Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rQTI6IKszT.exe

Overview

General Information

Sample name:rQTI6IKszT.exe
renamed because original name is a hash value
Original sample name:fa8cf7b851ce2ea62a493d23bfa6bb340cd0f980b51d7ca694c90b4e276e1b64.exe
Analysis ID:1487186
MD5:daa45a56bb222aee14337b90549880e3
SHA1:9926047a67befc5935a68b58cef0a162d1679db9
SHA256:fa8cf7b851ce2ea62a493d23bfa6bb340cd0f980b51d7ca694c90b4e276e1b64
Tags:exef005-backblazeb2-com
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • rQTI6IKszT.exe (PID: 6696 cmdline: "C:\Users\user\Desktop\rQTI6IKszT.exe" MD5: DAA45A56BB222AEE14337B90549880E3)
    • conhost.exe (PID: 6744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rQTI6IKszT.exe (PID: 7052 cmdline: "C:\Users\user\Desktop\rQTI6IKszT.exe" MD5: DAA45A56BB222AEE14337B90549880E3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: rQTI6IKszT.exeVirustotal: Detection: 20%Perma Link
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF25CB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF25CB40
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDFF241D8E
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B1F70 CRYPTO_memcmp,2_2_00007FFDFF2B1F70
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFF241EDD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24DFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFDFF24DFB2
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF274000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF274000
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFDFF24103C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28E040 CRYPTO_free,2_2_00007FFDFF28E040
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2424E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFF2424E6
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF245E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFDFF245E80
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF261E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFDFF261E60
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF25BEC0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF25BEC0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24DEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF24DEC0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF243EB0 CRYPTO_free,2_2_00007FFDFF243EB0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B9F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF2B9F10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF242027 CRYPTO_free,2_2_00007FFDFF242027
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFF241AC3
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF24236F
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF255D80 CRYPTO_THREAD_run_once,2_2_00007FFDFF255D80
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2415E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF2415E6
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF241CE9
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2416A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF2416A4
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2419DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFF2419DD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDFF241F37
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF297CD0 CRYPTO_memcmp,2_2_00007FFDFF297CD0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFF241F50
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF265CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF265CF0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF241CBC
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A3D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDFF2A3D30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2ABB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2ABB70
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF28DB60
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDFF24222A
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFDFF24150F
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFDFF241CEE
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2423E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF2423E7
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFF24267B
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF245C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFDFF245C53
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFF241361
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2423EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2423EC
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2413D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFDFF2413D9
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFF241C53
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF255B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFF255B10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A5B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFF2A5B10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28DAF0 CRYPTO_free,2_2_00007FFDFF28DAF0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF265AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF265AE0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF253B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFF253B30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24107D CRYPTO_free,2_2_00007FFDFF24107D
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF257980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFDFF257980
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDFF24204A
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF255A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDFF255A10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDFF241A16
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2659F0 CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2659F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF297A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF297A40
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24271B CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFF24271B
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF265870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF265870
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFDFF24586A
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF242590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFF242590
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFDFF241B18
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A38A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFDFF2A38A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF241B31
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF29F8F0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFF29F8F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF241D84
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDFF241582
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B9790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFDFF2B9790
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFF24108C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF297770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF297770
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2597B0 CRYPTO_free,CRYPTO_strdup,2_2_00007FFDFF2597B0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24F7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFDFF24F7F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A9850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF2A9850
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFDFF241846
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2419E7 CRYPTO_free,2_2_00007FFDFF2419E7
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2411DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDFF2411DB
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFDFF24162C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B7820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2B7820
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF242522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF242522
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF29F660 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF29F660
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFDFF24176C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF26D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDFF26D750
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFDFF241087
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF257730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFF257730
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2425D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFDFF2425D6
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2835E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2835E0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFDFF241646
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF28F490
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF273460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF273460
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF241023
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF24193D
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2412CB CRYPTO_THREAD_run_once,2_2_00007FFDFF2412CB
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2514E0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDFF2514E0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24F540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFDFF24F540
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B5540 CRYPTO_memcmp,2_2_00007FFDFF2B5540
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF289370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFF289370
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2411BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2411BD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A3420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFDFF2A3420
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDFF24155A
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFDFF24230B
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2852A0 CRYPTO_free,2_2_00007FFDFF2852A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFDFF241992
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF241ED8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFDFF241997
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFDFF28D2F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24D2E1 CRYPTO_free,2_2_00007FFDFF24D2E1
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2912E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFDFF2912E0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF241ACD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFDFF24144C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2420EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2420EF
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFDFF24111D
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2AD170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFDFF2AD170
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF241483
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A3210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFF2A3210
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24B200 CRYPTO_clear_free,2_2_00007FFDFF24B200
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24F060 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF24F060
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2AB0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDFF2AB0D0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF26D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFDFF26D0C0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFDFF241262
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2910C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDFF2910C0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF242121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDFF242121
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24D140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDFF24D140
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A1126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDFF2A1126
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2A2F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDFF2A2F60
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF242374 CRYPTO_free,2_2_00007FFDFF242374
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFDFF241393
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF244FA0 CRYPTO_free,2_2_00007FFDFF244FA0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDFF241B90
Source: rQTI6IKszT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659169549.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733347829.00007FFE007E1000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658935101.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660828773.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659762735.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: rQTI6IKszT.exe, 00000002.00000002.1733648230.00007FFE11510000.00000002.00000001.01000000.00000013.sdmp, pywintypes312.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659399292.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657337695.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734117317.00007FFE126C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661357030.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733648230.00007FFE11510000.00000002.00000001.01000000.00000013.sdmp, pywintypes312.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660051407.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660932789.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659949667.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733782851.00007FFE11EBC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660242992.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659097983.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661357030.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659315231.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660828773.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660712600.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pythoncom.pdb}},GCTL source: rQTI6IKszT.exe, 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659949667.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdbGCTL source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657171790.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735293812.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\shell.pdbkk%GCTL source: rQTI6IKszT.exe, 00000002.00000002.1733039291.00007FFE002C4000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659670237.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660450130.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660138107.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658935101.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659570649.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659670237.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659851783.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: rQTI6IKszT.exe, 00000002.00000002.1735160625.00007FFE148E3000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: rQTI6IKszT.exe, 00000002.00000002.1733509333.00007FFE10253000.00000002.00000001.01000000.00000016.sdmp, win32api.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660347309.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660553186.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659483833.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660347309.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: rQTI6IKszT.exe, 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: rQTI6IKszT.exe, 00000002.00000002.1734850080.00007FFE1322D000.00000002.00000001.01000000.00000009.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\shell.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733039291.00007FFE002C4000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659762735.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733509333.00007FFE10253000.00000002.00000001.01000000.00000016.sdmp, win32api.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB0A9000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1657171790.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735293812.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661041102.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659399292.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660553186.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659315231.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660051407.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659017711.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734717034.00007FFE13207000.00000002.00000001.01000000.0000000C.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659097983.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660712600.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661258475.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661041102.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658847241.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733940321.00007FFE11EDE000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659017711.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: rQTI6IKszT.exe, 00000002.00000002.1733347829.00007FFE007E1000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735031749.00007FFE13309000.00000002.00000001.01000000.00000007.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661258475.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1657337695.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734117317.00007FFE126C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: rQTI6IKszT.exe, 00000002.00000002.1729622815.00007FFDFACEF000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB141000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: rQTI6IKszT.exe, 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659169549.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660242992.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658847241.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661149020.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB141000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659483833.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660932789.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pythoncom.pdb source: rQTI6IKszT.exe, 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660450130.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659250338.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733782851.00007FFE11EBC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659570649.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734588881.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659851783.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32trace.pdb source: win32trace.pyd.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660138107.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661149020.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C07990 FindFirstFileExW,FindClose,0_2_00007FF704C07990
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C06C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF704C06C30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C21C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C07990 FindFirstFileExW,FindClose,2_2_00007FF704C07990
