf5608b7605058f7d95d5f541a63b9c2708821e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D415B62F10B4288FB04DFA5D8506EC2775FB58BA8F644625CE6D23A98EF38D191C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD6F7C0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InfoLocale___lc_locale_name_func
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3366915261-0
                                                                                                                                                                                • Opcode ID: eb4ee231be5e3682b71e23355f387361bea8c3833c28dda8fb497c2550fd30a6
                                                                                                                                                                                • Instruction ID: 8fa6031db2fee881e97b37ad35eec6e012a3cfb16536113976d6032d165be12a
                                                                                                                                                                                • Opcode Fuzzy Hash: eb4ee231be5e3682b71e23355f387361bea8c3833c28dda8fb497c2550fd30a6
                                                                                                                                                                                • Instruction Fuzzy Hash: 66F082B2F2C44682E36C4B54D879FB91360EF48305F4402B1D11B433D8EF5CD9448711
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F3DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                                • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                • API String ID: 190572456-3109299426
                                                                                                                                                                                • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                • Instruction ID: 0fc9cf13d9ecdc6eb82b35813161e3c7e6a07ce7b6b18cb63b19c03b703e851f
                                                                                                                                                                                • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E420C64A6EF0790FE86DB34E8401B42361AF18795FBA5131E90D86366FF7CA558E308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F55D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                • API String ID: 2238633743-1453502826
                                                                                                                                                                                • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                • Instruction ID: d40631a09e23d4d5bfdd39b3926e8aab2a9e6a8b088eafc8853d89db64e4dffc
                                                                                                                                                                                • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                • Instruction Fuzzy Hash: B0E12264AADF1385FE86CB74A85007823A5AF14782FB95135E44D863A6FF7CF548B308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                • API String ID: 0-666925554
                                                                                                                                                                                • Opcode ID: 2319680b6c4a6749105ed56ee7c4451faca62c16be5f0453ebf863ea36a821a9
                                                                                                                                                                                • Instruction ID: a313aab8d840de24918739205e1b42cd2822288beceecf30b8258625eaaece41
                                                                                                                                                                                • Opcode Fuzzy Hash: 2319680b6c4a6749105ed56ee7c4451faca62c16be5f0453ebf863ea36a821a9
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D51EE61B99A4281FEA3DB71E4046B973A0AF60BD4F654031EE0DC7B97EE3CE1459708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F78A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                • API String ID: 4998090-2855260032
                                                                                                                                                                                • Opcode ID: 55e3b676a07cc09a0db9b4f4b3898182c4bc191d165c9b05f9f362aab715b31c
                                                                                                                                                                                • Instruction ID: e131f6ce723267b29565f7594fb3a6dd47a428c811871864fac6ad324eac800d
                                                                                                                                                                                • Opcode Fuzzy Hash: 55e3b676a07cc09a0db9b4f4b3898182c4bc191d165c9b05f9f362aab715b31c
                                                                                                                                                                                • Instruction Fuzzy Hash: A541913166CA8282EB51DF70E4446AA7361FB847A5F640231FA9EC76D6DF3CD404CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD42740 Relevance: 18.2, APIs: 12, Instructions: 240COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$__strncntfreemalloc$CompareInfoString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3420081407-0
                                                                                                                                                                                • Opcode ID: ae6754b1e32edfa24d3313de9b8267b1459166d14aa2099054040424592eb6db
                                                                                                                                                                                • Instruction ID: e506a5706e6330938db7055238143aac4c794e5b1c16653da7e565a384de9077
                                                                                                                                                                                • Opcode Fuzzy Hash: ae6754b1e32edfa24d3313de9b8267b1459166d14aa2099054040424592eb6db
                                                                                                                                                                                • Instruction Fuzzy Hash: 56A18362B0878346EB398B259860BB966A1EF44BA8F484671DD7D077C8FF7DE6458300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAE47FE0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 376COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                                                                                                                • API String ID: 0-3733955532
                                                                                                                                                                                • Opcode ID: d2f46be82827469df45adbb959eb7c436cd3e527f22a37c0eb4f76c0526f5bb0
                                                                                                                                                                                • Instruction ID: 0fed7da60a9fe8aa29ff29a6a6d27c1d4e716781d8f3b0a3cc4c2ed3b1f96903
                                                                                                                                                                                • Opcode Fuzzy Hash: d2f46be82827469df45adbb959eb7c436cd3e527f22a37c0eb4f76c0526f5bb0
                                                                                                                                                                                • Instruction Fuzzy Hash: 9CF1D465B09A8381EB2DAB11A874A7923A8FF45B91F0446B5DE6F0B7D8DF3DF5048340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD57234 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5AFBE), ref: 00007FFDFAD5727F
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5AFBE), ref: 00007FFDFAD5729F
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD572B9
                                                                                                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5AFBE), ref: 00007FFDFAD572C2
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5AFBE), ref: 00007FFDFAD572E2
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD572FC
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD57311
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E52
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E78
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: memmove.VCRUNTIME140(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E90
                                                                                                                                                                                Strings
                                                                                                                                                                                • :AM:am:PM:pm, xrefs: 00007FFDFAD5730A
                                                                                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFDFAD572EC
                                                                                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFDFAD572A9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Maklocstrfree$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                                                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                • API String ID: 269533641-35662545
                                                                                                                                                                                • Opcode ID: 62edf4bba3b03a15a430924af4aa3ed2de7202f45963c9a1cff218247a87cca2
                                                                                                                                                                                • Instruction ID: c5db9bc1546a4e53de9251c2185b87f5aed86a7c1da1d33e8662dda6c74ea730
                                                                                                                                                                                • Opcode Fuzzy Hash: 62edf4bba3b03a15a430924af4aa3ed2de7202f45963c9a1cff218247a87cca2
                                                                                                                                                                                • Instruction Fuzzy Hash: 84316F22B04B8686E704DF21EC606A937A5FB88F84F498175EE5D4379AEF3CE145C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAC22730 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909503557.00007FFDFAC21000.00000040.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAC20000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909483553.00007FFDFAC20000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAC82000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACCE000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD1000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD6000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD30000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD33000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD35000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD38000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909825323.00007FFDFAD39000.00000080.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909852280.00007FFDFAD3B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfac20000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 349153199-0
                                                                                                                                                                                • Opcode ID: 74500b153c96f0221fa29d84efc315b6a303cfbaf9f65e8125c58e8cb1c829c3
                                                                                                                                                                                • Instruction ID: 6e0e24ffda33ce99e0538c810736be80c825e3934a333be12ea8ae204ff07b4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 74500b153c96f0221fa29d84efc315b6a303cfbaf9f65e8125c58e8cb1c829c3
                                                                                                                                                                                • Instruction Fuzzy Hash: FD81CE29F0C34786F76CAB659861ABD22D0AF45B80F5C40B5DD6C877DEDE3CE8458600
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD42B70 Relevance: 16.7, APIs: 11, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiStringWide$freemalloc$__strncnt
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1733283546-0
                                                                                                                                                                                • Opcode ID: 29b45a61ba910ee357509a956a4eb2d7a8d685d8fd4b49777128a777d279a2c0
                                                                                                                                                                                • Instruction ID: 1200fc0be5ea937132e65113fee6866efff2fc9da67dfccc6e13d4e6f85602ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 29b45a61ba910ee357509a956a4eb2d7a8d685d8fd4b49777128a777d279a2c0
                                                                                                                                                                                • Instruction Fuzzy Hash: 1281823270874286EB288F11E860B7966A5FF44BA8F144275EE6E17BDCEF3DD5058700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD79E60 Relevance: 16.7, APIs: 11, Instructions: 168COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3166507417-0
                                                                                                                                                                                • Opcode ID: 7614d3da465ed879034165200717de48619cb868e7b308d802a8d15ec46bea41
                                                                                                                                                                                • Instruction ID: 8dd1213572bba341fe29846725320343b7b94189289a46f0d663e9169753372a
                                                                                                                                                                                • Opcode Fuzzy Hash: 7614d3da465ed879034165200717de48619cb868e7b308d802a8d15ec46bea41
                                                                                                                                                                                • Instruction Fuzzy Hash: 7161B526F0854289E71CDAA1ECA19FD2721EF54748F504676DD2D676DDFE38E50B8300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAE0ECF0 Relevance: 16.2, APIs: 1, Strings: 8, Instructions: 487COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519
                                                                                                                                                                                • String ID: cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                • API String ID: 817585512-554953066
                                                                                                                                                                                • Opcode ID: 54faf4973ca11ab3024135339b64610ac0f0b4d3a896c7bf5f98fadd34321a1b
                                                                                                                                                                                • Instruction ID: 23f8e91f006b3c978cc23690295cd38349d7002c05f0bf62e576a88f5706769a
                                                                                                                                                                                • Opcode Fuzzy Hash: 54faf4973ca11ab3024135339b64610ac0f0b4d3a896c7bf5f98fadd34321a1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C32BF32B08B9186EB58EF25D460ABD37A4FB44B84F488175DEAE47799DF39D460C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD8A390 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 229COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: 2227efcae9d0e6af197ea29d917050509b4ebd77e24b09e581721c7a012791ef
                                                                                                                                                                                • Instruction ID: 2018a66fc3474b419d5a76a339da286d7d89f33e6e96c5392b68d5fb28e90ec7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2227efcae9d0e6af197ea29d917050509b4ebd77e24b09e581721c7a012791ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 6A91CF62719A4681EF2C8B09D8A1BB96760FF44F84F4980B6CA5D077F9EF2DE546C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F74B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F74D7
                                                                                                                                                                                • FormatMessageW.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F7506
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 00007FF6085F755C
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                • API String ID: 2920928814-2573406579
                                                                                                                                                                                • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                • Instruction ID: b78a422c186a0a6d0808c4859a6e8885a75049ba2460705f08ea72a8b3446a54
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                • Instruction Fuzzy Hash: EC216571B68A4282EB61DF31F84427A7361FF58385FA80035E54DC26A6EF7CE505D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7BF10 Relevance: 15.2, APIs: 10, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setw$Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3781602613-0
                                                                                                                                                                                • Opcode ID: dc46e7610e5210443378bd53578bf1b863b03e0484ce0f06e06cc9b54d7e5273
                                                                                                                                                                                • Instruction ID: fedf8cadd80f601ebdfec4a1e37e04e2814df89d072c4200000831b0c90a2749
                                                                                                                                                                                • Opcode Fuzzy Hash: dc46e7610e5210443378bd53578bf1b863b03e0484ce0f06e06cc9b54d7e5273
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A61B722F0854289E718DEA1EC61AFD2361EF54788F504276DD2D676DDFE38E94B8700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608600228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                • Instruction ID: 1b2e33b6d772936f5b98770d139f041584167a12f10c36fa2dca58ff7d2d8c80
                                                                                                                                                                                • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                • Instruction Fuzzy Hash: 2C12C661E2C94386FB24DA34E05477B7292FB80750FA54035F6998A6C4DF3CE980AF4E
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7AB90 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                • String ID: 0$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                • API String ID: 3508154992-2692187688
                                                                                                                                                                                • Opcode ID: e84a17e9067486d482f975e8aaaff67d3a669275ca7f44114c81e2e124404ac0
                                                                                                                                                                                • Instruction ID: 34f0d1e4e39d1affaa012022211a7123121155b60c92348f5687f466240a38bf
                                                                                                                                                                                • Opcode Fuzzy Hash: e84a17e9067486d482f975e8aaaff67d3a669275ca7f44114c81e2e124404ac0
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F51E616B1D6C656EB6D8A24BC24B796690EB45B94F4840B0CDBD073EDFE3CE8438300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFADDECE0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: new[]
                                                                                                                                                                                • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                • API String ID: 4059295235-3840279414
                                                                                                                                                                                • Opcode ID: ad8a9bc280a905af773bd8c5b98fdee6b4ffee7ccddd73f9ca9024f630f4d204
                                                                                                                                                                                • Instruction ID: 2c73d2f8208326c64b3e2846250d3ac13c63b671826d9ba06272c5209f95715d
                                                                                                                                                                                • Opcode Fuzzy Hash: ad8a9bc280a905af773bd8c5b98fdee6b4ffee7ccddd73f9ca9024f630f4d204
                                                                                                                                                                                • Instruction Fuzzy Hash: D151C021F0C28685FB5DAB619C20E7A6791EF84F88F4800B5ED6E472CEEE3CE4458340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                • API String ID: 2895956056-3524285272
                                                                                                                                                                                • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                • Instruction ID: 28c9877cda981ff165983da0fe0ab213daaa243e93b3434c57a75014a5b2ac49
                                                                                                                                                                                • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                • Instruction Fuzzy Hash: F5413232A1878282DA20DB70F4452AAB3A0FB95364F610335F6AD83BE6DF7CD0549B44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD46BF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 1099746521-1866435925
                                                                                                                                                                                • Opcode ID: af160acd5e441be7086a0e8941e1632666f7da2f1e6a3c5643d2ffc90f23ec5a
                                                                                                                                                                                • Instruction ID: 5b23586e1212e2967358c50c2dc5b2e4d13d39e91e9c58c9aec823d339743f63
                                                                                                                                                                                • Opcode Fuzzy Hash: af160acd5e441be7086a0e8941e1632666f7da2f1e6a3c5643d2ffc90f23ec5a
                                                                                                                                                                                • Instruction Fuzzy Hash: 8621AD52B1950795EB1C9B00DCA2BF96321EF54744F9840B5DA2E435EEFE2DE746C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7CB80 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                                                                • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                • API String ID: 667068680-1247241052
                                                                                                                                                                                • Opcode ID: 13baef0a9c35b60b7d25fcbaa8944591bb860994d45b5ebb1ea4c3dc7efdbbb7
                                                                                                                                                                                • Instruction ID: ed2f2c41bad779fea781a6b3d45c2650f04d224cf84099f678de601f07d18273
                                                                                                                                                                                • Opcode Fuzzy Hash: 13baef0a9c35b60b7d25fcbaa8944591bb860994d45b5ebb1ea4c3dc7efdbbb7
                                                                                                                                                                                • Instruction Fuzzy Hash: C6F0DA25B0AA0B81EB089B51FC6497463A5FF4CB85B8501B1C86D073ADFF7DE1558300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FDC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                • Instruction ID: 0cea1a786cf1fc84a447c306f9712dd7b2e75c41059ebba556d3b4f40df2f8d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                • Instruction Fuzzy Hash: 27E1A072A487458AEBA1DF35D4412AD7BB4FB64798F200535EE8D87B9ACF38E580C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD8A110 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: 5b66209db9d6c797f4d5b902197922427584ce6d3cbad92c85f8e4b7adeae963
                                                                                                                                                                                • Instruction ID: 773216feba06e85e528cbe3a8f59e3548c09c81c0ff0fe8a24df7ff09370202f
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b66209db9d6c797f4d5b902197922427584ce6d3cbad92c85f8e4b7adeae963
                                                                                                                                                                                • Instruction Fuzzy Hash: E861AE22719A4685EB2C8B05D8A0BB96760FB44F88F498076CA5D477FDEF2DD546C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD54670 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowfputwcfwritestd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 1428583292-1866435925
                                                                                                                                                                                • Opcode ID: 40e122d1eb6c619ae9fd2513e83b89d36970957728f2e3ce6402d8aff782df6f
                                                                                                                                                                                • Instruction ID: 2b8a68b41735b7ca38a44cb63e17e2ddeb5c50499a9a533790b8c861cd2eb6bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 40e122d1eb6c619ae9fd2513e83b89d36970957728f2e3ce6402d8aff782df6f
                                                                                                                                                                                • Instruction Fuzzy Hash: 9861CE73719A8289EB18CF25D8A07ED37A1FB44B88F844072EA6D47798EF78E555C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD89EB0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • std::ios_base::failure::failure.LIBCPMT ref: 00007FFDFAD8A0A3
                                                                                                                                                                                • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFAD7CDF4), ref: 00007FFDFAD8A0B4
                                                                                                                                                                                • std::ios_base::failure::failure.LIBCPMT ref: 00007FFDFAD8A0F7
                                                                                                                                                                                • _CxxThrowException.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFAD7CDF4), ref: 00007FFDFAD8A108
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: ebbc2a5478cee6f8778e80d9982c0746574b97d60a397e05c047a50b96c07997
                                                                                                                                                                                • Instruction ID: ef18bdf0f2e33464df9a22ea625b6c035be833e0ad46fc8ddc512634f47cc8c8
                                                                                                                                                                                • Opcode Fuzzy Hash: ebbc2a5478cee6f8778e80d9982c0746574b97d60a397e05c047a50b96c07997
                                                                                                                                                                                • Instruction Fuzzy Hash: 0761B126709A4685EB2C8B15D8A0BB92760FB44F88F498076DA5D4B3FCEF2DD506C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7A980 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memchrtolower$_errnoisspace
                                                                                                                                                                                • String ID: 0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                • API String ID: 3508154992-4256519037
                                                                                                                                                                                • Opcode ID: a0c686a5baf08d4acddedc7c0e7e42a05840db6d0ff94e3deec8c41a47245bbc
                                                                                                                                                                                • Instruction ID: af2d046a1fd9fc36320be37e041f6b2e792d7823b2bea2b151fe113c7d3239c7
                                                                                                                                                                                • Opcode Fuzzy Hash: a0c686a5baf08d4acddedc7c0e7e42a05840db6d0ff94e3deec8c41a47245bbc
                                                                                                                                                                                • Instruction Fuzzy Hash: 8351E312B1C68646E76E8A25BD24B797690EB44B58F4940B4CDAD436ECFE3CE9438700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4B1B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 144COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: 2cb5299fb653258e06c3c80e7ecfec450cb6b10a9ee53deec34d22b21f38cb89
                                                                                                                                                                                • Instruction ID: 4c4df2b1085351b8d612c285e7ea5a9cbccdb26bb2bd238fce3685b8d5373bd8
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cb5299fb653258e06c3c80e7ecfec450cb6b10a9ee53deec34d22b21f38cb89
                                                                                                                                                                                • Instruction Fuzzy Hash: 8151C122B09A4A81EB18DB19D8A0BBD6760FB54B88F544171CE6D436FDEF3DD645C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,00000000,?,00007FF60860E152,?,?,0000020AA1CC69E8,00007FF60860A223,?,?,?,00007FF60860A11A,?,?,?,00007FF608605472), ref: 00007FF60860DF34
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000,?,00007FF60860E152,?,?,0000020AA1CC69E8,00007FF60860A223,?,?,?,00007FF60860A11A,?,?,?,00007FF608605472), ref: 00007FF60860DF40
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                • Instruction ID: ea1c6078d1c0c3d35cbac94f93dff1db207aa7528d9eec9e9c6e916cb1aae6b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                • Instruction Fuzzy Hash: E0412821B3AA1241FA56CB72A8005762392BF54BA0F6A4335ED0DC7795EF3CE845E70C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F769F
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F76EF
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                • API String ID: 626452242-27947307
                                                                                                                                                                                • Opcode ID: 21fad801926b791878e271a166df8a9fc687d08dd881ca133a5a243dc5b2fb66
                                                                                                                                                                                • Instruction ID: fab08154c17353650a542dabf05a6be640387d6bbe5cb9353c677a049eb331de
                                                                                                                                                                                • Opcode Fuzzy Hash: 21fad801926b791878e271a166df8a9fc687d08dd881ca133a5a243dc5b2fb66
                                                                                                                                                                                • Instruction Fuzzy Hash: 5441F432A1EBC281EA61CF21F44016AB7A4FB98790F684034EE8D83B96DF3CD055D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7208C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD720D7
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD720F7
                                                                                                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD7211A
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD7213A
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E52
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E78
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: memmove.VCRUNTIME140(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E90
                                                                                                                                                                                Strings
                                                                                                                                                                                • :AM:am:PM:pm, xrefs: 00007FFDFAD72162
                                                                                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFDFAD72144
                                                                                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFDFAD72101
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                                                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                • API String ID: 2607222871-35662545
                                                                                                                                                                                • Opcode ID: 01302af47c945f3a6745589a6f638aa7e98c5d90e698408ec6ee8f6997233775
                                                                                                                                                                                • Instruction ID: 245e3b832630806356cee077a0f4c3069ccdb3ca390d5c09a05d0b34e741876b
                                                                                                                                                                                • Opcode Fuzzy Hash: 01302af47c945f3a6745589a6f638aa7e98c5d90e698408ec6ee8f6997233775
                                                                                                                                                                                • Instruction Fuzzy Hash: 88316B26B05B8686E708DF21EC606A837A5FB89F84F4981B1DE6D43799EF3CE145C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F7B81
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F7BF5
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                • API String ID: 3723044601-27947307
                                                                                                                                                                                • Opcode ID: bd1dbe9bdc4e325520a389bb739d5baca1f56465b0b7a014c0b5d934fc12bc42
                                                                                                                                                                                • Instruction ID: ef9ad1c160a68e09faee81800b303181f9138ad0541f053d4219a86095e4832b
                                                                                                                                                                                • Opcode Fuzzy Hash: bd1dbe9bdc4e325520a389bb739d5baca1f56465b0b7a014c0b5d934fc12bc42
                                                                                                                                                                                • Instruction Fuzzy Hash: 8521BC71A58B8285EB51DF32E84007977A1EB98B84F684135EA4DC3796EFBCE541D308
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD57340 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD57382
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD573A2
                                                                                                                                                                                • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD573C0
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD573E0
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44ED9
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F08
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F1F
                                                                                                                                                                                Strings
                                                                                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFDFAD573AC
                                                                                                                                                                                • :AM:am:PM:pm, xrefs: 00007FFDFAD573FA
                                                                                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFDFAD573EA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$GetdaysGetmonths___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funcmallocmemmove
                                                                                                                                                                                • String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                • API String ID: 2607222871-3743323925
                                                                                                                                                                                • Opcode ID: 0182182458dc00e26ef34ee203b983bdf323fca83e6ac2356a4cc371ef0417c2
                                                                                                                                                                                • Instruction ID: 7d6655df29e7e023b2b164d77facaf7c5282238a078a2d05b1b515323837f9e2
                                                                                                                                                                                • Opcode Fuzzy Hash: 0182182458dc00e26ef34ee203b983bdf323fca83e6ac2356a4cc371ef0417c2
                                                                                                                                                                                • Instruction Fuzzy Hash: FD215E22B08B4686EB18DF21E8607AD73A0FB48F84F444174EA5E53799EF3CE485C740
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608609264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: f$p$p