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C21C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C06C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF704C06C30
Source: Joe Sandbox ViewIP Address: 149.137.136.16 149.137.136.16
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: f005.backblazeb2.com
Source: rQTI6IKszT.exe, 00000002.00000003.1681337336.0000025D018FA000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470D0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: rQTI6IKszT.exe, 00000002.00000003.1714954402.0000025D7FE67000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rQTI6IKszT.exe, 00000002.00000003.1709928216.0000025D7FF90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709067858.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715661032.0000025D7FF9C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694179114.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712348655.0000025D7FF91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlC
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlhoM-
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714231868.0000025D01A08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1716104861.0000025D018A9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714653601.0000025D018A3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715452706.0000025D018A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712330181.0000025D01A09000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1716104861.0000025D018A9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714653601.0000025D018A3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715452706.0000025D018A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: rQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1721974884.0000025D019F6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1714954402.0000025D7FE67000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470D0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470D0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708452281.0000025D7FF42000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694179114.0000025D7FF49000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF5A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709296952.0000025D7FF49000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680700639.0000025D7FF5A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714586768.0000025D7FF64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: rQTI6IKszT.exe, 00000002.00000002.1720849006.0000025D01810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709067858.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680700639.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FF2C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694179114.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF2C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729234913.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1718776234.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01AA0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713132475.0000025D01A9F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470D0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/_
Source: rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/p
Source: rQTI6IKszT.exe, 00000002.00000002.1720737197.0000025D01710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01AA0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713132475.0000025D01A9F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: rQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1721974884.0000025D019FE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1720161183.0000025D019FD000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm7
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716252522.0000025D018D2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722254595.0000025D01ACE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710129938.0000025D018B5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713170577.0000025D018B6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715100457.0000025D018B6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716166030.0000025D018BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470D0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: rQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722076737.0000025D01A16000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715993987.0000025D01A16000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712312992.0000025D01A12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: rQTI6IKszT.exe, 00000002.00000003.1714302851.0000025D7FEE1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708581964.0000025D7FEDF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711163686.0000025D7FEE1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719995656.0000025D7FEEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: rQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: rQTI6IKszT.exe, 00000002.00000002.1720849006.0000025D01810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FB1A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FAF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708856487.0000025D7FB19000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694273643.0000025D7FB00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: rQTI6IKszT.exe, 00000002.00000003.1676463366.0000025D7FAC7000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727063904.0000025D7F9A0000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676695824.0000025D7FAF9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676463366.0000025D7FAF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: rQTI6IKszT.exe, 00000002.00000002.1720348391.0000025D01410000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D02070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/z.zip
Source: rQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D02070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/z.zipP
Source: rQTI6IKszT.exe, 00000002.00000002.1720348391.0000025D01410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/z.zipncom.py
Source: rQTI6IKszT.exe, 00000002.00000002.1720659321.0000025D01610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1720959329.0000025D01894000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: rQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: rQTI6IKszT.exe, rQTI6IKszT.exe, 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733700613.00007FFE11521000.00000002.00000001.01000000.00000013.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733564605.00007FFE10261000.00000002.00000001.01000000.00000016.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733219045.00007FFE00300000.00000002.00000001.01000000.00000017.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: rQTI6IKszT.exe, 00000002.00000002.1727063904.0000025D7F920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: rQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: rQTI6IKszT.exe, 00000002.00000003.1677748453.0000025D7FED6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715953759.0000025D7FE1E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: rQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: rQTI6IKszT.exe, 00000002.00000002.1720659321.0000025D01610000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: rQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wummel/patool
Source: rQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wummel/patool/issues/
Source: rQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wummel/patool/issues/P
Source: rQTI6IKszT.exe, 00000002.00000003.1681378542.0000025D7FE3E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713312003.0000025D7FE6C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAD3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711427682.0000025D7FAD5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708926055.0000025D7FABE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714048300.0000025D7FADE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: rQTI6IKszT.exe, 00000002.00000003.1718145404.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709404996.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719845915.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: rQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: rQTI6IKszT.exe, 00000002.00000003.1680280092.0000025D018D8000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01884000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D0191D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: rQTI6IKszT.exe, 00000002.00000002.1728464912.0000025D7FCA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: rQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: rQTI6IKszT.exe, 00000002.00000003.1709383730.0000025D7FE22000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714874026.0000025D7FE25000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709428083.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1678928132.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708980462.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710758185.0000025D7FEB8000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709741770.0000025D7FEB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: rQTI6IKszT.exe, 00000002.00000003.1681378542.0000025D7FE3E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713312003.0000025D7FE6C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAD3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711427682.0000025D7FAD5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708926055.0000025D7FABE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714048300.0000025D7FADE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: rQTI6IKszT.exe, 00000002.00000002.1720737197.0000025D01710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: rQTI6IKszT.exe, 00000002.00000002.1731309503.00007FFDFB1EA000.00000002.00000001.01000000.0000000B.sdmp, rQTI6IKszT.exe, 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.openssl.org/H
Source: rQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01884000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D0191D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D018DA000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: rQTI6IKszT.exe, 00000002.00000002.1732116866.00007FFDFB768000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722254595.0000025D01ACE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C25F900_2_00007FF704C25F90
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C26CF40_2_00007FF704C26CF4
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C15E000_2_00007FF704C15E00
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C135A00_2_00007FF704C135A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C115700_2_00007FF704C11570
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1DD340_2_00007FF704C1DD34
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C07F100_2_00007FF704C07F10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C0FE680_2_00007FF704C0FE68
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C106880_2_00007FF704C10688
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C187E80_2_00007FF704C187E8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C267A80_2_00007FF704C267A8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C20C580_2_00007FF704C20C58
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C23FA00_2_00007FF704C23FA0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C19F300_2_00007FF704C19F30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C130DC0_2_00007FF704C130DC
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C119080_2_00007FF704C11908
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C128A00_2_00007FF704C128A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1006C0_2_00007FF704C1006C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1088C0_2_00007FF704C1088C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1E8480_2_00007FF704C1E848
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C089EB0_2_00007FF704C089EB
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C2620C0_2_00007FF704C2620C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1E1C80_2_00007FF704C1E1C8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C181300_2_00007FF704C18130
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C29AB80_2_00007FF704C29AB8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C102780_2_00007FF704C10278
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C21C040_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C093BD0_2_00007FF704C093BD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C08B8B0_2_00007FF704C08B8B
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C12CD80_2_00007FF704C12CD8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C20C580_2_00007FF704C20C58
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1047C0_2_00007FF704C1047C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C2443C0_2_00007FF704C2443C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C25F902_2_00007FF704C25F90
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C130DC2_2_00007FF704C130DC
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C26CF42_2_00007FF704C26CF4
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C15E002_2_00007FF704C15E00
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C135A02_2_00007FF704C135A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C115702_2_00007FF704C11570
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1DD342_2_00007FF704C1DD34
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C07F102_2_00007FF704C07F10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C0FE682_2_00007FF704C0FE68
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C106882_2_00007FF704C10688
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C187E82_2_00007FF704C187E8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C267A82_2_00007FF704C267A8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C20C582_2_00007FF704C20C58
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C23FA02_2_00007FF704C23FA0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C19F302_2_00007FF704C19F30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C119082_2_00007FF704C11908
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C128A02_2_00007FF704C128A0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1006C2_2_00007FF704C1006C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1088C2_2_00007FF704C1088C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1E8482_2_00007FF704C1E848
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C089EB2_2_00007FF704C089EB
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C2620C2_2_00007FF704C2620C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1E1C82_2_00007FF704C1E1C8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C181302_2_00007FF704C18130
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C29AB82_2_00007FF704C29AB8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C102782_2_00007FF704C10278
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C21C042_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C093BD2_2_00007FF704C093BD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C08B8B2_2_00007FF704C08B8B
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C12CD82_2_00007FF704C12CD8
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C20C582_2_00007FF704C20C58
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1047C2_2_00007FF704C1047C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C2443C2_2_00007FF704C2443C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFABE12F02_2_00007FFDFABE12F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFABE18802_2_00007FFDFABE1880
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A83702_2_00007FFDFF1A8370
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A7F402_2_00007FFDFF1A7F40
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1BBE102_2_00007FFDFF1BBE10
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1B9BB02_2_00007FFDFF1B9BB0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1CD8E02_2_00007FFDFF1CD8E0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1D0E002_2_00007FFDFF1D0E00
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1BCCC02_2_00007FFDFF1BCCC0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1D6D302_2_00007FFDFF1D6D30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1D0AD02_2_00007FFDFF1D0AD0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1C27E02_2_00007FFDFF1C27E0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1984302_2_00007FFDFF198430
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1C22902_2_00007FFDFF1C2290
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1CE2902_2_00007FFDFF1CE290
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241D8E2_2_00007FFDFF241D8E
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241EDD2_2_00007FFDFF241EDD
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF265CF02_2_00007FFDFF265CF0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241CBC2_2_00007FFDFF241CBC
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241AD72_2_00007FFDFF241AD7
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2B9B302_2_00007FFDFF2B9B30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2421DF2_2_00007FFDFF2421DF
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2415462_2_00007FFDFF241546
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2415962_2_00007FFDFF241596
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2857702_2_00007FFDFF285770
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28D7C02_2_00007FFDFF28D7C0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF26B7002_2_00007FFDFF26B700
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2893702_2_00007FFDFF289370
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241FD72_2_00007FFDFF241FD7
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF24155A2_2_00007FFDFF24155A
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF28D2F02_2_00007FFDFF28D2F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2570B02_2_00007FFDFF2570B0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF2421C12_2_00007FFDFF2421C1
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF241C122_2_00007FFDFF241C12
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF1941E0 appears 68 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF1A8300 appears 248 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FF704C01DB0 appears 36 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF194B50 appears 77 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF2BC16F appears 185 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF241325 appears 261 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FF704C01DF0 appears 110 times