                                                                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                                                                • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                • Instruction ID: 3538662d8efceafea380d9b53abef6413658760ec357671a7437a22d324cffc9
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                • Instruction Fuzzy Hash: EC12B462E2C14346FB24DB75D05467B7A93EB80754FAA4035F689866C6DF3CE480AF1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD79BE0 Relevance: 10.7, APIs: 7, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 578106097-0
                                                                                                                                                                                • Opcode ID: 652f53745f0b645ee40682d43b4e6d0df9c9e42910048d996081d227b39a1e95
                                                                                                                                                                                • Instruction ID: 9209caf20722797c8cbc6897be6edbc727e02a74d36f889192015c755c1c4b08
                                                                                                                                                                                • Opcode Fuzzy Hash: 652f53745f0b645ee40682d43b4e6d0df9c9e42910048d996081d227b39a1e95
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B61A42BB18A4382E759DE61F8A09EA6721FB85748F500172EE5D136DDFE3CD54B8700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7A460 Relevance: 10.7, APIs: 7, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setn$Xp_addx$Stofltisspaceisxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 578106097-0
                                                                                                                                                                                • Opcode ID: b6807eabb47c1ea2cf8ea0b7012c19bbdf911f3a8bfc95e017a330202ffbebb8
                                                                                                                                                                                • Instruction ID: 2a0948bf5cfe831b94bfa7f68e9b3f64de2103fd54311106dd80888e8b9a1ea6
                                                                                                                                                                                • Opcode Fuzzy Hash: b6807eabb47c1ea2cf8ea0b7012c19bbdf911f3a8bfc95e017a330202ffbebb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A61B562B2894282E71DDE61FC609BE6720FB94744F500176EA6E176DDFE3CE54A8B00
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD52F6C Relevance: 10.6, APIs: 7, Instructions: 121threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentThread$xtime_get
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1104475336-0
                                                                                                                                                                                • Opcode ID: 48927d2cbe5862b91e4c8d4dce6abd7c82a200e620e4d265cab55f02c8d3a492
                                                                                                                                                                                • Instruction ID: f8994c37bca93301eac7e6dc77f906aa0df5eab3c712091683ce05e0f301e1c4
                                                                                                                                                                                • Opcode Fuzzy Hash: 48927d2cbe5862b91e4c8d4dce6abd7c82a200e620e4d265cab55f02c8d3a492
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A513132B18A468AE7289F19ECA0A7973E1FB44744F514075DB6E436E8EF7DE885C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4B99C Relevance: 10.6, APIs: 7, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BA6C
                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BA7C
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BA91
                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BAC5
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BACF
                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BADF
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,?,?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4BAEF
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD92FDC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B28), ref: 00007FFDFAD92FF6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memmove$memset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1468981775-0
                                                                                                                                                                                • Opcode ID: fc0daf207c26f018cc984b41be90ab11e90b489ed74d46ce50184867ceed8fb3
                                                                                                                                                                                • Instruction ID: 755a69b67095fb5bd839785aba40dbfec7f7318a9ca311430b850e88ad5bc85e
                                                                                                                                                                                • Opcode Fuzzy Hash: fc0daf207c26f018cc984b41be90ab11e90b489ed74d46ce50184867ceed8fb3
                                                                                                                                                                                • Instruction Fuzzy Hash: 7041B222B09A8295EB0CDF26E8556AD6311FB44BC4F544572EE6D0BBD9EE7CD282C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD55B40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowsetvbufstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2924853686-1866435925
                                                                                                                                                                                • Opcode ID: bf3dddf679b556ce60147bed7d97605c470422573525659f83b62b7d7a8791d9
                                                                                                                                                                                • Instruction ID: f5b102e5ec5833d5d70b1d78fe6681ca982f34e0885eab0acb2a881ff7055468
                                                                                                                                                                                • Opcode Fuzzy Hash: bf3dddf679b556ce60147bed7d97605c470422573525659f83b62b7d7a8791d9
                                                                                                                                                                                • Instruction Fuzzy Hash: C541CD72B14B4A8AEB59CF24E860BBC33A4FB14B88F444071CA5C47689EF7CE5A4C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD64214 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD64242
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD642BB
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD642D1
                                                                                                                                                                                • _Getvals.LIBCPMT ref: 00007FFDFAD64376
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Maklocstr$Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                • API String ID: 2626534690-2658103896
                                                                                                                                                                                • Opcode ID: de29b9df0e459909fb408eb7a61f2e6b96df3c0a5d8d1df3874eab5859ccaea4
                                                                                                                                                                                • Instruction ID: a7d1bbf455b68b79dcf025d49c22d952c93cc6c44f520398328c177ce95ff683
                                                                                                                                                                                • Opcode Fuzzy Hash: de29b9df0e459909fb408eb7a61f2e6b96df3c0a5d8d1df3874eab5859ccaea4
                                                                                                                                                                                • Instruction Fuzzy Hash: A6418B22B08B819AF714CF74E8506EC33B5FB9874CB405226EE4D27A99EF38D596C344
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide
                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                • API String ID: 626452242-876015163
                                                                                                                                                                                • Opcode ID: 78dd3cd42577a237091530651aaab21fa63af2e06b2a2ef9cf891efa8bd054d7
                                                                                                                                                                                • Instruction ID: ed0d1ade4291c6b9a416d8154918d3e182b968d68f2bb771b9a4b410b58453b3
                                                                                                                                                                                • Opcode Fuzzy Hash: 78dd3cd42577a237091530651aaab21fa63af2e06b2a2ef9cf891efa8bd054d7
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B41C332A18B8282EA61CF35B44017A67A5FB58790F794135EB4DC7BA6EF3CD412D708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F6480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FF6085F7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6085F67CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF6085F64DF
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2770: MessageBoxW.USER32 ref: 00007FF6085F2841
                                                                                                                                                                                Strings
                                                                                                                                                                                • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6085F653A
                                                                                                                                                                                • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6085F64B6
                                                                                                                                                                                • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6085F64F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                • API String ID: 1662231829-3498232454
                                                                                                                                                                                • Opcode ID: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                                                                                                                                                • Instruction ID: bd30f1caa939ab1c5e383f0e4f5838563c5efed7d21bd47eb1682810654a2d3a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2dc19ef5ba30c1755b370eb24f27a07330b7d4ecbeaa7c6206d14ea3a4c7ebc1
                                                                                                                                                                                • Instruction Fuzzy Hash: 3031C851B6D78240FEA2E731E5553BA5291AFB87C1FA40431DA4ED27DBEE2CE5088708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FCEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCF6D
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCF7B
                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFA5
                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFEB
                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6085FD19A,?,?,?,00007FF6085FCE8C,?,?,00000001,00007FF6085FCAA9), ref: 00007FF6085FCFF7
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                • Instruction ID: 6fafeb667fc9645307eb1ddec85689804581f6b95445bdca2c49d1d4c51adf61
                                                                                                                                                                                • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                • Instruction Fuzzy Hash: DB310721B5EA5291FE93DB22A80057563D8FF58BA0F694535ED1D87382EF3CE4458708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F7A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7AF0
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                • API String ID: 3723044601-876015163
                                                                                                                                                                                • Opcode ID: 4acbd98045038fd4d2c1bd21845f03b7508581de0be994fe0935300e8d9fa1b9
                                                                                                                                                                                • Instruction ID: c75601a9f19b37ef5055f890714bf15cea6029891e56852f64d7d4dff31199e9
                                                                                                                                                                                • Opcode Fuzzy Hash: 4acbd98045038fd4d2c1bd21845f03b7508581de0be994fe0935300e8d9fa1b9
                                                                                                                                                                                • Instruction Fuzzy Hash: 19218622B18A8281EF51CB39F40007AA361FF987D4F694531EB4CC3BAAEF6CD5418708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A62F
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A644
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A665
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A692
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6A3
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6B4
                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F,?,?,?,00007FF608609313), ref: 00007FF60860A6CF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                • Opcode ID: ed6576f3f06a04d434ff80ad82703c5fc146c9fa0e7daa2bffcd38ab4b0a2dde
                                                                                                                                                                                • Instruction ID: cf84b062b2baf05f4a8ebf5239dadc0fe5d37e9f5b26815b503c06f2a2843be8
                                                                                                                                                                                • Opcode Fuzzy Hash: ed6576f3f06a04d434ff80ad82703c5fc146c9fa0e7daa2bffcd38ab4b0a2dde
                                                                                                                                                                                • Instruction Fuzzy Hash: 77214C20E3C72242FA58E7B1565657B62525F44BF1F360B74F83E87AD6DE2CA8006A4C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60861706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                • Instruction ID: f1818fbfbf323a82460a9b6a5b487097809ce1fa28881d5884e401b4de68336b
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                • Instruction Fuzzy Hash: 43119621728A5186E750DB62E855325B2A1FB48FE5F690234FD5DC7795CF3CD8048748
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD791F0 Relevance: 9.2, APIs: 6, Instructions: 241COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Dunscale$_errno
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2900277114-0
                                                                                                                                                                                • Opcode ID: 5a5a35f2bf4bd0c51737681187942f7eba80b17ba0a2c60ea12387ab910f76a5
                                                                                                                                                                                • Instruction ID: 69461cc7beb222ba757838811188022957dab62de84c69f3ef750b84ab296ee3
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a5a35f2bf4bd0c51737681187942f7eba80b17ba0a2c60ea12387ab910f76a5
                                                                                                                                                                                • Instruction Fuzzy Hash: DCA1D42BF18E5B85DB4DDE3498609BD2361FF16398F504271EA1A176D9FF38A0978340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD709B8 Relevance: 9.2, APIs: 6, Instructions: 241COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Dunscale$_errno
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2900277114-0
                                                                                                                                                                                • Opcode ID: 0948f93756ff3586f6f5b2ffe65ca416d79252897cc0bad644eda69b50a2a61a
                                                                                                                                                                                • Instruction ID: 8e23971727728d07d4eb016365e4a83d7752e30b621911d318bda073827f8297
                                                                                                                                                                                • Opcode Fuzzy Hash: 0948f93756ff3586f6f5b2ffe65ca416d79252897cc0bad644eda69b50a2a61a
                                                                                                                                                                                • Instruction Fuzzy Hash: 92A1CE33B086469AE71D9F2699918BC6321FF19348F544270EA2A931DDFF38B1978700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD48F60 Relevance: 9.2, APIs: 6, Instructions: 181COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: fgetc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2807381905-0
                                                                                                                                                                                • Opcode ID: 9d8c2524c03ee9a752c4a28c0e6f515765a84fc6fc3e42e3ecc1e9c46a378a8d
                                                                                                                                                                                • Instruction ID: 18f2aeb73bb743c68b14a804e46a86a1d65e0832ac189eaa5cf24e9a1eecd504
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d8c2524c03ee9a752c4a28c0e6f515765a84fc6fc3e42e3ecc1e9c46a378a8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 39817F37705A4299EB14CF76C8A47AC37A0FB48B98F444572EB6D43A98EF39D664C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7C420 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3490103321-0
                                                                                                                                                                                • Opcode ID: d7a9c4414cf5917fa9b48e48c41bb22595cfcfd5d2c0a751f2c6bb3119afdc1f
                                                                                                                                                                                • Instruction ID: 3c7afb376e29986a329ecaa54100c87903f854c68a20c5bed4496570b83a2da7
                                                                                                                                                                                • Opcode Fuzzy Hash: d7a9c4414cf5917fa9b48e48c41bb22595cfcfd5d2c0a751f2c6bb3119afdc1f
                                                                                                                                                                                • Instruction Fuzzy Hash: B261B522B1854286E719DE61F8A0ABE6720FB95784F500172EE6E176DDFE3CE5478B00