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: String function: 00007FFDFF2BC181 appears 627 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: rQTI6IKszT.exe, 00000000.00000003.1660828773.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659169549.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660712600.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657171790.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658170982.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660932789.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659017711.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1656899439.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660051407.000001A7470C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1661149020.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660450130.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659250338.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660553186.000001A7470C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1661357030.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659399292.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659851783.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659097983.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1661258475.000001A7470C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659670237.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660138107.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659949667.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659762735.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1661041102.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658935101.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660242992.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1660347309.000001A7470CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657337695.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659483833.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659315231.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1659570649.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000000.00000003.1658847241.000001A7470CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exeBinary or memory string: OriginalFilename vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1731309503.00007FFDFB1EA000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamepythoncom312.dll0 vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1733700613.00007FFE11521000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1735083186.00007FFE13313000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1735213299.00007FFE148E6000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1729858563.00007FFDFACF4000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1733862910.00007FFE11EC5000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1734638044.00007FFE130C6000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1733564605.00007FFE10261000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamelibsslH vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1734265750.00007FFE126C9000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1732443737.00007FFDFB890000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1734954799.00007FFE13249000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1734013510.00007FFE11EE3000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1733219045.00007FFE00300000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameshell.pyd0 vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1734769642.00007FFE1320E000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1733421045.00007FFE0081C000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs rQTI6IKszT.exe
Source: rQTI6IKszT.exe, 00000002.00000002.1735346140.00007FFE1A469000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs rQTI6IKszT.exe
Source: classification engineClassification label: mal52.winEXE@4/70@1/1
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C01ED0 GetLastError,FormatMessageW,0_2_00007FF704C01ED0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A0F50 _PyArg_ParseTuple_SizeT,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,PyObject_IsInstance,PyErr_Occurred,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_GetAttrString,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,_Py_Dealloc,PyEval_SaveThread,CoCreateInstance,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,2_2_00007FFDFF1A0F50
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6744:120:WilError_03
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962Jump to behavior
Source: rQTI6IKszT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\rQTI6IKszT.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: rQTI6IKszT.exeVirustotal: Detection: 20%
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile read: C:\Users\user\Desktop\rQTI6IKszT.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\rQTI6IKszT.exe "C:\Users\user\Desktop\rQTI6IKszT.exe"
Source: C:\Users\user\Desktop\rQTI6IKszT.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\rQTI6IKszT.exeProcess created: C:\Users\user\Desktop\rQTI6IKszT.exe "C:\Users\user\Desktop\rQTI6IKszT.exe"
Source: C:\Users\user\Desktop\rQTI6IKszT.exeProcess created: C:\Users\user\Desktop\rQTI6IKszT.exe "C:\Users\user\Desktop\rQTI6IKszT.exe"Jump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32Jump to behavior
Source: rQTI6IKszT.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: rQTI6IKszT.exeStatic file information: File size 13383948 > 1048576
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: rQTI6IKszT.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: rQTI6IKszT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659169549.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733347829.00007FFE007E1000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658935101.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660828773.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659762735.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: rQTI6IKszT.exe, 00000002.00000002.1733648230.00007FFE11510000.00000002.00000001.01000000.00000013.sdmp, pywintypes312.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659399292.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657337695.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734117317.00007FFE126C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661357030.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733648230.00007FFE11510000.00000002.00000001.01000000.00000013.sdmp, pywintypes312.dll.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660051407.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660932789.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659949667.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733782851.00007FFE11EBC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660242992.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659097983.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661357030.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659315231.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660828773.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660712600.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pythoncom.pdb}},GCTL source: rQTI6IKszT.exe, 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659949667.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdbGCTL source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657171790.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735293812.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\shell.pdbkk%GCTL source: rQTI6IKszT.exe, 00000002.00000002.1733039291.00007FFE002C4000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659670237.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660450130.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660138107.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658935101.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659570649.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659670237.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659851783.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: rQTI6IKszT.exe, 00000002.00000002.1735160625.00007FFE148E3000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: rQTI6IKszT.exe, 00000002.00000002.1733509333.00007FFE10253000.00000002.00000001.01000000.00000016.sdmp, win32api.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660347309.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658398931.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660553186.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659483833.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: rQTI6IKszT.exe, 00000000.00000003.1658287133.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660347309.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: rQTI6IKszT.exe, 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: rQTI6IKszT.exe, 00000002.00000002.1734850080.00007FFE1322D000.00000002.00000001.01000000.00000009.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\shell.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733039291.00007FFE002C4000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659762735.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: rQTI6IKszT.exe, 00000002.00000002.1733509333.00007FFE10253000.00000002.00000001.01000000.00000016.sdmp, win32api.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB0A9000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1657171790.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735293812.00007FFE1A463000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661041102.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659399292.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660553186.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659315231.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660051407.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659017711.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657737954.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734717034.00007FFE13207000.00000002.00000001.01000000.0000000C.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659097983.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660712600.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661258475.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661041102.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1658847241.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657421293.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733940321.00007FFE11EDE000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659017711.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: rQTI6IKszT.exe, 00000002.00000002.1733347829.00007FFE007E1000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658053559.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1735031749.00007FFE13309000.00000002.00000001.01000000.00000007.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661258475.000001A7470C4000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1657337695.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734117317.00007FFE126C5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: rQTI6IKszT.exe, 00000002.00000002.1729622815.00007FFDFACEF000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB141000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: rQTI6IKszT.exe, 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659169549.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660242992.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1658847241.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1661149020.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: rQTI6IKszT.exe, 00000002.00000002.1730880601.00007FFDFB141000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659483833.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660932789.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pythoncom.pdb source: rQTI6IKszT.exe, 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1660450130.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659250338.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: rQTI6IKszT.exe, 00000000.00000003.1657834592.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733782851.00007FFE11EBC000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: rQTI6IKszT.exe, 00000000.00000003.1659570649.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: rQTI6IKszT.exe, 00000000.00000003.1657955035.000001A7470C3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1734588881.00007FFE130C3000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1659851783.000001A7470CA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32trace.pdb source: win32trace.pyd.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1660138107.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: rQTI6IKszT.exe, 00000000.00000003.1661149020.000001A7470CB000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: rQTI6IKszT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: rQTI6IKszT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: rQTI6IKszT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: rQTI6IKszT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: rQTI6IKszT.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-multibyte-l1-1-0.dll.0.drStatic PE information: 0xE967F059 [Mon Feb 1 22:51:05 2094 UTC]
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A8370 PySys_GetObject,PyLong_AsUnsignedLongMask,PyErr_Occurred,PyErr_Clear,?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,PyDict_SetItemString,PyDict_SetItemString,PyDict_SetItemString,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,?PyWinExc_COMError@@3PEAU_object@@EA,PyExc_MemoryError,PyErr_SetString,PyDict_SetItemString,PyDict_SetItemString,?PyWinExc_COMError@@3PEAU_object@@EA,PyDict_SetItemString,PyErr_NewException,PyDict_SetItemString,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,PyModule_Create2,PyDict_New,PyDict_SetItemString,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,Py_FrozenFlag,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,2_2_00007FFDFF1A8370
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF264021 push rcx; ret 2_2_00007FFDFF264022

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\rQTI6IKszT.exeProcess created: "C:\Users\user\Desktop\rQTI6IKszT.exe"
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pythoncom312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pywintypes312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C06120 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF704C06120
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pythoncom312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pywintypes312.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17908
Source: C:\Users\user\Desktop\rQTI6IKszT.exeAPI coverage: 1.2 %
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C07990 FindFirstFileExW,FindClose,0_2_00007FF704C07990
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C06C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF704C06C30
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C21C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C07990 FindFirstFileExW,FindClose,2_2_00007FF704C07990
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C21C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF704C21C04
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C06C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF704C06C30
Source: cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: rQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719135962.0000025D7FAB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW]
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704C1A668
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A8370 PySys_GetObject,PyLong_AsUnsignedLongMask,PyErr_Occurred,PyErr_Clear,?PyWinGlobals_Ensure@@YAHXZ,PyModule_Create2,PyModule_GetDict,PyDict_SetItemString,PyDict_SetItemString,PyDict_SetItemString,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,_Py_NewReference,PyDict_SetItemString,?PyWinExc_COMError@@3PEAU_object@@EA,PyExc_MemoryError,PyErr_SetString,PyDict_SetItemString,PyDict_SetItemString,?PyWinExc_COMError@@3PEAU_object@@EA,PyDict_SetItemString,PyErr_NewException,PyDict_SetItemString,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,PyType_Ready,PyModule_Create2,PyDict_New,PyDict_SetItemString,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,LoadLibraryW,GetProcAddress,Py_FrozenFlag,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_SetItemString,_Py_Dealloc,2_2_00007FFDFF1A8370
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C23810 GetProcessHeap,0_2_00007FF704C23810
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C1A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704C1A668
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C0AFB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF704C0AFB0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C0B84C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF704C0B84C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C0B9F0 SetUnhandledExceptionFilter,0_2_00007FF704C0B9F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C1A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF704C1A668
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C0AFB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF704C0AFB0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C0B84C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF704C0B84C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FF704C0B9F0 SetUnhandledExceptionFilter,2_2_00007FF704C0B9F0
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFABE2A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFABE2A70
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFABE3028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFABE3028
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1E9664 SetUnhandledExceptionFilter,2_2_00007FFDFF1E9664
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1E947C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFF1E947C
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1E8AE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFF1E8AE4
Source: C:\Users\user\Desktop\rQTI6IKszT.exeProcess created: C:\Users\user\Desktop\rQTI6IKszT.exe "C:\Users\user\Desktop\rQTI6IKszT.exe"Jump to behavior
Source: rQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D020FC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fDOF_PROGMAN
Source: rQTI6IKszT.exe, 00000002.00000003.1707280335.0000025D021CE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D020FC000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707280335.0000025D02177000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DOF_PROGMAN
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C29900 cpuid 0_2_00007FF704C29900
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.12\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.12\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com\shell VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962\win32com\shell VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI66962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeQueries volume information: C:\Users\user\Desktop\rQTI6IKszT.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C0B730 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF704C0B730
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 0_2_00007FF704C25F90 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF704C25F90
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A2F40 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,_Py_BuildValue_SizeT,2_2_00007FFDFF1A2F40
Source: C:\Users\user\Desktop\rQTI6IKszT.exeCode function: 2_2_00007FFDFF1A40C0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,2_2_00007FFDFF1A40C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
DLL Side-Loading		12
Process Injection		12
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets22
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
rQTI6IKszT.exe20%VirustotalBrowse
rQTI6IKszT.exe8%ReversingLabsWin64.Malware.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
f005.backblazeb2.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
http://www.firmaprofesional.com/cps00%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