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7BC90 Relevance: 9.2, APIs: 6, Instructions: 167COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_setn$Xp_addx$iswspaceiswxdigit
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3490103321-0
                                                                                                                                                                                • Opcode ID: dad77ecffa6a573301be877ddfaf738bad37243d2ed558edf8ea11712fc5d49e
                                                                                                                                                                                • Instruction ID: 963016c5b50b783f69d2486b812b145591122485a99c1cb59fd690253af0b17a
                                                                                                                                                                                • Opcode Fuzzy Hash: dad77ecffa6a573301be877ddfaf738bad37243d2ed558edf8ea11712fc5d49e
                                                                                                                                                                                • Instruction Fuzzy Hash: AD61D426B19A4686E759DE61F8A09FE6720FB85744F500172EE5E137CDEE3CE5078B00
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD499EC Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2016347663-0
                                                                                                                                                                                • Opcode ID: 2f22cd9b130f3cbb965c39107077552aa1a031924ab03ab3026698d6bb6a1f9d
                                                                                                                                                                                • Instruction ID: 6b7a30b185ffb1cfe8db9f54bf0c20f8a578673b2a73625034833a58e1593ec2
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f22cd9b130f3cbb965c39107077552aa1a031924ab03ab3026698d6bb6a1f9d
                                                                                                                                                                                • Instruction Fuzzy Hash: 8141246671474691EF18DB22E8156A96351EB08FE4F544A72DF7E07BD9EE3CE241C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD49F30 Relevance: 9.1, APIs: 6, Instructions: 94fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileHandle$CloseCreateInformation
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1240749428-0
                                                                                                                                                                                • Opcode ID: 8b52ad37060a0935428a6ff5c93dabb3081f27d2a8cf73efd524f74ec265c6f3
                                                                                                                                                                                • Instruction ID: 735d1fec0bf9cd82d5a6e01d7bf5a672c5a9afd85019d3a9af4ddce32367ab9b
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b52ad37060a0935428a6ff5c93dabb3081f27d2a8cf73efd524f74ec265c6f3
                                                                                                                                                                                • Instruction Fuzzy Hash: D3419D32F186428AF724CF71D860BA927A1EB587A8F414735DE6C47AD8EF38D5958700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFADF4CE0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519
                                                                                                                                                                                • String ID: %s at line %d of [%.10s]$a29f9949895322123f7c38fbe94c649a9d6e6c9cd0c3b41c96d694552f26b309$database corruption
                                                                                                                                                                                • API String ID: 817585512-481979681
                                                                                                                                                                                • Opcode ID: b26f41a7d5769231523cd00cde0c9b1609d3b67f94def9458fcc0f3d2f4fdadc
                                                                                                                                                                                • Instruction ID: dde13fd3198a3b97e1fefa082f1085d51d0592e03a893cbe66893777d0f6eda3
                                                                                                                                                                                • Opcode Fuzzy Hash: b26f41a7d5769231523cd00cde0c9b1609d3b67f94def9458fcc0f3d2f4fdadc
                                                                                                                                                                                • Instruction Fuzzy Hash: 4FD19D7370878686DB68CB25D864AAA77A4FB88B88F058076DF5D47798FF39D442C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A7A7
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A7DD
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A80A
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A81B
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A82C
                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF60860444D,?,?,?,?,00007FF60860DDA7,?,?,00000000,00007FF60860A8B6,?,?,?), ref: 00007FF60860A847
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                • Opcode ID: 316349ad2f9e4d801af6fd82f3a0018fe5637c1bb945f2d266a49debb0a189b0
                                                                                                                                                                                • Instruction ID: ce17395cb8733c608c37bd56f5d5612830009f037137a654a0307694d0646bdd
                                                                                                                                                                                • Opcode Fuzzy Hash: 316349ad2f9e4d801af6fd82f3a0018fe5637c1bb945f2d266a49debb0a189b0
                                                                                                                                                                                • Instruction Fuzzy Hash: AF116F20E2C76242F954D7B1654607F51525F44BF1F364774F93E87AD6DE2CA801BA0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD42F90 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD42F99
                                                                                                                                                                                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD42FAB
                                                                                                                                                                                • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD42FBA
                                                                                                                                                                                • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD43020
                                                                                                                                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD4302E
                                                                                                                                                                                • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FFDFAD45FC6), ref: 00007FFDFAD43041
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __pctype_func$___lc_codepage_func___lc_locale_name_func_wcsdupcalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 490008815-0
                                                                                                                                                                                • Opcode ID: 9922e6e492ab5b3c9d5a8565ed41d10dc058db657fc5b6e03e1521a426724d49
                                                                                                                                                                                • Instruction ID: 384869da29768922d23a4d3c5a892aa3821497da80f1ec43617eebbac5a250f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 9922e6e492ab5b3c9d5a8565ed41d10dc058db657fc5b6e03e1521a426724d49
                                                                                                                                                                                • Instruction Fuzzy Hash: BB212822E08B8583E7058F38D9152783760FBA9B4CF15A364CE9817266EF79E6E5C350
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FC8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                • String ID: csm$f
                                                                                                                                                                                • API String ID: 2395640692-629598281
                                                                                                                                                                                • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                • Instruction ID: ac216b1f0aa7e75a637b297b6ff08200638f6760edf104ece81e54b24f513f08
                                                                                                                                                                                • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                • Instruction Fuzzy Hash: 8E51D732B5962686D796DF35D404A393796FB64B88F218530DE4A8774ADF38FC41C708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7C698 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD7BCE2), ref: 00007FFDFAD7C6BE
                                                                                                                                                                                • iswspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD7BCE2), ref: 00007FFDFAD7C6CF
                                                                                                                                                                                • iswxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD7BCE2), ref: 00007FFDFAD7C736
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: iswspace$iswxdigit
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 3812816871-3887548279
                                                                                                                                                                                • Opcode ID: 911618b2471a6478a8e2e670da621c5eb3b4da693f04f90dbb5b1c42bf5c5c12
                                                                                                                                                                                • Instruction ID: 5defe1a567f9a69870749e81969bc6bbed064affcb05ede60d2d1f382a62c6a2
                                                                                                                                                                                • Opcode Fuzzy Hash: 911618b2471a6478a8e2e670da621c5eb3b4da693f04f90dbb5b1c42bf5c5c12
                                                                                                                                                                                • Instruction Fuzzy Hash: C351A566F0815389EB5C9F65AD60AF972A0EF20BC4F488072DA69075D8FF6DE842C310
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7A7E4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD79C32), ref: 00007FFDFAD7A80A
                                                                                                                                                                                • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD79C32), ref: 00007FFDFAD7A81B
                                                                                                                                                                                • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD79C32), ref: 00007FFDFAD7A874
                                                                                                                                                                                • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDFAD79C32), ref: 00007FFDFAD7A924
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: isspace$isalnumisxdigit
                                                                                                                                                                                • String ID: (
                                                                                                                                                                                • API String ID: 3355161242-3887548279
                                                                                                                                                                                • Opcode ID: f80067efe1ae39a3d9351e4a1981f6ebc66fb09937593598799d4073587ede75
                                                                                                                                                                                • Instruction ID: 64b6e07c62a65fbe8d1bba3a5d3c3babefdd939be6770663edfde74f6ab0fb3a
                                                                                                                                                                                • Opcode Fuzzy Hash: f80067efe1ae39a3d9351e4a1981f6ebc66fb09937593598799d4073587ede75
                                                                                                                                                                                • Instruction Fuzzy Hash: 2E41C846F1818245EB5C4F30BD707F66BA1DF21794F4990B0CAA8072EEEE1DE8178711
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD640CC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,00000001,00007FFDFAD5A96C), ref: 00007FFDFAD6410D
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B803
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B81F
                                                                                                                                                                                • _Getvals.LIBCPMT ref: 00007FFDFAD64149
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Getvals___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                                                                                                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                • API String ID: 3031888307-3573081731
                                                                                                                                                                                • Opcode ID: a667c03a97928fb92f0f85d502997537f14ce17ad38b4b563ca9eacdc4f846ed
                                                                                                                                                                                • Instruction ID: 1f632dc7bdbf769454af446e114d27964cda0787c6912208356bf9536836291f
                                                                                                                                                                                • Opcode Fuzzy Hash: a667c03a97928fb92f0f85d502997537f14ce17ad38b4b563ca9eacdc4f846ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 7441D172B08B818BE728CF21DAA096D7BA1FB547807054275DBA943F95EF3CE562C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD643A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD643CE
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD64447
                                                                                                                                                                                • _Maklocstr.LIBCPMT ref: 00007FFDFAD6445D
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                • API String ID: 309754672-2658103896
                                                                                                                                                                                • Opcode ID: afec656752d2e114ae7aad2c6ce4d080cfebc65d44deeb78790a667710509588
                                                                                                                                                                                • Instruction ID: 9e09b3f730394eec09026b18ccc2faafe3bb84c47d10d707c8127cbda7c3d223
                                                                                                                                                                                • Opcode Fuzzy Hash: afec656752d2e114ae7aad2c6ce4d080cfebc65d44deeb78790a667710509588
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C418B23B18B459AE714CF70E8905ED33B4FB48B88B405126EE4E27B99EF38D595C384
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F74B0: GetLastError.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F74D7
                                                                                                                                                                                  • Part of subcall function 00007FF6085F74B0: FormatMessageW.KERNEL32(00000000,00007FF6085F26A0), ref: 00007FF6085F7506
                                                                                                                                                                                  • Part of subcall function 00007FF6085F7A30: MultiByteToWideChar.KERNEL32 ref: 00007FF6085F7A6A
                                                                                                                                                                                • MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                • MessageBoxA.USER32 ref: 00007FF6085F2748
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                • API String ID: 2806210788-2410924014
                                                                                                                                                                                • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                • Instruction ID: 191f6a34fb97996ac007f1b1dae93f0b9567896ce0d7f1939ebfb564a84581a2
                                                                                                                                                                                • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                • Instruction Fuzzy Hash: C131A472629AC281EB71DB60E4507EA6365FF94788F504036E68D83A9ADF3CD305CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD48410 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: bec941acaf19c5b99b8cd3d385722edfe52404effaccbe9006f4fcf51d304860
                                                                                                                                                                                • Instruction ID: c048a322d70df2e58aed51c1075aead2aec1d299dc9f465c7f18ddfbadeb1069
                                                                                                                                                                                • Opcode Fuzzy Hash: bec941acaf19c5b99b8cd3d385722edfe52404effaccbe9006f4fcf51d304860
                                                                                                                                                                                • Instruction Fuzzy Hash: 8621B062B0864792EB189B24D9607AD6361FB547C4F4400B1DB6D47AD9EF3CF2A5C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD48D40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrowstd::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                • API String ID: 2003779279-1866435925
                                                                                                                                                                                • Opcode ID: af1c3aa3895f23d87db4e0d727478497aada9b8bcec66ad7ca7ec186bd00afe5
                                                                                                                                                                                • Instruction ID: 898b8a06a24314ef6565d2d13c922993254625d9aada5ddc84f21165975be83f
                                                                                                                                                                                • Opcode Fuzzy Hash: af1c3aa3895f23d87db4e0d727478497aada9b8bcec66ad7ca7ec186bd00afe5
                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF08462B1950685EB1CCB00DC51AE92361FB50744F9444B1D62D475EDFF3DF646C340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086088E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                • Instruction ID: 6ac510672483662bf716126ea21b81974c17b63d273b18b2bd4916c489fe4668
                                                                                                                                                                                • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 9AF0C261B2AA0281EF10CB74E84533A6320AF857A2F690335E96D862F0CF2CD448E708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4C060 Relevance: 7.8, APIs: 5, Instructions: 330stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAD4C0F6
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD4C109
                                                                                                                                                                                • strcspn.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAD4C11E
                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFAD4C476
                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFAD4C4C1
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD51E00: memmove.VCRUNTIME140(?,?,?,?,00000000,00007FFDFAD4C2B3), ref: 00007FFDFAD51E5B
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD51E00: memset.VCRUNTIME140(?,?,?,?,00000000,00007FFDFAD4C2B3), ref: 00007FFDFAD51E68
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmovememset
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2282448879-0
                                                                                                                                                                                • Opcode ID: d28faa5fced166c9299aa388f278cf75ad94c45fd113d324ac43c66e3428a990
                                                                                                                                                                                • Instruction ID: a6ec6b7ea7e320096fb40f20b05c8730cb097af3c84bdf3e685e28ef9fb35c42
                                                                                                                                                                                • Opcode Fuzzy Hash: d28faa5fced166c9299aa388f278cf75ad94c45fd113d324ac43c66e3428a990
                                                                                                                                                                                • Instruction Fuzzy Hash: FBE1B126B08A8684FB159FB5C864ABC2771FB58B98F544172CE6D177E8EE3CD54AC300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD59BD0 Relevance: 7.8, APIs: 5, Instructions: 308stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1326169664-0
                                                                                                                                                                                • Opcode ID: ec4cc48c37c29997d01fa5d1c1dc6a5ff4a0a0c7ef1dce9f3c0a52998132af1a
                                                                                                                                                                                • Instruction ID: 64ebbd7136e17d59f544b47bb45f607d3bb19cbd99f45ba8306af340ce6bb72b
                                                                                                                                                                                • Opcode Fuzzy Hash: ec4cc48c37c29997d01fa5d1c1dc6a5ff4a0a0c7ef1dce9f3c0a52998132af1a
                                                                                                                                                                                • Instruction Fuzzy Hash: BDD19F26B08B4589EB14DBA5D860AAC6371FB48B88F504176DE6D17BECEF7CD54AC300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD59750 Relevance: 7.8, APIs: 5, Instructions: 308stringCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturnstrcspn$localeconvmemmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1326169664-0
                                                                                                                                                                                • Opcode ID: 13d6fa83f0245282c2611da4814571dea89d421aca8c35b2d3c8b44ff8fa2f33
                                                                                                                                                                                • Instruction ID: 9d2decf9f5443084bba649515bc4ebe5df40c45f2df4bc8e1397c116263c35a1
                                                                                                                                                                                • Opcode Fuzzy Hash: 13d6fa83f0245282c2611da4814571dea89d421aca8c35b2d3c8b44ff8fa2f33
                                                                                                                                                                                • Instruction Fuzzy Hash: 58D19E26B08B4589FB14DBA5D860AAC6371FB48B88F504176DE6D13BD8EF7CD54AC300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD54CE0 Relevance: 7.7, APIs: 5, Instructions: 181COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: fgetwc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2948136663-0
                                                                                                                                                                                • Opcode ID: 8024d62de45778f37dda273ce67b8bef7e03d71939da324c967933429c58075e
                                                                                                                                                                                • Instruction ID: e599197dc7dc65cf156fe00017c9d2781a3154c78da16e21fbd5f75fe8c3ce9c
                                                                                                                                                                                • Opcode Fuzzy Hash: 8024d62de45778f37dda273ce67b8bef7e03d71939da324c967933429c58075e
                                                                                                                                                                                • Instruction Fuzzy Hash: C9815A76705A41D9EB28CF65C8A07AC33A1FB48B88F555272EB6D43B98EF79D464C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4B840 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4B907
                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4B915
                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4B94E
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4B958
                                                                                                                                                                                • memset.VCRUNTIME140(?,?,?,00000002,?,?,00000000,00007FFDFAD72116), ref: 00007FFDFAD4B966
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD92FDC: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B28), ref: 00007FFDFAD92FF6
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memmovememset$_invalid_parameter_noinfo_noreturnmalloc
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3042321802-0
                                                                                                                                                                                • Opcode ID: a34672c43e5a9c45ea05e3678f575d8f7bf7a4d19db86639b4b95a3047ee2540
                                                                                                                                                                                • Instruction ID: e2f7ec088e599e8a270a626864a41cdcb07f6554927d2f201120117be5b7c2e5
                                                                                                                                                                                • Opcode Fuzzy Hash: a34672c43e5a9c45ea05e3678f575d8f7bf7a4d19db86639b4b95a3047ee2540
                                                                                                                                                                                • Instruction Fuzzy Hash: FE31E521B09A8384EF1C9B56D9247AD6351FB18BD4F584571DE6D0BBDAEE7CE2418300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086187A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                • Instruction ID: f3147b06cbd7a4f40bd509174ba60f693b95e7054d30c20edacd28b0d9bfe8a1
                                                                                                                                                                                • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                • Instruction Fuzzy Hash: 1511BF22E38A0701FE94E535E44137914426F583A4F3E0230FA7E8B6D7CE2CAC41A249
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A87F
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A89E
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8C6
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8D7
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF608609A73,?,?,00000000,00007FF608609D0E,?,?,?,?,?,00007FF6086021EC), ref: 00007FF60860A8E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: 714fb988b5e898d2a084e1b741c2a35938fd9aca3d3316504b5c0b03a870b67b
                                                                                                                                                                                • Instruction ID: 1af60167f90610db72d7ba773c0bccd8abd50119ecf70c4d797866bda9cb47f0
                                                                                                                                                                                • Opcode Fuzzy Hash: 714fb988b5e898d2a084e1b741c2a35938fd9aca3d3316504b5c0b03a870b67b
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C117F20F2C76601FA58D3B5654217B51415F447E1F364774F83DCA6C6DE2CA802AA0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A705
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A724
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A74C
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A75D
                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF608612433,?,?,?,00007FF60860CB8C,?,?,00000000,00007FF608603A5F), ref: 00007FF60860A76E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                • Opcode ID: f1a704ca2c08a5ec4dc1f0a1de38d6e789a7d8f9bfb10d00c609536dc3a7d70f
                                                                                                                                                                                • Instruction ID: c0da317b464d2bf31bd6fb28a4a0259d3e45b92df4241dcbd3210f0d2730a524
                                                                                                                                                                                • Opcode Fuzzy Hash: f1a704ca2c08a5ec4dc1f0a1de38d6e789a7d8f9bfb10d00c609536dc3a7d70f
                                                                                                                                                                                • Instruction Fuzzy Hash: 70115A28E2C31701F998E3B1481607B12924F457B2F368B74FA3ECA2C3DD2CB8016A5D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4A520 Relevance: 7.5, APIs: 5, Instructions: 38fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileHandleLast$CloseCreateInformation
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1345328482-0
                                                                                                                                                                                • Opcode ID: 4d680ff7cd3670aa7e233578b4c6a6f602380551e677764c28abe74b28b337dc
                                                                                                                                                                                • Instruction ID: 8ed01267568f8edb183466205f098065a58e21b5db1c683b51a103b35b49e7eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d680ff7cd3670aa7e233578b4c6a6f602380551e677764c28abe74b28b337dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 2B016971B0475182E7089B16E914A29B6A4FB88BA4F148271CA3943BE8EF78E955C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD44D10 Relevance: 7.5, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD521C0: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,00007FFDFAD44D1E,?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD521CF
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D27
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D3B
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D4F
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D63
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D77
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD45B8B), ref: 00007FFDFAD44D8B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$setlocale
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 294139027-0
                                                                                                                                                                                • Opcode ID: d9b53174238ef9516e7f9886cbb7bdea03f059970fc83e08dc77edec749e51c6
                                                                                                                                                                                • Instruction ID: 6daf6b9e962dec9abb8b65fcc407628edcf7d8d4d4b177e71861bd3e59d17463
                                                                                                                                                                                • Opcode Fuzzy Hash: d9b53174238ef9516e7f9886cbb7bdea03f059970fc83e08dc77edec749e51c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 1911FE62B06A8682EB1DAFA1D8B5B391364EF48F48F181174DD1A0B1CCDF2DD898C390
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD53360 Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __acrt_iob_func$abortfputcfputs
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2697642930-0
                                                                                                                                                                                • Opcode ID: 6dae9aa4a0696dca70c7a6ad5e8fdaa0aaa64da0a77f2b9983e5bbf79be15091
                                                                                                                                                                                • Instruction ID: 737e3722d94a8efc890574c7d1c8c6fb2dc51d92b29ba4aa42240f41dc7be345
                                                                                                                                                                                • Opcode Fuzzy Hash: 6dae9aa4a0696dca70c7a6ad5e8fdaa0aaa64da0a77f2b9983e5bbf79be15091
                                                                                                                                                                                • Instruction Fuzzy Hash: D8E06764B1851686FB8C6BA1EC7DB356225EF4CB95F4400B8C92F477EDFE2CA4484311
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAE23FE0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 302COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519
                                                                                                                                                                                • String ID: "%w" $%Q%s
                                                                                                                                                                                • API String ID: 817585512-1987291987
                                                                                                                                                                                • Opcode ID: 34b341b8b683f84b0b8297d6093d71aedea48ed13c2cb691286469993e36dabb
                                                                                                                                                                                • Instruction ID: 22fddf95f6037504bfdf1ea373693ed6870b06718bd69d56c4f706f3b54f7766
                                                                                                                                                                                • Opcode Fuzzy Hash: 34b341b8b683f84b0b8297d6093d71aedea48ed13c2cb691286469993e36dabb
                                                                                                                                                                                • Instruction Fuzzy Hash: 27C1C062B08A8286EB18EB16A460A7977A0FF95BA0F544275DE7F077D8DF3DE444C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFADDCEE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007A4519
                                                                                                                                                                                • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                • API String ID: 817585512-2815843928
                                                                                                                                                                                • Opcode ID: c450bd14d6afe07da5317de6e979aa680c897b880c55474f631f77e6bb3699a8
                                                                                                                                                                                • Instruction ID: 162c8330414825f49325bf6be846ea2867fc8ee1534d5d85b4327dfe52df54d7
                                                                                                                                                                                • Opcode Fuzzy Hash: c450bd14d6afe07da5317de6e979aa680c897b880c55474f631f77e6bb3699a8
                                                                                                                                                                                • Instruction Fuzzy Hash: B0C13D25B0AA4282EF6D9B61AC70E7937A0FF44B55F0442B5EDAE476D8EF3CE4458340
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                • Instruction ID: cb94b703d2bc715ec516e6f6530ecd5331e872b7f57d67b338c772aad6a48f1d
                                                                                                                                                                                • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D818F32E2C20285E778CE35815127A36A0AB51B98F778031FA49D72D6DF2DE901AB4D
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAC21FD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909503557.00007FFDFAC21000.00000040.00000001.01000000.0000001D.sdmp, Offset: 00007FFDFAC20000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909483553.00007FFDFAC20000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAC82000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACCE000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD1000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFACD6000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD30000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD33000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD35000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909503557.00007FFDFAD38000.00000040.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909825323.00007FFDFAD39000.00000080.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909852280.00007FFDFAD3B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfac20000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007B6570