https://tools.ietf.org/html/rfc2388#section-4.40%URL Reputationsafe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-60%URL Reputationsafe
http://www.quovadisglobal.com/cps00%URL Reputationsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%URL Reputationsafe
http://curl.haxx.se/rfc/cookie_spec.html0%URL Reputationsafe
http://repository.swisssign.com/0%URL Reputationsafe
http://www.accv.es/legislacion_c.htm0U0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
http://ocsp.accv.es00%URL Reputationsafe
https://www.python.org/0%URL Reputationsafe
https://json.org0%URL Reputationsafe
https://httpbin.org/0%URL Reputationsafe
https://twitter.com/0%URL Reputationsafe
http://www.quovadisglobal.com/cps0%URL Reputationsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://wwwsearch.sf.net/):0%URL Reputationsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%URL Reputationsafe
http://tools.ietf.org/html/rfc6125#section-6.4.30%URL Reputationsafe
https://github.com/wummel/patool/issues/0%Avira URL Cloudsafe
https://www.openssl.org/H0%URL Reputationsafe
http://crl.certigna.fr/certignarootca.crl010%URL Reputationsafe
https://f005.backblazeb2.com/file/exefiles-storage/z.zipncom.py0%Avira URL Cloudsafe
http://www.accv.es000%URL Reputationsafe
http://google.com/0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crlhoM-0%Avira URL Cloudsafe
https://github.com/wummel/patool0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl0%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc7231#section-4.3.6)0%Avira URL Cloudsafe
https://github.com/mhammond/pywin320%Avira URL Cloudsafe
http://google.com/1%VirustotalBrowse
https://github.com/wummel/patool0%VirustotalBrowse
https://httpbin.org/post0%Avira URL Cloudsafe
https://github.com/wummel/patool/issues/P0%Avira URL Cloudsafe
https://github.com/wummel/patool/issues/0%VirustotalBrowse
http://crl.securetrust.com/SGCA.crl0%VirustotalBrowse
https://tools.ietf.org/html/rfc7231#section-4.3.6)0%VirustotalBrowse
https://github.com/mhammond/pywin320%VirustotalBrowse
https://github.com/Ousret/charset_normalizer0%VirustotalBrowse
https://f005.backblazeb2.com/file/exefiles-storage/z.zip1%VirustotalBrowse
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/z.zip0%Avira URL Cloudsafe
https://httpbin.org/post1%VirustotalBrowse
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/29200%Avira URL Cloudsafe
https://yahoo.com/0%Avira URL Cloudsafe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crlC0%Avira URL Cloudsafe
http://repository.swisssign.com/_0%Avira URL Cloudsafe
https://yahoo.com/0%VirustotalBrowse
https://html.spec.whatwg.org/multipage/0%Avira URL Cloudsafe
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%VirustotalBrowse
https://github.com/urllib3/urllib3/issues/29200%VirustotalBrowse
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%VirustotalBrowse
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0%Avira URL Cloudsafe
https://www.rfc-editor.org/rfc/rfc8259#section-8.10%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/0%VirustotalBrowse
https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329630%Avira URL Cloudsafe
http://repository.swisssign.com/_0%VirustotalBrowse
https://peps.python.org/pep-0205/0%Avira URL Cloudsafe
https://requests.readthedocs.io0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crlC0%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0%VirustotalBrowse
http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%VirustotalBrowse
https://www.rfc-editor.org/rfc/rfc8259#section-8.10%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
http://ocsp.accv.es0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
http://ocsp.accv.es0%VirustotalBrowse
https://httpbin.org/get0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl0%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%VirustotalBrowse
https://requests.readthedocs.io0%VirustotalBrowse
http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329630%VirustotalBrowse
https://www.python.org0%Avira URL Cloudsafe
http://ocsp.di0%Avira URL Cloudsafe
http://www.accv.es/legislacion_c.htm70%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%VirustotalBrowse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
https://github.com/python/cpython/issues/86361.0%Avira URL Cloudsafe
https://peps.python.org/pep-0205/0%VirustotalBrowse
https://wwww.certigna.fr/autorites/0%Avira URL Cloudsafe
https://www.python.org0%VirustotalBrowse
http://repository.swisssign.com/p0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%VirustotalBrowse
https://httpbin.org/get1%VirustotalBrowse
http://crl.xrampsecurity.com/XGCA.crl0%VirustotalBrowse
https://docs.python.org/3/howto/mro.html.0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/0%VirustotalBrowse
https://google.com/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
f005.backblazeb2.com
149.137.136.16
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://google.com/rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708452281.0000025D7FF42000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694179114.0000025D7FF49000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF5A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709296952.0000025D7FF49000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680700639.0000025D7FF5A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714586768.0000025D7FF64000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://mahler:8092/site-updates.pyrQTI6IKszT.exe, 00000002.00000003.1680280092.0000025D018D8000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01884000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D0191D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/wummel/patool/issues/rQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E30000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/z.zipncom.pyrQTI6IKszT.exe, 00000002.00000002.1720348391.0000025D01410000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.dhimyotis.com/certignarootca.crlhoM-rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/wummel/patoolrQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E6C000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/SGCA.crlrQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714231868.0000025D01A08000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://.../back.jpegrQTI6IKszT.exe, 00000002.00000003.1681337336.0000025D018FA000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01905000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tools.ietf.org/html/rfc7231#section-4.3.6)rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709428083.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1678928132.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708980462.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710758185.0000025D7FEB8000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709741770.0000025D7FEB6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mhammond/pywin32rQTI6IKszT.exe, rQTI6IKszT.exe, 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733700613.00007FFE11521000.00000002.00000001.01000000.00000013.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733564605.00007FFE10261000.00000002.00000001.01000000.00000016.sdmp, rQTI6IKszT.exe, 00000002.00000002.1733219045.00007FFE00300000.00000002.00000001.01000000.00000017.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/postrQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.dhimyotis.com/certignarootca.crl0rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/wummel/patool/issues/PrQTI6IKszT.exe, 00000002.00000002.1724904679.0000025D01E30000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/Ousret/charset_normalizerrQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1720959329.0000025D01894000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.firmaprofesional.com/cps0rQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722076737.0000025D01A16000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715993987.0000025D01A16000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712312992.0000025D01A12000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/z.ziprQTI6IKszT.exe, 00000002.00000002.1720348391.0000025D01410000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D02070000.00000004.00001000.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#rQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2920rQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/SGCA.crl0rQTI6IKszT.exe, 00000002.00000003.1716104861.0000025D018A9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714653601.0000025D018A3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715452706.0000025D018A4000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://yahoo.com/rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/STCA.crl0rQTI6IKszT.exe, 00000002.00000003.1716104861.0000025D018A9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714653601.0000025D018A3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715452706.0000025D018A4000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tools.ietf.org/html/rfc2388#section-4.4rQTI6IKszT.exe, 00000002.00000003.1709383730.0000025D7FE22000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714874026.0000025D7FE25000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FB1A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FAF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708856487.0000025D7FB19000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694273643.0000025D7FB00000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.dhimyotis.com/certignarootca.crlCrQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://repository.swisssign.com/_rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6rQTI6IKszT.exe, 00000002.00000003.1714302851.0000025D7FEE1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708581964.0000025D7FEDF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711163686.0000025D7FEE1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719995656.0000025D7FEEA000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://html.spec.whatwg.org/multipage/rQTI6IKszT.exe, 00000002.00000003.1718145404.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709404996.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719845915.0000025D7FEF5000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.quovadisglobal.com/cps0rQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlrQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1721974884.0000025D019FE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1720161183.0000025D019FD000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsrQTI6IKszT.exe, 00000002.00000002.1720737197.0000025D01710000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.rfc-editor.org/rfc/rfc8259#section-8.1rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963rQTI6IKszT.exe, 00000002.00000002.1720659321.0000025D01610000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://requests.readthedocs.iorQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0205/rQTI6IKszT.exe, 00000002.00000002.1728464912.0000025D7FCA0000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.dhimyotis.com/certignarootca.crlrQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://curl.haxx.se/rfc/cookie_spec.htmlrQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.accv.esrQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://repository.swisssign.com/rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyrQTI6IKszT.exe, 00000002.00000002.1724636762.0000025D01C10000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688rQTI6IKszT.exe, 00000002.00000002.1727063904.0000025D7F920000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/getrQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAF5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.xrampsecurity.com/XGCA.crlrQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1721974884.0000025D019F6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.python.orgrQTI6IKszT.exe, 00000002.00000003.1714348834.0000025D7FAB3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719154285.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711566463.0000025D7FAA9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719563246.0000025D7FAB6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.accv.es/legislacion_c.htm0UrQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://wwww.certigna.fr/autorites/0mrQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.accv.es0rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01AA0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713132475.0000025D01A9F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.dirQTI6IKszT.exe, 00000000.00000003.1657582571.000001A7470C3000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01884000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D0191D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680182971.0000025D018DA000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/legislacion_c.htm7rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerrQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/issues/86361.rQTI6IKszT.exe, 00000002.00000003.1677748453.0000025D7FED6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715953759.0000025D7FE1E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709221400.0000025D7FE13000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://json.orgrQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://httpbin.org/rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://wwww.certigna.fr/autorites/rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722254595.0000025D01ACE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://repository.swisssign.com/prQTI6IKszT.exe, 00000002.00000002.1722058376.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D01A06000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716275628.0000025D01A04000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/howto/mro.html.rQTI6IKszT.exe, 00000002.00000003.1676463366.0000025D7FAC7000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727063904.0000025D7F9A0000.00000004.00001000.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676695824.0000025D7FAF9000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676463366.0000025D7FAF4000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://twitter.com/rQTI6IKszT.exe, 00000002.00000003.1681378542.0000025D7FE3E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713312003.0000025D7FE6C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAD3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711427682.0000025D7FAD5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708926055.0000025D7FABE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714048300.0000025D7FADE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.quovadisglobal.com/cpsrQTI6IKszT.exe, 00000002.00000003.1719353046.0000025D019C6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713451403.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719804823.0000025D019ED000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719762366.0000025D019D5000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709067858.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680700639.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680785468.0000025D7FF2C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694179114.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF2C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729234913.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1681170956.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1718776234.0000025D7FF79000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syrQTI6IKszT.exe, 00000002.00000003.1717295625.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716388202.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709994158.0000025D7F45D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676779823.0000025D7FA90000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1727789104.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709967245.0000025D7F43F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719648069.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708739428.0000025D7F434000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719696691.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716859073.0000025D7FA8D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1726883550.0000025D7F461000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717716972.0000025D7F45F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717105734.0000025D7F45E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1717343423.0000025D7FA91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/rQTI6IKszT.exe, 00000002.00000003.1681378542.0000025D7FE3E000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713312003.0000025D7FE6C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707630418.0000025D7FA75000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709485487.0000025D7FAD3000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711427682.0000025D7FAD5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708926055.0000025D7FABE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714543943.0000025D7FE6D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714048300.0000025D7FADE000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/mail/rQTI6IKszT.exe, 00000002.00000003.1714372458.0000025D7FA78000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/psf/license/rQTI6IKszT.exe, 00000002.00000002.1732116866.00007FFDFB768000.00000008.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://google.com/mail/rQTI6IKszT.exe, 00000002.00000002.1720849006.0000025D01810000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/STCA.crlrQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D019C4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712330181.0000025D01A09000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707451058.0000025D019C4000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://wwwsearch.sf.net/):rQTI6IKszT.exe, 00000002.00000002.1720849006.0000025D01810000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0rQTI6IKszT.exe, 00000002.00000003.1708262047.0000025D7FEF2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712427203.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694361944.0000025D7FEA6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1719867327.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709320106.0000025D7FF01000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01AA0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711651210.0000025D7FF2D000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713132475.0000025D01A9F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1729126812.0000025D7FF31000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715410727.0000025D7FF2F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711241419.0000025D7FF04000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/legislacion_c.htmrQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3rQTI6IKszT.exe, 00000002.00000002.1720737197.0000025D01710000.00000004.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/z.zipPrQTI6IKszT.exe, 00000002.00000002.1725521106.0000025D02070000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.xrampsecurity.com/XGCA.crl0rQTI6IKszT.exe, 00000002.00000003.1714954402.0000025D7FE67000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707758790.0000025D7FE64000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1694510069.0000025D7FE60000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.openssl.org/HrQTI6IKszT.exe, 00000002.00000002.1731309503.00007FFDFB1EA000.00000002.00000001.01000000.0000000B.sdmp, rQTI6IKszT.exe, 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.certigna.fr/certignarootca.crl01rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715013134.