                                                                                                                                                                                • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                • API String ID: 4069847057-87138338
                                                                                                                                                                                • Opcode ID: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                                                                                                                                                • Instruction ID: 1cbeec3c1a0cb9a6c990d2ca75ef3563fb93f07d817348c62d7b221b5fedff68
                                                                                                                                                                                • Opcode Fuzzy Hash: 8de3eb989cf6c62dcbce841305c01691443b1373284778389dc9e239678f53b6
                                                                                                                                                                                • Instruction Fuzzy Hash: 15612736B1864246E7688B19A820EBEB2D2FB84790F484271EE7D477CCDF7CD9018700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FE108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                • Instruction ID: f96cfa5542c7ab2cb09c6ab161a7c261645280fbf61227015baaa3a7486acd26
                                                                                                                                                                                • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D616A32A08B458AEB61CF75D4817AD77A0FB54B88F244225EF4D97BAADF38E045C704
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FE464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                • Instruction ID: 1d4b9b9da787d5bbe2905728735de5ca3478a877f65e2cbc23bd005360657ece
                                                                                                                                                                                • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8451A37294824586EBB5CF35A54526C77A0FB64B88F644135EA8C8BBE6CF3CF450CB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD42560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Exception$RaiseThrowabort
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 3758033050-1018135373
                                                                                                                                                                                • Opcode ID: e7fabd4346b1e64d55c72065e618bc8faf1c6564e6b944bf70bcc6bb9b63eb6b
                                                                                                                                                                                • Instruction ID: 60dfb457fa01e76b922cb51f52dd1498e151536a74b20cda6aa620ef7808f0a0
                                                                                                                                                                                • Opcode Fuzzy Hash: e7fabd4346b1e64d55c72065e618bc8faf1c6564e6b944bf70bcc6bb9b63eb6b
                                                                                                                                                                                • Instruction Fuzzy Hash: FB515322A04BCA86EB15CF28C8506A83360FB58B5CF159365DE6D0779AEF39E6D5C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4FA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD4F9E4
                                                                                                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD4F9F6
                                                                                                                                                                                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FFDFAD4FA7B
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E52
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E78
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: memmove.VCRUNTIME140(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E90
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: setlocale$freemallocmemmove
                                                                                                                                                                                • String ID: bad locale name
                                                                                                                                                                                • API String ID: 4085402405-1405518554
                                                                                                                                                                                • Opcode ID: b9fb1b2b384e094a7a1cf6c87c978b46cc3d2af529a4ddd526232f4b352977f3
                                                                                                                                                                                • Instruction ID: 1118ea6eec4dbc2b79968e05e07aaa707f2a9d5beeea986847d97e1cbfaaefea
                                                                                                                                                                                • Opcode Fuzzy Hash: b9fb1b2b384e094a7a1cf6c87c978b46cc3d2af529a4ddd526232f4b352977f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C31C422F0C68351FB5D8B15A86057D66A1EB48FC4F5880B6DE6E477EDFE2CE6818300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD63F84 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,00000001,00007FFDFAD5A7BC), ref: 00007FFDFAD63FC5
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B803
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B81F
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD570B8: _Maklocstr.LIBCPMT ref: 00007FFDFAD570E8
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD570B8: _Maklocstr.LIBCPMT ref: 00007FFDFAD57107
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD570B8: _Maklocstr.LIBCPMT ref: 00007FFDFAD57126
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Maklocstr$___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                                                                                                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                • API String ID: 2504686060-3573081731
                                                                                                                                                                                • Opcode ID: fbf565a7ee7c714ec0e505af53c0ecf9dbe7a8914356a3e531b312c7d277f12c
                                                                                                                                                                                • Instruction ID: 646da2864455106d055cec2d946499bf6bf1271a6bd659081ca18c235c1bb723
                                                                                                                                                                                • Opcode Fuzzy Hash: fbf565a7ee7c714ec0e505af53c0ecf9dbe7a8914356a3e531b312c7d277f12c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A41F672B08B9197E728CF25DAA096D7BA0FB457807044175DB5943F95EF38F562C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD74D60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,?,00000001,00007FFDFAD73098), ref: 00007FFDFAD74DA1
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B803
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD4B7D8: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD72116,?,?,?,?,?,?,?,?,00000000,00007FFDFAD7325E), ref: 00007FFDFAD4B81F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funccalloclocaleconvmemmove
                                                                                                                                                                                • String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
                                                                                                                                                                                • API String ID: 462457024-3573081731
                                                                                                                                                                                • Opcode ID: 49bc5318e1f3a8f6be7dd4491bfc21bf47561fda6cce90a3e4e526edf31740d2
                                                                                                                                                                                • Instruction ID: 5c9858594132707b5544a35e040c5979fd700346ce96e3bda16c8471dde45bd0
                                                                                                                                                                                • Opcode Fuzzy Hash: 49bc5318e1f3a8f6be7dd4491bfc21bf47561fda6cce90a3e4e526edf31740d2
                                                                                                                                                                                • Instruction Fuzzy Hash: CC414872B08B8187E72ECF25E9A096D77A0FB487907404231DB9943E49EF38F562C700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F24D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                • API String ID: 1878133881-2410924014
                                                                                                                                                                                • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                • Instruction ID: 2438f950cc6f269f272cc3a8e55fb866cd286d7ffaa5ece66e547fbba816fa31
                                                                                                                                                                                • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                • Instruction Fuzzy Hash: 27319772628AC181EA71DB60E4517DA6355FF947C8F504035F68D8769ADF3CD305CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4A400 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileFindNext$wcscpy_s
                                                                                                                                                                                • String ID: .
                                                                                                                                                                                • API String ID: 544952861-248832578
                                                                                                                                                                                • Opcode ID: b3c7f063e8d3bb3ae5ddcfc29c0190e49225e811541d9665e0c20d67fae3ec65
                                                                                                                                                                                • Instruction ID: 3b1fe867b6b72e9c8349bdf43fa4bfd3fcf76d7c0d3fde30c0256d900ca1895b
                                                                                                                                                                                • Opcode Fuzzy Hash: b3c7f063e8d3bb3ae5ddcfc29c0190e49225e811541d9665e0c20d67fae3ec65
                                                                                                                                                                                • Instruction Fuzzy Hash: C321A466B1C68281EB789F11EC287797360EB48754F944171DEAC436D8EF7CD5458700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD46BD0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionThrow$std::ios_base::failure::failure
                                                                                                                                                                                • String ID: ios_base::badbit set
                                                                                                                                                                                • API String ID: 1099746521-3882152299
                                                                                                                                                                                • Opcode ID: 1a2eb47d4bc6632a89ff0121fabd62f1e79416e25e8c5d3c6765e885a31e6e9c
                                                                                                                                                                                • Instruction ID: 2b446fc8777e6f40af4748d3bcb38d0ca2b6dd9258a031aed8b6a9440b18bfa7
                                                                                                                                                                                • Opcode Fuzzy Hash: 1a2eb47d4bc6632a89ff0121fabd62f1e79416e25e8c5d3c6765e885a31e6e9c
                                                                                                                                                                                • Instruction Fuzzy Hash: D201D452B2C50741FB1C8621DC61EB96612EF80744F1881B5D92E079EDFE3DE7068240
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F3BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF6085F3699), ref: 00007FF6085F3BD1
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6085F7744,?,?,?,?,?,?,?,?,?,?,?,00007FF6085F101D), ref: 00007FF6085F2654
                                                                                                                                                                                  • Part of subcall function 00007FF6085F2620: MessageBoxW.USER32 ref: 00007FF6085F272C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                • API String ID: 2581892565-1977442011
                                                                                                                                                                                • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                • Instruction ID: 96fa6e3ddbde9e75ef82459ab33de85b5d9a57707f1bbdfc28939543a14c6cb8
                                                                                                                                                                                • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D01A761B6D65281FEA3EB30E8153F91251AF6C7C5F640031E84EC7797EE5CE144A708
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                • Instruction ID: 0f1c2a733a027d6e7c8ac84b328e5b5ca9d1ce5e3b4418726f26f35a6c69ee6d
                                                                                                                                                                                • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                • Instruction Fuzzy Hash: 39D1F332B28A8489E711CF75D4402AD37B1FB447E8B258235EE4ED7B99DE38D406DB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60860C41B), ref: 00007FF60860C54C
                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF60860C41B), ref: 00007FF60860C5D7
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                • Instruction ID: 3914baa74c10dc08d709bf65e875702cd1bd0a3e9c0868e828842897382383db
                                                                                                                                                                                • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 6791F322E3865185F761CF7594406BE2BA0BB04B88F355239FE4EA7695DF38D441EB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                • Instruction ID: 021703318ca67b9b8c7368ab405e324aeb9c9e0f781d2a52e9a4c8c3cfec4428
                                                                                                                                                                                • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                • Instruction Fuzzy Hash: FC514972F286214AFB14CF7489416BD27A1BB44358F264A35FD1E93AE5DF3DA402DB08
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6086047D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                • Instruction ID: c35280864762ee46ff33d0023dad2c217709d8527f87b6b3d340dc8f3f51075a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                • Instruction Fuzzy Hash: AC518322E296418AFB24DFB1D4403BE33A1AB4875CF264535EF0D9B699DF38D441AB0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD575B4 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000000,00000000,0000003F,00000000,00000048,00007FFDFAD570ED,00000000,00000000,00000000,00000000), ref: 00007FFDFAD57693
                                                                                                                                                                                • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,?,00000000,00000000,0000003F,00000000,00000048,00007FFDFAD570ED,00000000,00000000,00000000,00000000), ref: 00007FFDFAD576E7
                                                                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00000000,?,?,00000000,00000000,0000003F,00000000,00000048,00007FFDFAD570ED,00000000,00000000,00000000,00000000), ref: 00007FFDFAD576F1
                                                                                                                                                                                • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFAD57735
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2016347663-0
                                                                                                                                                                                • Opcode ID: a4f680d4abd537623d09896a0b25d17b168eef8b4cc1c6c3003997c7f15ef749
                                                                                                                                                                                • Instruction ID: a70c3ee38360429b229a144f5b26c0a5cba5f389f47ec82abd226450e4964000
                                                                                                                                                                                • Opcode Fuzzy Hash: a4f680d4abd537623d09896a0b25d17b168eef8b4cc1c6c3003997c7f15ef749
                                                                                                                                                                                • Instruction Fuzzy Hash: EE41F361B08A5699EF1C9B16A924A796265EF04BE4F640A71DE3D07BDCFE7CE042C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD49B84 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2016347663-0
                                                                                                                                                                                • Opcode ID: 83435a804a0af93378add0b170c2e3325d553a28fe2fc9f262e706ca325ea8e4
                                                                                                                                                                                • Instruction ID: 3e690296a7938b22ff02d5d0c4e3f519c0d4afd1bfc32b9d3952f1fa8d8f7f0e
                                                                                                                                                                                • Opcode Fuzzy Hash: 83435a804a0af93378add0b170c2e3325d553a28fe2fc9f262e706ca325ea8e4
                                                                                                                                                                                • Instruction Fuzzy Hash: 3741246570864681EF08DB139964A6D63A5EB04BE8F104631CE3D07BE8FF7CE1418304
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD70598 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Xp_movx$Xp_setw_errnoldexpmemmove
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2295688418-0
                                                                                                                                                                                • Opcode ID: f42201ba2697dc46b49a15273b98f49182dd3721aa0ce2fe3b2f9e841a1816bd
                                                                                                                                                                                • Instruction ID: 0193327cc68134d8060cc825b2b92d3db68b8a21f2cc2422f92994bcbfcfe17a
                                                                                                                                                                                • Opcode Fuzzy Hash: f42201ba2697dc46b49a15273b98f49182dd3721aa0ce2fe3b2f9e841a1816bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 1741CF22B08A4687E31C9B15A871EBE6260EF88744F544271EA7D936E9FF2CE5078640
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD431A0 Relevance: 6.1, APIs: 4, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcislower
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2234106055-0
                                                                                                                                                                                • Opcode ID: bd4d54ee2cb32b8aab1dda3dd15cdb1f879b6dbb6498fae55f002d7f0ed5aee9
                                                                                                                                                                                • Instruction ID: d1f3e761cd4612b49bef51187383069721adb9ad42d55e38d52f575005030da6
                                                                                                                                                                                • Opcode Fuzzy Hash: bd4d54ee2cb32b8aab1dda3dd15cdb1f879b6dbb6498fae55f002d7f0ed5aee9
                                                                                                                                                                                • Instruction Fuzzy Hash: D131F722B0C78282F7198B19ACA077D7A51FB84B84F184075DEA9077DDEE3CE645C710
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD43060 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func__pctype_funcisupper
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3857474680-0
                                                                                                                                                                                • Opcode ID: 31341c011f4ac4a5af98e4b2ff05584430ce6e17b696820575cb5659dc8b3ccf
                                                                                                                                                                                • Instruction ID: 63466fe7637e8253eb850290f3ee1dab0def34f36e1fe4e1c82ab4ce9550025c
                                                                                                                                                                                • Opcode Fuzzy Hash: 31341c011f4ac4a5af98e4b2ff05584430ce6e17b696820575cb5659dc8b3ccf
                                                                                                                                                                                • Instruction Fuzzy Hash: D631D362B0C68282F7198F19EC6077D6A61EB94B91F1840B5DEA9077DCEE2CE585C710
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7BA40 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,00000000,?,?,?,00007FFDFAD6F0F4), ref: 00007FFDFAD7BA87
                                                                                                                                                                                • memmove.VCRUNTIME140(?,00000000,?,?,?,00007FFDFAD6F0F4), ref: 00007FFDFAD7BAAB
                                                                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFDFAD6F0F4), ref: 00007FFDFAD7BAB8
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,?,?,00007FFDFAD6F0F4), ref: 00007FFDFAD7BB2B
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD42E70: wcsnlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAD42E9A
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD42E70: LCMapStringEx.KERNEL32 ref: 00007FFDFAD42EDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: String___lc_locale_name_funcfreemallocmemmovewcsnlen
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1076354707-0
                                                                                                                                                                                • Opcode ID: 4eef13ce656600576da0b5943062db3a97a90acf4c8f41165ecfb880a35657e4
                                                                                                                                                                                • Instruction ID: 7f19867c51d1aa3c7fc68c1b39301cef2c084d27dec3b265c53241c558047bb0
                                                                                                                                                                                • Opcode Fuzzy Hash: 4eef13ce656600576da0b5943062db3a97a90acf4c8f41165ecfb880a35657e4
                                                                                                                                                                                • Instruction Fuzzy Hash: 0021F731B09A9285DB289F12FC2496A6B94FB44BE4F584270DE7A177DCEF3CD5028300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4AB00 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _wfsopen$fclosefseek
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1261181034-0
                                                                                                                                                                                • Opcode ID: 9fbb56059a8cf39eeceeb869bda147edfaa2fb55e9a3f404e87da8b36b3319a9
                                                                                                                                                                                • Instruction ID: f1aad24cb7f68f5a2715727da05febb070b07cfedb50615eee8eae8850066037
                                                                                                                                                                                • Opcode Fuzzy Hash: 9fbb56059a8cf39eeceeb869bda147edfaa2fb55e9a3f404e87da8b36b3319a9
                                                                                                                                                                                • Instruction Fuzzy Hash: 68218221B24A0381FB6C8B069D64E396652EF88BC4F9850B5DD5E53BE8EE3CE5408740
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4A9F0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _fsopen$fclosefseek
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 410343947-0
                                                                                                                                                                                • Opcode ID: f3b2da265f6823dabb4f0f5bee94527548303d989f234a53424d4043544f7b9a
                                                                                                                                                                                • Instruction ID: 4dbe1c45410c2a212498c97a4e10dbfbf963c26985350aa47d6ca9a553f18cba
                                                                                                                                                                                • Opcode Fuzzy Hash: f3b2da265f6823dabb4f0f5bee94527548303d989f234a53424d4043544f7b9a
                                                                                                                                                                                • Instruction Fuzzy Hash: 50219561B2874385FF6C8B069D61A356695EF84BC4F995075CE5E037E8EE3DE6018700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7B0E0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFAD7605B), ref: 00007FFDFAD7B114
                                                                                                                                                                                • ___lc_collate_cp_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFAD7605B), ref: 00007FFDFAD7B11E
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD42740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAD42786
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD42740: __strncnt.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAD427AB
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD42740: GetCPInfo.KERNEL32 ref: 00007FFDFAD427EB
                                                                                                                                                                                • memcmp.VCRUNTIME140(?,?,?,?,?,?,00000000,00007FFDFAD7605B), ref: 00007FFDFAD7B141
                                                                                                                                                                                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFAD7605B), ref: 00007FFDFAD7B17F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __strncnt$Info___lc_collate_cp_func___lc_locale_name_func_errnomemcmp
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3421985146-0
                                                                                                                                                                                • Opcode ID: 41983362d481a06880c2136cdaabcde92372fa19e9aeb7d34caeba7703cdc65b
                                                                                                                                                                                • Instruction ID: 5deb75964db5d64dae8f3963c1b0d0bb2bc0a43da39fb7f946f5d0c83b74c6c5
                                                                                                                                                                                • Opcode Fuzzy Hash: 41983362d481a06880c2136cdaabcde92372fa19e9aeb7d34caeba7703cdc65b
                                                                                                                                                                                • Instruction Fuzzy Hash: B3219231B0878286EB188F26EC6052DB6A4FB88FD4B154175DE6E577D8EF3CE4028700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD7BB60 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                • ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                • __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_func
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3203701943-0
                                                                                                                                                                                • Opcode ID: d8b021439d1bbc2142126bd8fb8d9fe56255905987ef22bcf73df81230b09c99
                                                                                                                                                                                • Instruction ID: 824410422886a973f97d89f47c978cafba27366f51353189a2a6e9bc95392dd9
                                                                                                                                                                                • Opcode Fuzzy Hash: d8b021439d1bbc2142126bd8fb8d9fe56255905987ef22bcf73df81230b09c99
                                                                                                                                                                                • Instruction Fuzzy Hash: B80108B2F1979186EB098F7AD814528B7A0FB5CF88B148235D95A87358EB3CD0C28700
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD424C8 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: malloc
                                                                                                                                                                                • String ID: MOC$RCC$csm
                                                                                                                                                                                • API String ID: 2803490479-2671469338
                                                                                                                                                                                • Opcode ID: a93dbf77ea59779e48735b009c2b505a90fda2669e0daa640808de4349d1822d
                                                                                                                                                                                • Instruction ID: c6f4f721775d728e9baaf11868ecf920938522ce69a17b3db12773f4e30268e1
                                                                                                                                                                                • Opcode Fuzzy Hash: a93dbf77ea59779e48735b009c2b505a90fda2669e0daa640808de4349d1822d
                                                                                                                                                                                • Instruction Fuzzy Hash: 98017561F0810386EB6D5E119974B7C62A1EF58BC4F185075DE29076DDEE2DEA41C702
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAE05A60 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2910454127.00007FFDFADD1000.00000040.00000001.01000000.00000019.sdmp, Offset: 00007FFDFADD0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2910412222.00007FFDFADD0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF22000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF24000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910454127.00007FFDFAF39000.00000040.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910766045.00007FFDFAF3B000.00000080.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910789480.00007FFDFAF3D000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfadd0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: 00007B5630
                                                                                                                                                                                • String ID: ValueList$p
                                                                                                                                                                                • API String ID: 2248877218-635946892
                                                                                                                                                                                • Opcode ID: 82d11f0a0e6250d0e7fb2806597b1280b8c3a707dada6ce4eafb8b8bae51bfca
                                                                                                                                                                                • Instruction ID: 8c74f1f3056ea091a2ddac8c1c23b2b66818b4018e401cbbd82252b4fa3badb8
                                                                                                                                                                                • Opcode Fuzzy Hash: 82d11f0a0e6250d0e7fb2806597b1280b8c3a707dada6ce4eafb8b8bae51bfca
                                                                                                                                                                                • Instruction Fuzzy Hash: C861F422B0C7D286E768EB2194A057D6395FB44780F09C075DB9E476C9EF3EE851C710
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD79A10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: rand_s
                                                                                                                                                                                • String ID: invalid random_device value
                                                                                                                                                                                • API String ID: 863162693-3926945683
                                                                                                                                                                                • Opcode ID: fe05537389b13c31f9402fc53f2bfa5623d1cdb10657474e63d13a94997ea114
                                                                                                                                                                                • Instruction ID: 02966e9f25df5875aae8e4f33a68d9c90c8c175ccbbcf58700de61226b079904
                                                                                                                                                                                • Opcode Fuzzy Hash: fe05537389b13c31f9402fc53f2bfa5623d1cdb10657474e63d13a94997ea114
                                                                                                                                                                                • Instruction Fuzzy Hash: B451E717E18E4685E38F9F345CB19796364FF59388F104BB2E52E275E9EF28E4938200
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608614D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                • Opcode ID: 7d1468d983a0377bfbbd5157d0823bb38b6e4a7948ecc5ba55eaa6298aee1de3
                                                                                                                                                                                • Instruction ID: 7ad7a3143a60a1d540b6448ecb87e07c8211127a1eb67dd7da2667f6bf01cdd4
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d1468d983a0377bfbbd5157d0823bb38b6e4a7948ecc5ba55eaa6298aee1de3
                                                                                                                                                                                • Instruction Fuzzy Hash: 85410812A2828245FF60DB35E40137A6691EF80BA4F394235FF5C87ADADE3CD4919B0C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF608607E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF608607E9E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: HeapFree.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E2E
                                                                                                                                                                                  • Part of subcall function 00007FF608609E18: GetLastError.KERNEL32(?,?,?,00007FF608611E42,?,?,?,00007FF608611E7F,?,?,00000000,00007FF608612345,?,?,?,00007FF608612277), ref: 00007FF608609E38
                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6085FB105), ref: 00007FF608607EBC
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: C:\Users\user\Desktop\AutoDox_Scraper.exe
                                                                                                                                                                                • API String ID: 3580290477-3233492432
                                                                                                                                                                                • Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                • Instruction ID: ccfa881b535f2731d784bf0d66dfe9569ccfbbac39662fe7cbd924d57209578e
                                                                                                                                                                                • Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 03419132A28B4685EB14DF31A4400BE67A5EF447C4B664035FE0E83B86DF3DE891974C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                • String ID: U
                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                • Instruction ID: a6757f47645881f70e795b1467bc1ca287cbccba3e142576b0c03642e267f2ff
                                                                                                                                                                                • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                • Instruction Fuzzy Hash: 6441B422628A4186DB20CF75E8443AA7761FB98794F514131EE4DC7B94DF3CD445DB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD53480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextExceptionObjectThrow
                                                                                                                                                                                • String ID: Context callback failed.