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710470167.0000025D0183B000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713232079.0000025D0183C000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715530556.0000025D01AD1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714727967.0000025D7FDAD000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.cert.fnmt.es/dpcs/rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01AB6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716252522.0000025D018D2000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000002.1722254595.0000025D01ACE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710129938.0000025D018B5000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713170577.0000025D018B6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713859501.0000025D01AB4000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01AAF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712559371.0000025D01AAC000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715100457.0000025D018B6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714113379.0000025D01AC6000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708787226.0000025D01897000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1716166030.0000025D018BE000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/mailrQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712479194.0000025D7FDEF000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710195115.0000025D7FDEE000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713903757.0000025D7FDF0000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.accv.es00rQTI6IKszT.exe, 00000002.00000003.1693615490.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1707382259.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713337413.0000025D01A91000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712068262.0000025D01AA1000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1710646906.0000025D01A87000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1713550163.0000025D01A97000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711976657.0000025D01A88000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.python.org/psf/license/)rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyrQTI6IKszT.exe, 00000002.00000003.1676664740.0000025D7FA85000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyrQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0263/rQTI6IKszT.exe, 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://foss.heptapod.net/pypy/pypy/-/issues/3539rQTI6IKszT.exe, 00000002.00000002.1720659321.0000025D01610000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.rQTI6IKszT.exe, 00000002.00000003.1715059314.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1712370195.0000025D01889000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711716662.0000025D01886000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1714566665.0000025D0188A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1680335010.0000025D01888000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1709352384.0000025D0185F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1715297737.0000025D0188F000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1708058891.0000025D0185A000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711674333.0000025D01883000.00000004.00000020.00020000.00000000.sdmp, rQTI6IKszT.exe, 00000002.00000003.1711765446.0000025D01888000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/psf/requests/pull/6710rQTI6IKszT.exe, 00000002.00000002.1724748307.0000025D01D10000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
149.137.136.16
f005.backblazeb2.comUnited States
30103ZOOM-VIDEO-COMM-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1487186
Start date and time:2024-08-03 09:55:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 41s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:3
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:rQTI6IKszT.exe
renamed because original name is a hash value
Original Sample Name:fa8cf7b851ce2ea62a493d23bfa6bb340cd0f980b51d7ca694c90b4e276e1b64.exe
Detection:MAL
Classification:mal52.winEXE@4/70@1/1
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
149.137.136.16zCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
    http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
        https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
          https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
            https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
              https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse
                https://sites.google.com/view/drypapersonalbankruptcy/homeGet hashmaliciousHTMLPhisherBrowse
                  https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=_HkV8W7DpUuifstDSryGNxqrvyMyb5JNtRYXwlOy-ZhUMkZaWk1ISTRDNlcyVlYyQ0JTWjdRR0Q1RS4uGet hashmaliciousHTMLPhisherBrowse
                    https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=YDCDde770Ueh5dtv6QWp2ez1wu3978xAu7QoNXSq2MBUQVo4VVFVR0ExUkpKWUJKVk1FUzdBWkg2VS4uGet hashmaliciousHTMLPhisherBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      f005.backblazeb2.comzCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.136.16
                      http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://sites.google.com/view/drypapersonalbankruptcy/homeGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=YDCDde770Ueh5dtv6QWp2ez1wu3978xAu7QoNXSq2MBUQVo4VVFVR0ExUkpKWUJKVk1FUzdBWkg2VS4uGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/b2api/v1/b2_download_file_by_id?fileid=4_z4bed65aed9dccfff819c0814_f1197bbd660a9cbda_d20230807_m115920_c005_v0521006_t0054_u01691409560201Get hashmaliciousUnknownBrowse
                      • 149.137.136.16

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ZOOM-VIDEO-COMM-ASUSzCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.136.16
                      hgt1WRKzKt.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.137.254
                      yZT4VDN0sk.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.137.254
                      https://docs.google.com/drawings/d/1e_ozWSFq93ETp5eAzec4s3erAU8PzdP48pyt4fxNtl4/preview?pli=1Get hashmaliciousHTMLPhisherBrowse
                      • 149.137.137.254
                      http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://1drv.ms/o/s!ArBtBaxzZQ2-bgubRKeHU2HcLQk?e=2pF7dhGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.129.254
                      https://docs.google.com/drawings/u/0/d/1Lm_lPFW1hN0tIjBZtfH2sq0Q6UPjdfB1utEgL942uZg/preview?pli=1Get hashmaliciousHTMLPhisherBrowse
                      • 149.137.137.254
                      http://pub-9f23a057c92846ceb9a489bd3cb57fd5.r2.dev/index.htm?y=d:%25jx@bli4f1ud%7Cbibgos??uGet hashmaliciousUnknownBrowse
                      • 149.137.137.254
                      https://jffjdi1911.s3.us-west-002.backblazeb2.com/Attachments.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.142.254

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\mfc140u.dllaznuril.exeGet hashmaliciousXWormBrowse
                        LisectAVT_2403002A_161.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                          LisectAVT_2403002A_210.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                            LisectAVT_2403002A_396.exeGet hashmaliciousPython StealerBrowse
                              LisectAVT_2403002A_260.exeGet hashmaliciousPython Stealer, Blank Grabber, Rose Stealer, XmrigBrowse
                                LisectAVT_2403002A_204.exeGet hashmaliciousPython Stealer, BLX StealerBrowse
                                  Restortion.clinic.exeGet hashmaliciousEmpyrean, Discord Token StealerBrowse
                                    792ead8a.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                                      231210-10-Creal-33652f.exeGet hashmaliciousCreal StealerBrowse
                                        0x000700000001ac52-36.exeGet hashmaliciousPython Stealer, Empyrean, Discord Token StealerBrowse
                                          C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\win32ui.pydfile.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                    SecuriteInfo.com.FileRepMalware.32346.10249.exeGet hashmaliciousUnknownBrowse
                                                      r0gv5UI76Q.exeGet hashmaliciousUnknownBrowse
                                                        SecuriteInfo.com.Win64.Evo-gen.32605.13708.exeGet hashmaliciousUnknownBrowse
                                                          SecuriteInfo.com.FileRepMalware.20476.21704.exeGet hashmaliciousUnknownBrowse
                                                            DruloMF_Rebrand.exeGet hashmaliciousPython StealerBrowse

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\mfc140u.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5653424
                                                              Entropy (8bit):6.729277267882055
                                                              Encrypted:false
                                                              SSDEEP:49152:EuEsNcEc8/CK4b11P5ViH8gw0+NVQD5stWIlE7lva8iposS9j5fzSQzs7ID+AVuS:EnL8+5fiEnQFLOAkGkzdnEVomFHKnPS
                                                              MD5:03A161718F1D5E41897236D48C91AE3C
                                                              SHA1:32B10EB46BAFB9F81A402CB7EFF4767418956BD4
                                                              SHA-256:E06C4BD078F4690AA8874A3DEB38E802B2A16CCB602A7EDC2E077E98C05B5807
                                                              SHA-512:7ABCC90E845B43D264EE18C9565C7D0CBB383BFD72B9CEBB198BA60C4A46F56DA5480DA51C90FF82957AD4C84A4799FA3EB0CEDFFAA6195F1315B3FF3DA1BE47
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: aznuril.exe, Detection: malicious, Browse
                                                              • Filename: LisectAVT_2403002A_161.exe, Detection: malicious, Browse
                                                              • Filename: LisectAVT_2403002A_210.exe, Detection: malicious, Browse
                                                              • Filename: LisectAVT_2403002A_396.exe, Detection: malicious, Browse
                                                              • Filename: LisectAVT_2403002A_260.exe, Detection: malicious, Browse
                                                              • Filename: LisectAVT_2403002A_204.exe, Detection: malicious, Browse
                                                              • Filename: Restortion.clinic.exe, Detection: malicious, Browse
                                                              • Filename: 792ead8a.exe, Detection: malicious, Browse
                                                              • Filename: 231210-10-Creal-33652f.exe, Detection: malicious, Browse
                                                              • Filename: 0x000700000001ac52-36.exe, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d....~.a.........." .....(-..X)......X,.......................................V......YV...`A..........................................:.....h.;.......?......`=..8....V..'...PU.0p..p.5.T...........................`...8............@-.P...0.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\Pythonwin\win32ui.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1143296
                                                              Entropy (8bit):6.04321542540882
                                                              Encrypted:false
                                                              SSDEEP:12288:DQWktPIBhxB0RsErMzOFvYREzZMi2aNj5ppbRSogazu:DQWoihT0F9YRYfjnp44
                                                              MD5:D335339C3508604925016C1F3EE0600D
                                                              SHA1:2AAA7BA6171E4887D942D03010D7D1B1B94257E4
                                                              SHA-256:8B992A0333990A255C6DF4395AE2E4153300596D75C7FBD17780214FB359B6A7
                                                              SHA-512:AC6AB6054A93261E6547C58EE7BA191129A0B87D86C6D15DA34FEDF90764949DAF5C1AE39AA06503487D420F6867DF796E3F1D75F16E246712E0E53E40552D13
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win64.SpywareX-gen.27721.19030.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.FileRepMalware.32346.10249.exe, Detection: malicious, Browse
                                                              • Filename: r0gv5UI76Q.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win64.Evo-gen.32605.13708.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.FileRepMalware.20476.21704.exe, Detection: malicious, Browse
                                                              • Filename: DruloMF_Rebrand.exe, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.N..~...~...~..r....~.v.....~..a....~...z...~...}...~...{...~.......~.......~.v.w...~.v.~...~.v.....~.v.|...~.Rich..~.........................PE..d......d.........." .........r......d.....................................................`.........................................@....T..Hr..h...............................h\......T.......................(.......8................0...........................text............................... ..`.rdata..f...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..h\.......^..................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):119192
                                                              Entropy (8bit):6.6016214745004635
                                                              Encrypted:false
                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\VCRUNTIME140_1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):49528
                                                              Entropy (8bit):6.662491747506177
                                                              Encrypted:false
                                                              SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                              MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                              SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                              SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                              SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_bz2.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):85272
                                                              Entropy (8bit):6.593462846910602
                                                              Encrypted:false
                                                              SSDEEP:1536:i2sz7yc51BVo1QX/FPI11IK1cDm015ssO687sjkD1ISCV087Syyxt+:dsz2c5eQXB4am05spd7MkD1ISCVzL
                                                              MD5:5BEBC32957922FE20E927D5C4637F100
                                                              SHA1:A94EA93EE3C3D154F4F90B5C2FE072CC273376B3
                                                              SHA-256:3ED0E5058D370FB14AA5469D81F96C5685559C054917C7280DD4125F21D25F62
                                                              SHA-512:AFBE80A73EE9BD63D9FFA4628273019400A75F75454667440F43BEB253091584BF9128CBB78AE7B659CE67A5FAEFDBA726EDB37987A4FE92F082D009D523D5D6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b......................................................................................Rich...................PE..d.....bf.........." ...(.....^...............................................`......P.....`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text.../........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_decimal.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):257304
                                                              Entropy (8bit):6.565489271518002
                                                              Encrypted:false
                                                              SSDEEP:6144:vnXBJvhy8AJOMg4hmRWw710z4ez9qWM53pLW1AW/ZJJJWtCk1mGc:ByJJOMiRW+10EHFpNc
                                                              MD5:492C0C36D8ED1B6CA2117869A09214DA
                                                              SHA1:B741CAE3E2C9954E726890292FA35034509EF0F6
                                                              SHA-256:B8221D1C9E2C892DD6227A6042D1E49200CD5CB82ADBD998E4A77F4EE0E9ABF1
                                                              SHA-512:B8F1C64AD94DB0252D96082E73A8632412D1D73FB8095541EE423DF6F00BC417A2B42C76F15D7E014E27BAAE0EF50311C3F768B1560DB005A522373F442E4BE0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.............. .....G&......G&......G&......G&.......!......................!.......!.......!.......!L......!......Rich............PE..d.....bf.........." ...(.....<............................................................`..........................................c..P....c...................&......./......T.......T...........................p...@............................................text...I........................... ..`.rdata..(...........................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_hashlib.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):66328
                                                              Entropy (8bit):6.2279606895285875
                                                              Encrypted:false
                                                              SSDEEP:1536:JgHpgE4Z27b4ZWZnEmIAtISOIx7SyZUxN:i14ZeEmIAtISOIx7+
                                                              MD5:DA02CEFD8151ECB83F697E3BD5280775
                                                              SHA1:1C5D0437EB7E87842FDE55241A5F0CA7F0FC25E7
                                                              SHA-256:FD77A5756A17EC0788989F73222B0E7334DD4494B8C8647B43FE554CF3CFB354
                                                              SHA-512:A13BC5C481730F48808905F872D92CB8729CC52CFB4D5345153CE361E7D6586603A58B964A1EBFD77DD6222B074E5DCCA176EAAEFECC39F75496B1F8387A2283
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N@.. ... ... ...... ..k!... ..k#... ..k$... ..k%... ..l!... ...!... ..h!... ...!.A. ..l-... ..l ... ..l.... ..l"... .Rich.. .........................PE..d.....bf.........." ...(.V.......... @...............................................G....`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_lzma.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):160024
                                                              Entropy (8bit):6.854257867628366
                                                              Encrypted:false
                                                              SSDEEP:3072:Bsvkxuqgo7e2uONqG+hi+CSznfF9mNopXnmnu1ISZ1Vk:BnuFo7Jg1NYOp2uO
                                                              MD5:195DEFE58A7549117E06A57029079702
                                                              SHA1:3795B02803CA37F399D8883D30C0AA38AD77B5F2
                                                              SHA-256:7BF9FF61BABEBD90C499A8ED9B62141F947F90D87E0BBD41A12E99D20E06954A
                                                              SHA-512:C47A9B1066DD9744C51ED80215BD9645AAB6CC9D6A3F9DF99F618E3DD784F6C7CE6F53EABE222CF134EE649250834193D5973E6E88F8A93151886537C62E2E2B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hD..,%.X,%.X,%.X%]7X(%.X.Y.%.X.Y/%.X.Y$%.X.Y %.X?..Y/%.Xg].Y.%.X,%.XI%.X?..Y.%.X?..Y-%.X?.[X-%.X?..Y-%.XRich,%.X........PE..d.....bf.........." ...(.f..........`8....................................................`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_queue.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32536
                                                              Entropy (8bit):6.5090721419869135
                                                              Encrypted:false
                                                              SSDEEP:768:xOz+R6rbVKMoNpISQUA5YiSyv86lAMxkEzc:xjgbVJoNpISQUS7SyU6dxPc
                                                              MD5:B7E5FBD7EF3EEFFF8F502290C0E2B259
                                                              SHA1:9DECBA47B1CDB0D511B58C3146D81644E56E3611
                                                              SHA-256:DBDABB5FE0CCBC8B951A2C6EC033551836B072CAB756AAA56B6F22730080D173
                                                              SHA-512:B7568B9DF191347D1A8D305BD8DDD27CBFA064121C785FA2E6AFEF89EC330B60CAFC366BE2B22409D15C9434F5E46E36C5CBFB10783523FDCAC82C30360D36F7
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V......V......V......V......V......V.......V...V...V......V......V....N..V......V..Rich.V..................PE..d.....bf.........." ...(.....8......................................................1.....`..........................................C..L....D..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...0........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_socket.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):83736
                                                              Entropy (8bit):6.32286800032437
                                                              Encrypted:false
                                                              SSDEEP:1536:ldcydNgIznrvGvLfo4o7zfqwXJ9/s+S+pzo08/n1IsJhv6cpISLwV97Sy7UxV:l6ydrr+DgxjqwXJ9/sT+pzoN1IwhScpf
                                                              MD5:DD8FF2A3946B8E77264E3F0011D27704
                                                              SHA1:A2D84CFC4D6410B80EEA4B25E8EFC08498F78990
                                                              SHA-256:B102522C23DAC2332511EB3502466CAF842D6BCD092FBC276B7B55E9CC01B085
                                                              SHA-512:958224A974A3449BCFB97FAAB70C0A5B594FA130ADC0C83B4E15BDD7AAB366B58D94A4A9016CB662329EA47558645ACD0E0CC6DF54F12A81AC13A6EC0C895CD8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}O.c|.Nb}O.a|.Nb}O.f|.Nb}O.g|.Nb}..c|.Nb}.Nc}4Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}........PE..d.....bf.........." ...(.x..........`-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_ssl.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):178968
                                                              Entropy (8bit):5.9687584339585324
                                                              Encrypted:false
                                                              SSDEEP:3072:AHtmUArl7bOGLbfbmeq2wfq6XDQJsY2GvMe1ba+VRJNI7IM/H9o/PCrXuI51ISCQ:Ym5lfOGLbjBOq6XD4MejTGl
                                                              MD5:C87C5890039C3BDB55A8BC189256315F
                                                              SHA1:84EF3C2678314B7F31246471B3300DA65CB7E9DE
                                                              SHA-256:A5D361707F7A2A2D726B20770E8A6FC25D753BE30BCBCBBB683FFEE7959557C2
                                                              SHA-512:E750DC36AE00249ED6DA1C9D816F1BD7F8BC84DDEA326C0CD0410DBCFB1A945AAC8C130665BFACDCCD1EE2B7AC097C6FF241BFC6CC39017C9D1CDE205F460C44
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^..`...`...`......`..ia...`..ic...`..id...`..ie...`..na...`..ja...`...a.I.`...a...`..nm...`..n`...`..n....`..nb...`.Rich..`.........................PE..d.....bf.........." ...(............P,..............................................Bj....`.............................................d...D...................P......../......x.......T...........................@...@............................................text...0........................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............d..............@..@.rsrc................p..............@..@.reloc..x............z..............@..B........................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\_wmi.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):37656
                                                              Entropy (8bit):6.341970590218289
                                                              Encrypted:false
                                                              SSDEEP:768:9mqQhTcYv/NxO01ISCiO5YiSyvoAMxkEzef:9m7GINxO01ISCik7SyOxvef
                                                              MD5:8A9A59559C614FC2BCEBB50073580C88
                                                              SHA1:4E4CED93F2CB5FE6A33C1484A705E10A31D88C4D
                                                              SHA-256:752FB80EDB51F45D3CC1C046F3B007802432B91AEF400C985640D6B276A67C12
                                                              SHA-512:9B17C81FF89A41307740371CB4C2F5B0CF662392296A7AB8E5A9EBA75224B5D9C36A226DCE92884591636C343B8238C19EF61C1FDF50CC5AA2DA86B1959DB413
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.k.4...4...4...=..2.......0.......0.......<...'...6.......).......3...4...i.......5...'...5...'...5...'...5...'...5...Rich4...........................PE..d.....bf.........." ...(.*...<.......(..............................................c.....`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-console-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22112
                                                              Entropy (8bit):4.744270711412692
                                                              Encrypted:false
                                                              SSDEEP:192:zFOhcWqhWpvWEXCVWQ4iWwklRxwVIX01k9z3AROVaz4ILS:zFlWqhWpk6R9zeU0J2
                                                              MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
                                                              SHA1:A312CFC6A7ED7BF1B786E5B3FD842A7EEB683452
                                                              SHA-256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
                                                              SHA-512:B74D9B12B69DB81A96FC5A001FD88C1E62EE8299BA435E242C5CB2CE446740ED3D8A623E1924C2BC07BFD9AEF7B2577C9EC8264E53E5BE625F4379119BAFCC27
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-datetime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.602255667966723
                                                              Encrypted:false
                                                              SSDEEP:192:NWqhWEWEXCVWQ4cRWvBQrVXC4dlgX01k9z3AUj7W6SxtR:NWqhWPlZVXC4deR9zVj7QR
                                                              MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
                                                              SHA1:5150E7EDD1293E29D2E4D6BB68067374B8A07CE6
                                                              SHA-256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
                                                              SHA-512:B0E02E1F19CFA7DE3693D4D63E404BDB9D15527AC85A6D492DB1128BB695BFFD11BEC33D32F317A7615CB9A820CD14F9F8B182469D65AF2430FFCDBAD4BD7000
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-debug-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.606873381830854
                                                              Encrypted:false
                                                              SSDEEP:192:T0WqhWnWEXCVWQ4mW5ocADB6ZX01k9z3AkprGvV:T0WqhW8VcTR9zJpr4V
                                                              MD5:33BBECE432F8DA57F17BF2E396EBAA58
                                                              SHA1:890DF2DDDFDF3EECCC698312D32407F3E2EC7EB1
                                                              SHA-256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
                                                              SHA-512:619B684E83546D97FC1D1BC7181AD09C083E880629726EE3AF138A9E4791A6DCF675A8DF65DC20EDBE6465B5F4EAC92A64265DF37E53A5F34F6BE93A5C2A7AE5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@...........`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-errorhandling-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.65169290018864
                                                              Encrypted:false
                                                              SSDEEP:192:qzmxD3T4qLWqhW2WJWadJCsVWQ4mW/xNVAv+cQ0GX01k9z3ARoanSwT44:qzQVWqhWTCsiNbZR9zQoUSwTJ
                                                              MD5:EB0978A9213E7F6FDD63B2967F02D999
                                                              SHA1:9833F4134F7AC4766991C918AECE900ACFBF969F
                                                              SHA-256:AB25A1FE836FC68BCB199F1FE565C27D26AF0C390A38DA158E0D8815EFE1103E
                                                              SHA-512:6F268148F959693EE213DB7D3DB136B8E3AD1F80267D8CBD7D5429C021ADACCC9C14424C09D527E181B9C9B5EA41765AFF568B9630E4EB83BFC532E56DFE5B63
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26216
                                                              Entropy (8bit):4.866487428274293
                                                              Encrypted:false
                                                              SSDEEP:192:gaNYPvVX8rFTsCWqhWVWEXCVWQ4mWPJlBLrp0KBQfX01k9z3ALkBw:WPvVX8WqhWiyBRxB+R9z2kBw
                                                              MD5:EFAD0EE0136532E8E8402770A64C71F9
                                                              SHA1:CDA3774FE9781400792D8605869F4E6B08153E55
                                                              SHA-256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
                                                              SHA-512:69D25EDF0F4C8AC5D77CB5815DFB53EAC7F403DC8D11BFE336A545C19A19FFDE1031FA59019507D119E4570DA0D79B95351EAC697F46024B4E558A0FF6349852
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......z.....`A........................................p................@...............@..h&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.619913450163593
                                                              Encrypted:false
                                                              SSDEEP:192:iDGaWqhWhWJWadJCsVWQ4mWd9afKUSIX01k9z3AEXzAU9:i6aWqhWACs92IR9z5EU9
                                                              MD5:1C58526D681EFE507DEB8F1935C75487
                                                              SHA1:0E6D328FAF3563F2AAE029BC5F2272FB7A742672
                                                              SHA-256:EF13DCE8F71173315DFC64AB839B033AB19A968EE15230E9D4D2C9D558EFEEE2
                                                              SHA-512:8EDB9A0022F417648E2ECE9E22C96E2727976332025C3E7D8F15BCF6D7D97E680D1BF008EB28E2E0BD57787DCBB71D38B2DEB995B8EDC35FA6852AB1D593F3D1
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@......;.....`A........................................p...L............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-file-l2-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18696
                                                              Entropy (8bit):7.054510010549814
                                                              Encrypted:false
                                                              SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                              MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                              SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                              SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                              SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-handle-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.625331165566263
                                                              Encrypted:false
                                                              SSDEEP:192:qzWqhWxWJWadJCsVWQ4mW8RJLNVAv+cQ0GX01k9z3ARo8ef3uBJu:qzWqhWwCsjNbZR9zQoEzu
                                                              MD5:E89CDCD4D95CDA04E4ABBA8193A5B492
                                                              SHA1:5C0AEE81F32D7F9EC9F0650239EE58880C9B0337
                                                              SHA-256:1A489E0606484BD71A0D9CB37A1DC6CA8437777B3D67BFC8C0075D0CC59E6238
                                                              SHA-512:55D01E68C8C899E99A3C62C2C36D6BCB1A66FF6ECD2636D2D0157409A1F53A84CE5D6F0C703D5ED47F8E9E2D1C9D2D87CC52585EE624A23D92183062C999B97E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.737397647066978
                                                              Encrypted:false
                                                              SSDEEP:192:OdxlZWqhWcWJWadJCsVWQ4mWlhtFyttuX01k9z3A2oD:OdxlZWqhWpCsctkSR9zfoD
                                                              MD5:ACCC640D1B06FB8552FE02F823126FF5
                                                              SHA1:82CCC763D62660BFA8B8A09E566120D469F6AB67
                                                              SHA-256:332BA469AE84AA72EC8CCE2B33781DB1AB81A42ECE5863F7A3CB5A990059594F
                                                              SHA-512:6382302FB7158FC9F2BE790811E5C459C5C441F8CAEE63DF1E09B203B8077A27E023C4C01957B252AC8AC288F8310BCEE5B4DCC1F7FC691458B90CDFAA36DCBE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......A....`A........................................p................0...............0..x&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-interlocked-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.6569647133331316
                                                              Encrypted:false
                                                              SSDEEP:192:dwWqhWWWEXCVWQ4mWLnySfKUSIX01k9z3AEXz5SLaDa3:iWqhWJhY2IR9z5YLt3
                                                              MD5:C6024CC04201312F7688A021D25B056D
                                                              SHA1:48A1D01AE8BC90F889FB5F09C0D2A0602EE4B0FD
                                                              SHA-256:8751D30DF554AF08EF42D2FAA0A71ABCF8C7D17CE9E9FF2EA68A4662603EC500
                                                              SHA-512:D86C773416B332945ACBB95CBE90E16730EF8E16B7F3CCD459D7131485760C2F07E95951AEB47C1CF29DE76AFFEB1C21BDF6D8260845E32205FE8411ED5EFA47
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......v.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-libraryloader-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.882042129450427
                                                              Encrypted:false
                                                              SSDEEP:192:9TvuBL3BBLAWqhWUWEXCVWQ4iWgdCLVx6RMySX01k9z3AzaXQ+BB:9TvuBL3BaWqhW/WSMR9zqaP
                                                              MD5:1F2A00E72BC8FA2BD887BDB651ED6DE5
                                                              SHA1:04D92E41CE002251CC09C297CF2B38C4263709EA
                                                              SHA-256:9C8A08A7D40B6F697A21054770F1AFA9FFB197F90EF1EEE77C67751DF28B7142
                                                              SHA-512:8CF72DF019F9FC9CD22FF77C37A563652BECEE0708FF5C6F1DA87317F41037909E64DCBDCC43E890C5777E6BCFA4035A27AFC1AEEB0F5DEBA878E3E9AEF7B02A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-localization-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.355894399765837
                                                              Encrypted:false
                                                              SSDEEP:384:0naOMw3zdp3bwjGzue9/0jCRrndbnWqhW5lFydVXC4deR9zVj7xR:FOMwBprwjGzue9/0jCRrndbtGydVXC4O
                                                              MD5:724223109E49CB01D61D63A8BE926B8F
                                                              SHA1:072A4D01E01DBBAB7281D9BD3ADD76F9A3C8B23B
                                                              SHA-256:4E975F618DF01A492AE433DFF0DD713774D47568E44C377CEEF9E5B34AAD1210
                                                              SHA-512:19B0065B894DC66C30A602C9464F118E7F84D83010E74457D48E93AACA4422812B093B15247B24D5C398B42EF0319108700543D13F156067B169CCFB4D7B6B7C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......L0....`A........................................p................0...............0..h&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-memory-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.771309314175772
                                                              Encrypted:false
                                                              SSDEEP:192:L0WqhWTWEXCVWQ4cRWdmjKDUX01k9z3AQyMX/7kn:L0WqhWol1pR9zzDY
                                                              MD5:3C38AAC78B7CE7F94F4916372800E242
                                                              SHA1:C793186BCF8FDB55A1B74568102B4E073F6971D6
                                                              SHA-256:3F81A149BA3862776AF307D5C7FEEF978F258196F0A1BF909DA2D3F440FF954D
                                                              SHA-512:C2746AA4342C6AFFFBD174819440E1BBF4371A7FED29738801C75B49E2F4F94FD6D013E002BAD2AADAFBC477171B8332C8C5579D624684EF1AFBFDE9384B8588
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......K.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-namedpipe-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.7115212149950185
                                                              Encrypted:false
                                                              SSDEEP:192:bWqhWUxWJWadJCsVWQ4mW5iFyttuX01k9z3A2EC:bWqhWUwCs8SR9zfEC
                                                              MD5:321A3CA50E80795018D55A19BF799197
                                                              SHA1:DF2D3C95FB4CBB298D255D342F204121D9D7EF7F
                                                              SHA-256:5476DB3A4FECF532F96D48F9802C966FDEF98EC8D89978A79540CB4DB352C15F
                                                              SHA-512:3EC20E1AC39A98CB5F726D8390C2EE3CD4CD0BF118FDDA7271F7604A4946D78778713B675D19DD3E1EC1D6D4D097ABE9CD6D0F76B3A7DFF53CE8D6DBC146870A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processenvironment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.893761152454321
                                                              Encrypted:false
                                                              SSDEEP:192:dEFP2WqhWVWEXCVWQ4mW68vx6RMySX01k9z3AzapOP:eF+WqhWi6gMR9zqa0
                                                              MD5:0462E22F779295446CD0B63E61142CA5
                                                              SHA1:616A325CD5B0971821571B880907CE1B181126AE
                                                              SHA-256:0B6B598EC28A9E3D646F2BB37E1A57A3DDA069A55FBA86333727719585B1886E