                                                                                                                                                                                • API String ID: 1677907432-1244723342
                                                                                                                                                                                • Opcode ID: 6f768f49b781a27ae6d16747ae24e5d17b92cf190de6af7e5340ebec6d2b36c8
                                                                                                                                                                                • Instruction ID: 73e2aa8d0f89584d9776dabddeca5b5101313f09a8d42d55fff96765d7bfffd4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6f768f49b781a27ae6d16747ae24e5d17b92cf190de6af7e5340ebec6d2b36c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 11319E62B29A0A85EF289B14ECB4B792360FF48B88F501075D66D476F8EF7DD484C300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                • String ID: :
                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                • Opcode ID: 8c7cbe61d742232bc3d3fc415a40953c8e653d5e74cbdf773f53cd6d2792877c
                                                                                                                                                                                • Instruction ID: bb0e5a7cbb6c7add6652c9456226e519b1411f4b0fc760a064e11e08efcbef33
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c7cbe61d742232bc3d3fc415a40953c8e653d5e74cbdf773f53cd6d2792877c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F2106B2B2865181EB22CB31D04426E73B2FB88B44F664835E68C83285DF7ED9449B48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD4F2A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FFDFAD4C714), ref: 00007FFDFAD4F2C4
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_codepage_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB80
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB88
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: ___lc_locale_name_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BB91
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD7BB60: __pctype_func.API-MS-WIN-CRT-LOCALE-L1-1-0(?,?,?,00007FFDFAD460C3), ref: 00007FFDFAD7BBAD
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___lc_codepage_func___lc_locale_name_func___mb_cur_max_func__pctype_funclocaleconv
                                                                                                                                                                                • String ID: false$true
                                                                                                                                                                                • API String ID: 2502581279-2658103896
                                                                                                                                                                                • Opcode ID: 301857bc30490da287a4489088ad883958648a15a05d8d4515a5e11c852f87d0
                                                                                                                                                                                • Instruction ID: 272ad41ae57cdeed3e44f4ae4c984cdb1a23608623ddb64ff6767e6206a5f3a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 301857bc30490da287a4489088ad883958648a15a05d8d4515a5e11c852f87d0
                                                                                                                                                                                • Instruction Fuzzy Hash: EF21B426608B8681E718DF21E8603AD37A0FB9CB98F840172DA9C0779DEF3CD655C780
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: Fatal error detected
                                                                                                                                                                                • API String ID: 1878133881-4025702859
                                                                                                                                                                                • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                • Instruction ID: e907d6e4e71ac068530e4f9203b825cd4973e73ce9a45a1fa041fcbc52fc7d69
                                                                                                                                                                                • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                • Instruction Fuzzy Hash: DA21B672738B8181EB61DB60F4517EA6354FB94788F904035EA8D87A96DF3CD205CB44
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085F2880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                • String ID: Error detected
                                                                                                                                                                                • API String ID: 1878133881-3513342764
                                                                                                                                                                                • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                • Instruction ID: 87e9a2091f9a17bee63e005eec87aa377b98974e781b392ae51ad3ed6ad26a7d
                                                                                                                                                                                • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21B672738A8281EB61DB60F4517EA6355FB94788F904035EA8D87A96DF3CD205CB48
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF6085FEFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                • Instruction ID: fb69902e57dcfb1d1fb3770614fac66a3a565fe27e967eeb5bef6d440b766cdd
                                                                                                                                                                                • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                • Instruction Fuzzy Hash: 46114C32618B8182EB62CF25F44026977A4FB98B94F284231EE8D47B69DF3DD551CB04
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FF60860F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2908963506.00007FF6085F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6085F0000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2908943901.00007FF6085F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2908991239.00007FF60861A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60862D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF608630000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909016680.00007FF60863C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2909075372.00007FF60863E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6085f0000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                • String ID: :
                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                • Instruction ID: b04e9a7423d479e95e4f531977e31b9cf776ea3c5bcad26e3c305914e60317b7
                                                                                                                                                                                • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F018F6192860286FB71EF70946227F23A0EF54708FA61035F64EC66D2DE2CE544EE1C
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD462F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAD462FD
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E52
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E78
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: memmove.VCRUNTIME140(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E90
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDFAD4631A
                                                                                                                                                                                Strings
                                                                                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFDFAD46325
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                • API String ID: 2126063425-3283725177
                                                                                                                                                                                • Opcode ID: 19172b7f1d8fd86e53b4c92c42e853e2f500bec4de106acdfd1e0df3deaa353d
                                                                                                                                                                                • Instruction ID: e41da3a6eb690e88be5d44f272c45738677fac7ff6ef3067652a07ec1cce1191
                                                                                                                                                                                • Opcode Fuzzy Hash: 19172b7f1d8fd86e53b4c92c42e853e2f500bec4de106acdfd1e0df3deaa353d
                                                                                                                                                                                • Instruction Fuzzy Hash: D4E0652171468281DB049F11F8547696360EF08BC8F484075DA2D0B39CEF3CD884C350
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD46A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _W_Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAD46A7D
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44ED9
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F08
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F1F
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDFAD46A9A
                                                                                                                                                                                Strings
                                                                                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece, xrefs: 00007FFDFAD46AA5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:Dece
                                                                                                                                                                                • API String ID: 794196016-2030377133
                                                                                                                                                                                • Opcode ID: 2fb82b146274993728365f3c32d4edda65052d150b6c3cd5ee71d8d9acc3ded8
                                                                                                                                                                                • Instruction ID: 615c11e8e31e32135e346e2449001709267dc71258852e157fdac86ce46473c9
                                                                                                                                                                                • Opcode Fuzzy Hash: 2fb82b146274993728365f3c32d4edda65052d150b6c3cd5ee71d8d9acc3ded8
                                                                                                                                                                                • Instruction Fuzzy Hash: CFE06D21709B8282EB489B11E8947692364EF48BC8F485075EA2E0739DEF3CD9C4C380
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD46360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _Getmonths.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAD4636D
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E52
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E78
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44E30: memmove.VCRUNTIME140(?,?,?,00007FFDFAD52184,?,?,?,00007FFDFAD444CB,?,?,?,00007FFDFAD45B61), ref: 00007FFDFAD44E90
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDFAD4638A
                                                                                                                                                                                Strings
                                                                                                                                                                                • :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FFDFAD46395
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$Getmonthsmallocmemmove
                                                                                                                                                                                • String ID: :Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December
                                                                                                                                                                                • API String ID: 794196016-4232081075
                                                                                                                                                                                • Opcode ID: 7eff2af2b4b7094245c05c3c555f6c30dbb7206c7b40d35b22180ae4397d571a
                                                                                                                                                                                • Instruction ID: 5e85d65456c2a4a052eecf8b6d52233876154dfe38881a627bab7a82b4f27a00
                                                                                                                                                                                • Opcode Fuzzy Hash: 7eff2af2b4b7094245c05c3c555f6c30dbb7206c7b40d35b22180ae4397d571a
                                                                                                                                                                                • Instruction Fuzzy Hash: DBE06D21B08A8281EB089F11F9A57692361EF08BC8F480074EA2E073DCEF3CD994C780
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD46A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • _W_Getdays.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAD46A2D
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44ED9
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F08
                                                                                                                                                                                  • Part of subcall function 00007FFDFAD44EB0: memmove.VCRUNTIME140(?,?,00000000,00007FFDFAD573DD,?,?,?,?,?,?,?,?,?,00007FFDFAD5B0AE), ref: 00007FFDFAD44F1F
                                                                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDFAD46A4A
                                                                                                                                                                                Strings
                                                                                                                                                                                • :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FFDFAD46A55
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free$Getdaysmallocmemmove
                                                                                                                                                                                • String ID: :Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
                                                                                                                                                                                • API String ID: 2126063425-3283725177
                                                                                                                                                                                • Opcode ID: 84740fbe6f333d340ea024f22d9ced2beb60f11fe24069681220285f231de6c7
                                                                                                                                                                                • Instruction ID: 6a657d84995c5615acacbd45435470f0f3edc1f28d048a37e79d432ca23579ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 84740fbe6f333d340ea024f22d9ced2beb60f11fe24069681220285f231de6c7
                                                                                                                                                                                • Instruction Fuzzy Hash: 8CE03962708A4281EB189B11E89476923B0EF08BD8F545071EA2E07398EF3CD984C780
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD72BD0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: 6cbbf61d4f498339fdb8b5d7e1bd687042271b7b5d1cbcf84079456293c3a47d
                                                                                                                                                                                • Instruction ID: db7fb020f75af8affba237475467018d4760d57a641e805890b4cc5e02c50578
                                                                                                                                                                                • Opcode Fuzzy Hash: 6cbbf61d4f498339fdb8b5d7e1bd687042271b7b5d1cbcf84079456293c3a47d
                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0F432719B8192E7489B56EDA46782374FB8CBC4F145071EE6D43BA8EF3DE4658300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD59530 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: 0f4639281627e33a71996215544cb37a5b4a4b28b060cb3f80e636c0a37fe16d
                                                                                                                                                                                • Instruction ID: 9ef3231db70f7ba7d8eba77257045f0a260ed13a91390e175b059f2d9279e9d1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f4639281627e33a71996215544cb37a5b4a4b28b060cb3f80e636c0a37fe16d
                                                                                                                                                                                • Instruction Fuzzy Hash: 36F03132719A8192DB089B55ED646682334FB8CBC4F544071EE6D03BB8EF3DE4658300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD594C0 Relevance: 5.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: a288eaffa6a6565682472ea8c97331cf4f3970678be11ff7500168c3b594bcaf
                                                                                                                                                                                • Instruction ID: 00f7c5b6998109ff0512a75e530b1542077a7717b1c19bb103ecf17ee26d7eb1
                                                                                                                                                                                • Opcode Fuzzy Hash: a288eaffa6a6565682472ea8c97331cf4f3970678be11ff7500168c3b594bcaf
                                                                                                                                                                                • Instruction Fuzzy Hash: 52F03136719A8192DB089B56ED646683334FB8CB88F444070EE6D03BA8EF3DE4658300
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                Function 00007FFDFAD592B8 Relevance: 5.0, APIs: 4, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000001.00000002.2909991264.00007FFDFAD41000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFAD40000, based on PE: true
                                                                                                                                                                                • Associated: 00000001.00000002.2909946771.00007FFDFAD40000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910067713.00007FFDFAD96000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910200263.00007FFDFADC4000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                • Associated: 00000001.00000002.2910305836.00007FFDFADC8000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ffdfad40000_AutoDox_Scraper.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: free
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                                • Opcode ID: d8673d133505d90a48a4d09f9873bff407f04bd8d6ad9e64181c724ef3223973
                                                                                                                                                                                • Instruction ID: 8e690e5b80899195da14c4e94224fa39271e1bd91f4879d80499353a2cb69033
                                                                                                                                                                                • Opcode Fuzzy Hash: d8673d133505d90a48a4d09f9873bff407f04bd8d6ad9e64181c724ef3223973
                                                                                                                                                                                • Instruction Fuzzy Hash: 83E02F66B1598192EB18AF61DCA45382334FF9CF89B1C2071EE2E472A8DF2DD459C304
                                                                                                                                                                                Uniqueness

                                                                                                                                                                                Uniqueness Score: -1.00%