                                                              SHA-512:07B34DCA6B3078F7D1E8EDE5C639F697C71210DCF9F05212FD16EB181AB4AC62286BC4A7CE0D84832C17F5916D0224D1E8AAB210CEEFF811FC6724C8845A74FE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@............`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):5.231196901820079
                                                              Encrypted:false
                                                              SSDEEP:192:/Mck1JzX9cKSI0WqhWsWJWadJCsVWQ4mWClLeyttuX01k9z3A2XCJq:Uck1JzNcKSI0WqhWZCsvfSR9zfyk
                                                              MD5:C3632083B312C184CBDD96551FED5519
                                                              SHA1:A93E8E0AF42A144009727D2DECB337F963A9312E
                                                              SHA-256:BE8D78978D81555554786E08CE474F6AF1DE96FCB7FA2F1CE4052BC80C6B2125
                                                              SHA-512:8807C2444A044A3C02EF98CF56013285F07C4A1F7014200A21E20FCB995178BA835C30AC3889311E66BC61641D6226B1FF96331B019C83B6FCC7C87870CCE8C4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......9&....`A........................................p................0...............0..x&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-processthreads-l1-1-1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.799245167892134
                                                              Encrypted:false
                                                              SSDEEP:192:R0DfIeUWqhWLWJWadJCsVWQ4mWFVyttuX01k9z3A2YHmp:R0DfIeUWqhWiCsLSR9zfYHmp
                                                              MD5:517EB9E2CB671AE49F99173D7F7CE43F
                                                              SHA1:4CCF38FED56166DDBF0B7EFB4F5314C1F7D3B7AB
                                                              SHA-256:57CC66BF0909C430364D35D92B64EB8B6A15DC201765403725FE323F39E8AC54
                                                              SHA-512:492BE2445B10F6BFE6C561C1FC6F5D1AF6D1365B7449BC57A8F073B44AE49C88E66841F5C258B041547FCD33CBDCB4EB9DD3E24F0924DB32720E51651E9286BE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@.......,....`A........................................p................0...............0..x&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-profile-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.587063911311469
                                                              Encrypted:false
                                                              SSDEEP:192:fWqhWeWJWadJCsVWQ4mWMs7DENNVAv+cQ0GX01k9z3ARoIGA/:fWqhWbCs8oNbZR9zQoxS
                                                              MD5:F3FF2D544F5CD9E66BFB8D170B661673
                                                              SHA1:9E18107CFCD89F1BBB7FDAF65234C1DC8E614ADD
                                                              SHA-256:E1C5D8984A674925FA4AFBFE58228BE5323FE5123ABCD17EC4160295875A625F
                                                              SHA-512:184B09C77D079127580EF80EB34BDED0F5E874CEFBE1C5F851D86861E38967B995D859E8491FCC87508930DC06C6BBF02B649B3B489A1B138C51A7D4B4E7AAAD
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.754374422741657
                                                              Encrypted:false
                                                              SSDEEP:192:CGeVPWqhWUWJWadJCsVWQ4mWUhSqyttuX01k9z3A2lqn7cq:CGeVPWqhWBCsvoSR9zflBq
                                                              MD5:A0C2DBE0F5E18D1ADD0D1BA22580893B
                                                              SHA1:29624DF37151905467A223486500ED75617A1DFD
                                                              SHA-256:3C29730DF2B28985A30D9C82092A1FAA0CEB7FFC1BD857D1EF6324CF5524802F
                                                              SHA-512:3E627F111196009380D1687E024E6FFB1C0DCF4DCB27F8940F17FEC7EFDD8152FF365B43CB7FDB31DE300955D6C15E40A2C8FB6650A91706D7EA1C5D89319B12
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.664553499673792
                                                              Encrypted:false
                                                              SSDEEP:192:mZyMvr5WqhWAWJWadJCsVWQ4mWWqpNVAv+cQ0GX01k9z3ARo+GZ:mZyMvlWqhWNCsUpNbZR9zQo+GZ
                                                              MD5:2666581584BA60D48716420A6080ABDA
                                                              SHA1:C103F0EA32EBBC50F4C494BCE7595F2B721CB5AD
                                                              SHA-256:27E9D3E7C8756E4512932D674A738BF4C2969F834D65B2B79C342A22F662F328
                                                              SHA-512:BEFED15F11A0550D2859094CC15526B791DADEA12C2E7CEB35916983FB7A100D89D638FB1704975464302FAE1E1A37F36E01E4BEF5BC4924AB8F3FD41E60BD0C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):5.146069394118203
                                                              Encrypted:false
                                                              SSDEEP:384:vUwidv3V0dfpkXc0vVaCsWqhWjCsa2IR9z5Bk5l:sHdv3VqpkXc0vVaP+U9zzk5l
                                                              MD5:225D9F80F669CE452CA35E47AF94893F
                                                              SHA1:37BD0FFC8E820247BD4DB1C36C3B9F9F686BBD50
                                                              SHA-256:61C0EBE60CE6EBABCB927DDFF837A9BF17E14CD4B4C762AB709E630576EC7232
                                                              SHA-512:2F71A3471A9868F4D026C01E4258AFF7192872590F5E5C66AABD3C088644D28629BA8835F3A4A23825631004B1AFD440EFE7161BB9FC7D7C69E0EE204813CA7B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@.......J....`A........................................p...X............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-synch-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.834520503429805
                                                              Encrypted:false
                                                              SSDEEP:192:etZ3xWqhWqWJWadJCsVWQ4mWfH/fKUSIX01k9z3AEXz40OY:etZ3xWqhWHCsMH2IR9z5OY
                                                              MD5:1281E9D1750431D2FE3B480A8175D45C
                                                              SHA1:BC982D1C750B88DCB4410739E057A86FF02D07EF
                                                              SHA-256:433BD8DDC4F79AEE65CA94A54286D75E7D92B019853A883E51C2B938D2469BAA
                                                              SHA-512:A954E6CE76F1375A8BEAC51D751B575BBC0B0B8BA6AA793402B26404E45718165199C2C00CCBCBA3783C16BDD96F0B2C17ADDCC619C39C8031BECEBEF428CE77
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......w....`A........................................p...x............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-sysinfo-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.916367637528538
                                                              Encrypted:false
                                                              SSDEEP:192:qaIMFSYWqhWzWJWadJCsVWQ4mW14LyttuX01k9z3A2ClV:qdYWqhWqCsISR9zfCT
                                                              MD5:FD46C3F6361E79B8616F56B22D935A53
                                                              SHA1:107F488AD966633579D8EC5EB1919541F07532CE
                                                              SHA-256:0DC92E8830BC84337DCAE19EF03A84EF5279CF7D4FDC2442C1BC25320369F9DF
                                                              SHA-512:3360B2E2A25D545CCD969F305C4668C6CDA443BBDBD8A8356FFE9FBC2F70D90CF4540F2F28C9ED3EEA6C9074F94E69746E7705E6254827E6A4F158A75D81065B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-timezone-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.829681745003914
                                                              Encrypted:false
                                                              SSDEEP:192:HNpWqhW5WJWadJCsVWQ4mWbZyttuX01k9z3A2qkFU:HXWqhW4Cs1SR9zf9U
                                                              MD5:D12403EE11359259BA2B0706E5E5111C
                                                              SHA1:03CC7827A30FD1DEE38665C0CC993B4B533AC138
                                                              SHA-256:F60E1751A6AC41F08E46480BF8E6521B41E2E427803996B32BDC5E78E9560781
                                                              SHA-512:9004F4E59835AF57F02E8D9625814DB56F0E4A98467041DA6F1367EF32366AD96E0338D48FFF7CC65839A24148E2D9989883BCDDC329D9F4D27CAE3F843117D0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@............`A........................................p...H............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-core-util-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.612408827336625
                                                              Encrypted:false
                                                              SSDEEP:192:CWqhW+WJWadJCsVWQ4mWprgfKUSIX01k9z3AEXzh:CWqhW7Cs12IR9z5F
                                                              MD5:0F129611A4F1E7752F3671C9AA6EA736
                                                              SHA1:40C07A94045B17DAE8A02C1D2B49301FAD231152
                                                              SHA-256:2E1F090ABA941B9D2D503E4CD735C958DF7BB68F1E9BDC3F47692E1571AAAC2F
                                                              SHA-512:6ABC0F4878BB302713755A188F662C6FE162EA6267E5E1C497C9BA9FDDBDAEA4DB050E322CB1C77D6638ECF1DAD940B9EBC92C43ACAA594040EE58D313CBCFAE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-conio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.918215004381039
                                                              Encrypted:false
                                                              SSDEEP:192:OvMWqhWkWJWadJCsVWQ4mWoz/HyttuX01k9z3A21O:JWqhWxCs/SSR9zf1O
                                                              MD5:D4FBA5A92D68916EC17104E09D1D9D12
                                                              SHA1:247DBC625B72FFB0BF546B17FB4DE10CAD38D495
                                                              SHA-256:93619259328A264287AEE7C5B88F7F0EE32425D7323CE5DC5A2EF4FE3BED90D5
                                                              SHA-512:D5A535F881C09F37E0ADF3B58D41E123F527D081A1EBECD9A927664582AE268341771728DC967C30908E502B49F6F853EEAEBB56580B947A629EDC6BCE2340D8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......UJ....`A.........................................................0...............0..x&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-convert-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26216
                                                              Entropy (8bit):4.882777558752248
                                                              Encrypted:false
                                                              SSDEEP:192:I9cy5WqhWKWEXCVWQ4mW1pbm6yttuX01k9z3A2jyM:Ry5WqhWdcbmLSR9zfjj
                                                              MD5:EDF71C5C232F5F6EF3849450F2100B54
                                                              SHA1:ED46DA7D59811B566DD438FA1D09C20F5DC493CE
                                                              SHA-256:B987AB40CDD950EBE7A9A9176B80B8FFFC005CCD370BB1CBBCAD078C1A506BDC
                                                              SHA-512:481A3C8DC5BEF793EE78CE85EC0F193E3E9F6CD57868B813965B312BD0FADEB5F4419707CD3004FBDB407652101D52E061EF84317E8BD458979443E9F8E4079A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P............`A.........................................................@...............@..h&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-environment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.738587310329139
                                                              Encrypted:false
                                                              SSDEEP:192:TWqhWXWEXCVWQ4mWPXTNyttuX01k9z3A2dGxr:TWqhWMKASR9zfYxr
                                                              MD5:F9235935DD3BA2AA66D3AA3412ACCFBF
                                                              SHA1:281E548B526411BCB3813EB98462F48FFAF4B3EB
                                                              SHA-256:2F6BD6C235E044755D5707BD560A6AFC0BA712437530F76D11079D67C0CF3200
                                                              SHA-512:AD0C0A7891FB8328F6F0CF1DDC97523A317D727C15D15498AFA53C07610210D2610DB4BC9BD25958D47ADC1AF829AD4D7CF8AABCAB3625C783177CCDB7714246
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......h*....`A............................................"............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-filesystem-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.202163846121633
                                                              Encrypted:false
                                                              SSDEEP:192:2pUEpnWlC0i5CBWqhWXLeWEXCVWQ4iW+/x6RMySX01k9z3Aza8Az629:2ptnWm5CBWqhWtWMR9zqaH629
                                                              MD5:5107487B726BDCC7B9F7E4C2FF7F907C
                                                              SHA1:EBC46221D3C81A409FAB9815C4215AD5DA62449C
                                                              SHA-256:94A86E28E829276974E01F8A15787FDE6ED699C8B9DC26F16A51765C86C3EADE
                                                              SHA-512:A0009B80AD6A928580F2B476C1BDF4352B0611BB3A180418F2A42CFA7A03B9F0575ED75EC855D30B26E0CCA96A6DA8AFFB54862B6B9AFF33710D2F3129283FAA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......M4....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.866983142029453
                                                              Encrypted:false
                                                              SSDEEP:192:0vh8Y17aFBRsWqhW9AWEXCVWQ4mWCB4Lrp0KBQfX01k9z3ALkg5Z7:SL5WqhW9boRxB+R9z2kM7
                                                              MD5:D5D77669BD8D382EC474BE0608AFD03F
                                                              SHA1:1558F5A0F5FACC79D3957FF1E72A608766E11A64
                                                              SHA-256:8DD9218998B4C4C9E8D8B0F8B9611D49419B3C80DAA2F437CBF15BCFD4C0B3B8
                                                              SHA-512:8DEFA71772105FD9128A669F6FF19B6FE47745A0305BEB9A8CADB672ED087077F7538CD56E39329F7DAA37797A96469EAE7CD5E4CCA57C9A183B35BDC44182F3
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-locale-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.828044267819929
                                                              Encrypted:false
                                                              SSDEEP:192:dUnWqhWRWJWadJCsVWQ4mW+2PyttuX01k9z3A23y:cWqhWQCsHSR9zf3y
                                                              MD5:650435E39D38160ABC3973514D6C6640
                                                              SHA1:9A5591C29E4D91EAA0F12AD603AF05BB49708A2D
                                                              SHA-256:551A34C400522957063A2D71FA5ABA1CD78CC4F61F0ACE1CD42CC72118C500C0
                                                              SHA-512:7B4A8F86D583562956593D27B7ECB695CB24AB7192A94361F994FADBA7A488375217755E7ED5071DE1D0960F60F255AA305E9DD477C38B7BB70AC545082C9D5E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......-....`A............................................e............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-math-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):30328
                                                              Entropy (8bit):5.14173409150951
                                                              Encrypted:false
                                                              SSDEEP:384:r7yaFM4Oe59Ckb1hgmLVWqhW2CsWNbZR9zQoekS:/FMq59Bb1jnoFT9zGp
                                                              MD5:B8F0210C47847FC6EC9FBE2A1AD4DEBB
                                                              SHA1:E99D833AE730BE1FEDC826BF1569C26F30DA0D17
                                                              SHA-256:1C4A70A73096B64B536BE8132ED402BCFB182C01B8A451BFF452EFE36DDF76E7
                                                              SHA-512:992D790E18AC7AE33958F53D458D15BFF522A3C11A6BD7EE2F784AC16399DE8B9F0A7EE896D9F2C96D1E2C8829B2F35FF11FC5D8D1B14C77E22D859A1387797C
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`............`A.............................................%...........P...............P..x&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-multibyte-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):30312
                                                              Entropy (8bit):4.96699982894665
                                                              Encrypted:false
                                                              SSDEEP:384:PfhhvLPmIHJI6/CpG3t2G3t4odXLVWqhW2ntNbZR9zQo9eZ:xhPmIHJI69VFT9zO
                                                              MD5:075419431D46DC67932B04A8B91A772F
                                                              SHA1:DB2AF49EE7B6BEC379499B5A80BE39310C6C8425
                                                              SHA-256:3A4B66E65A5EE311AFC37157A8101ABA6017FF7A4355B4DD6E6C71D5B7223560
                                                              SHA-512:76287E0003A396CDA84CE6B206986476F85E927A389787D1D273684167327C41FC0FE5E947175C0DEB382C5ACCF785F867D9FCE1FEA4ABD7D99B201E277D1704
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Y.g..........." .........P...............................................`.......r....`A............................................. ...........P...............P..h&..............p............................................................................rdata..t".......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-process-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.883012715268179
                                                              Encrypted:false
                                                              SSDEEP:192:5eXrqjd7ZWqhW3WEXCVWQ4mW3Ql1Lrp0KBQfX01k9z3ALkjY/12:54rgWqhWsP1RxB+R9z2kjY/Y
                                                              MD5:272C0F80FD132E434CDCDD4E184BB1D8
                                                              SHA1:5BC8B7260E690B4D4039FE27B48B2CECEC39652F
                                                              SHA-256:BD943767F3E0568E19FB52522217C22B6627B66A3B71CD38DD6653B50662F39D
                                                              SHA-512:94892A934A92EF1630FBFEA956D1FE3A3BFE687DEC31092828960968CB321C4AB3AF3CAF191D4E28C8CA6B8927FBC1EC5D17D5C8A962C848F4373602EC982CD4
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@......N.....`A............................................x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-runtime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26208
                                                              Entropy (8bit):5.023753175006074
                                                              Encrypted:false
                                                              SSDEEP:192:4mGqX8mPrpJhhf4AN5/KiFWqhWyzWEXCVWQ4OW4034hHssDX01k9z3AaYX2cWo:4ysyr77WqhWyI0oFDR9z9YH9
                                                              MD5:20C0AFA78836B3F0B692C22F12BDA70A
                                                              SHA1:60BB74615A71BD6B489C500E6E69722F357D283E
                                                              SHA-256:962D725D089F140482EE9A8FF57F440A513387DD03FDC06B3A28562C8090C0BC
                                                              SHA-512:65F0E60136AB358661E5156B8ECD135182C8AAEFD3EC320ABDF9CFC8AEAB7B68581890E0BBC56BAD858B83D47B7A0143FA791195101DC3E2D78956F591641D16
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P......D!....`A............................................4............@...............@..`&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-stdio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26232
                                                              Entropy (8bit):5.289041983400337
                                                              Encrypted:false
                                                              SSDEEP:192:UuV2OlkuWYFxEpahfWqhWNWJWadJCsVWQ4mWeX9UfKUSIX01k9z3AEXzGd5S:dV2oFVhfWqhWMCstE2IR9z5Sd5S
                                                              MD5:96498DC4C2C879055A7AFF2A1CC2451E
                                                              SHA1:FECBC0F854B1ADF49EF07BEACAD3CEC9358B4FB2
                                                              SHA-256:273817A137EE049CBD8E51DC0BB1C7987DF7E3BF4968940EE35376F87EF2EF8D
                                                              SHA-512:4E0B2EF0EFE81A8289A447EB48898992692FEEE4739CEB9D87F5598E449E0059B4E6F4EB19794B9DCDCE78C05C8871264797C14E4754FD73280F37EC3EA3C304
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P............`A............................................a............@...............@..x&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26232
                                                              Entropy (8bit):5.284932479906984
                                                              Encrypted:false
                                                              SSDEEP:384:tCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWqhWbQCsMSR9zful:tCV5yguNvZ5VQgx3SbwA71IkFGqHe9zI
                                                              MD5:115E8275EB570B02E72C0C8A156970B3
                                                              SHA1:C305868A014D8D7BBEF9ABBB1C49A70E8511D5A6
                                                              SHA-256:415025DCE5A086DBFFC4CF322E8EAD55CB45F6D946801F6F5193DF044DB2F004
                                                              SHA-512:B97EF7C5203A0105386E4949445350D8FF1C83BDEAEE71CCF8DC22F7F6D4F113CB0A9BE136717895C36EE8455778549F629BF8D8364109185C0BF28F3CB2B2CA
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P......\.....`A.........................................................@...............@..x&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-time-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.253102285412285
                                                              Encrypted:false
                                                              SSDEEP:192:mt3hwDGWqhWrWEXCVWQ4mWn+deyttuX01k9z3A23x:AWqhWgPSR9zfh
                                                              MD5:001E60F6BBF255A60A5EA542E6339706
                                                              SHA1:F9172EC37921432D5031758D0C644FE78CDB25FA
                                                              SHA-256:82FBA9BC21F77309A649EDC8E6FC1900F37E3FFCB45CD61E65E23840C505B945
                                                              SHA-512:B1A6DC5A34968FBDC8147D8403ADF8B800A06771CC9F15613F5CE874C29259A156BAB875AAE4CAAEC2117817CE79682A268AA6E037546AECA664CD4EEA60ADBF
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@.......&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\api-ms-win-crt-utility-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.810971823417463
                                                              Encrypted:false
                                                              SSDEEP:192:p/fHQduDWqhWJWJWadJCsVWQ4mWxrnyttuX01k9z3A2Yv6WT:p/ftWqhWoCsmySR9zfYvvT
                                                              MD5:A0776B3A28F7246B4A24FF1B2867BDBF
                                                              SHA1:383C9A6AFDA7C1E855E25055AAD00E92F9D6AAFF
                                                              SHA-256:2E554D9BF872A64D2CD0F0EB9D5A06DEA78548BC0C7A6F76E0A0C8C069F3C0A9
                                                              SHA-512:7C9F0F8E53B363EF5B2E56EEC95E7B78EC50E9308F34974A287784A1C69C9106F49EA2D9CA037F0A7B3C57620FCBB1C7C372F207C68167DF85797AFFC3D7F3BA
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......^.....`A............................................^............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\base_library.zip

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                              Category:dropped
                                                              Size (bytes):1334069
                                                              Entropy (8bit):5.587852910041546
                                                              Encrypted:false
                                                              SSDEEP:12288:NttcY+bS4OmE1jc+fYNXPh26UZWAzDX7jOIqL3QtltIrdmoPFHz1dc+4/BaYcUz:NttcY+NHSPD/eMKrdmoPxzFcaYcUz
                                                              MD5:43935F81D0C08E8AB1DFE88D65AF86D8
                                                              SHA1:ABB6EAE98264EE4209B81996C956A010ECF9159B
                                                              SHA-256:C611943F0AEB3292D049437CB03500CC2F8D12F23FAF55E644BCA82F43679BC0
                                                              SHA-512:06A9DCD310AA538664B08F817EC1C6CFA3F748810D76559C46878EA90796804904D41AC79535C7F63114DF34C0E5DE6D0452BB30DF54B77118D925F21CFA1955
                                                              Malicious:false
                                                              Preview:PK..........!..............._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\certifi\cacert.pem

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291528
                                                              Entropy (8bit):6.047650375646611
                                                              Encrypted:false
                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5NP:QWb/TRJLWURrI5RWavdF0J
                                                              MD5:181AC9A809B1A8F1BC39C1C5C777CF2A
                                                              SHA1:9341E715CEA2E6207329E7034365749FCA1F37DC
                                                              SHA-256:488BA960602BF07CC63F4EF7AEC108692FEC41820FC3328A8E3F3DE038149AEE
                                                              SHA-512:E19A92B94AEDCF1282B3EF561BD471EA19ED361334092C55D72425F9183EBD1D30A619E493841B6F75C629F26F28DC682960977941B486C59475F21CF86FFF85
                                                              Malicious:false
                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md.cp312-win_amd64.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10752
                                                              Entropy (8bit):4.674392865869017
                                                              Encrypted:false
                                                              SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                              MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                              SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                              SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                              SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):122880
                                                              Entropy (8bit):5.917175475547778
                                                              Encrypted:false
                                                              SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                              MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                              SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                              SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                              SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\libcrypto-3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5191960
                                                              Entropy (8bit):5.962142634441191
                                                              Encrypted:false
                                                              SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                              MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                              SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                              SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                              SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\libssl-3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):787224
                                                              Entropy (8bit):5.609561366841894
                                                              Encrypted:false
                                                              SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                              MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                              SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                              SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                              SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\python312.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6926616
                                                              Entropy (8bit):5.7675148099570395
                                                              Encrypted:false
                                                              SSDEEP:49152:PPknDqOJlpxSupRo2vXDZ2lgghXQIX2CG4Ts99kdwQAvyodh1GCOepxk1NHh8yfE:kdlpx9p5Loehv6JfDvXHDMiETH+0Tn
                                                              MD5:D521654D889666A0BC753320F071EF60
                                                              SHA1:5FD9B90C5D0527E53C199F94BAD540C1E0985DB6
                                                              SHA-256:21700F0BAD5769A1B61EA408DC0A140FFD0A356A774C6EB0CC70E574B929D2E2
                                                              SHA-512:7A726835423A36DE80FB29EF65DFE7150BD1567CAC6F3569E24D9FE091496C807556D0150456429A3D1A6FD2ED0B8AE3128EA3B8674C97F42CE7C897719D2CD3
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..N%..N%..N%......L%....m.@%......J%......F%......C%..G]..T%...]..E%..N%..>$..]....%..]...O%..].o.O%..]...O%..RichN%..........................PE..d.....bf.........." ...(..(..<B......w.......................................pj.....[.j...`..........................................VN.d...D$O.......i......._..J....i../....i..[....2.T.....................H.(.....2.@.............(..............................text.....'.......(................. ..`.rdata...9'...(..:'...(.............@..@.data....L...PO......>O.............@....pdata...J...._..L....^.............@..@PyRuntim0.....a.......a.............@....rsrc.........i.......h.............@..@.reloc...[....i..\...&h.............@..B........................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pythoncom312.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):670720
                                                              Entropy (8bit):6.031732543230407
                                                              Encrypted:false
                                                              SSDEEP:12288:NQB2xCzIWn6O6X0f3O+0kMFN8v4+arfopdLvt:NQQxHWn66f++0k2FWt
                                                              MD5:A2CC25338A9BB825237EF1653511A36A
                                                              SHA1:433DED40BAB01DED8758141045E3E6658D435685
                                                              SHA-256:698B9B005243163C245BFA22357B383E107A1D21A8C420D2EF458662E410422F
                                                              SHA-512:8D55D3F908E2407662E101238DACDBD84AE197E6E951618171DEEAC9CFB3F4CB12425212DBFD691A0B930DA43E1A344C5004DE7E89D3AEC47E9063A5312FA74B
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`...3...3...3..\3...3...2...3...2...3...2...3...2...3...2...3U..2...3...2...3...3..3U..2..3U..2...3U..2...3Rich...3................PE..d...|..d.........." ......................................................................`..........................................U...c..............l....@...z............... ......T...........................@...8............................................text............................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\pywin32_system32\pywintypes312.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):134656
                                                              Entropy (8bit):5.9953900911096785
                                                              Encrypted:false
                                                              SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                              MD5:26D752C8896B324FFD12827A5E4B2808
                                                              SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                              SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                              SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\select.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):31000
                                                              Entropy (8bit):6.554631307714331
                                                              Encrypted:false
                                                              SSDEEP:384:2RVBC9t6Lhz64wHqFslDT90YpISQGrHQIYiSy1pCQ+42AM+o/8E9VF0Nyes:YGyIHqG1HpISQG75YiSyvB2AMxkEp
                                                              MD5:D0CC9FC9A0650BA00BD206720223493B
                                                              SHA1:295BC204E489572B74CC11801ED8590F808E1618
                                                              SHA-256:411D6F538BDBAF60F1A1798FA8AA7ED3A4E8FCC99C9F9F10D21270D2F3742019
                                                              SHA-512:D3EBCB91D1B8AA247D50C2C4B2BA1BF3102317C593CBF6C63883E8BF9D6E50C0A40F149654797ABC5B4F17AEE282DDD972A8CD9189BFCD5B9CEC5AB9C341E20B
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'...&..'...&..'...&..'...&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'........PE..d.....bf.........." ...(.....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\ucrtbase.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1016584
                                                              Entropy (8bit):6.669319438805479
                                                              Encrypted:false
                                                              SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                              MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                              SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                              SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                              SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\unicodedata.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1138456
                                                              Entropy (8bit):5.461934346955969
                                                              Encrypted:false
                                                              SSDEEP:12288:LrEHdcM6hbqCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAjL:LrEXPCjfk7bPNfv42BN6yzUAjL
                                                              MD5:CC8142BEDAFDFAA50B26C6D07755C7A6
                                                              SHA1:0FCAB5816EAF7B138F22C29C6D5B5F59551B39FE
                                                              SHA-256:BC2CF23B7B7491EDCF03103B78DBAF42AFD84A60EA71E764AF9A1DDD0FE84268
                                                              SHA-512:C3B0C1DBE5BF159AB7706F314A75A856A08EBB889F53FE22AB3EC92B35B5E211EDAB3934DF3DA64EBEA76F38EB9BFC9504DB8D7546A36BC3CABE40C5599A9CBD
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....}...}...}......}..*|...}..*~...}..*y...}..*x...}..-|...}.H.|...}...|.S.}..-p...}..-}...}..-....}..-....}.Rich..}.........................PE..d.....bf.........." ...(.@..........0*.......................................p............`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\win32\_win32sysloader.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):14848
                                                              Entropy (8bit):5.116470324236407
                                                              Encrypted:false
                                                              SSDEEP:192:yxCm72PEO1jIUs0YqEcPbF55UgCWV4rofnbPietE4kqDLWn7ycLmr0/:gardA0Bzx14r6nbKJ0Wr/
                                                              MD5:7CFF63D632A7024E62DB2A2BCE9A1B24
                                                              SHA1:6A0BC8ADD112CC66EE4FD1C907F2F7E49B6BD1CF
                                                              SHA-256:DF8BA0C5B50CA3B5C0B3857F926118EFBEB9744B8F382809858BA426BF4A2268
                                                              SHA-512:3FC02CB3BBD71B75BDC492DC2C89C9D59839AA484CFAFF3FD6537AE8BB3427969CD9EF90978F5CB25A87AF8D2CAE96E2184FDC59115E947A05AA9E0378807227
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.f. ... ... ...).."...r..."...4..."...r...+...r...(...r...#.......#... ...........!.......!.......!...Rich ...........PE..d......d.........." ......................................................................`..........................................;..`...`;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..$....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32api.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):133632
                                                              Entropy (8bit):5.851293297484796
                                                              Encrypted:false
                                                              SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                              MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                              SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                              SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                              SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\win32\win32trace.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):23040
                                                              Entropy (8bit):5.356227710749481
                                                              Encrypted:false
                                                              SSDEEP:384:JbuxajLxmByUDH2So0JVPYesgA0T8Dm7R8WnjVDtErNnpC9a1BC:JS4UDWC0e8WjVZc68B
                                                              MD5:0F65C9D8A87799FFB6D932FC0D323E24
                                                              SHA1:11E25879E1BF09A3589404C2AD8D0720FE82D877
                                                              SHA-256:764915DAD87ABC6252251699A2A98EFB0C23C296239E96F567CD76E242C897E1
                                                              SHA-512:5B6B6B3E38F390BEEA18A66627E5B82B5E0B0294E1941968E755D5F9AFE00436778ADC153D8D8E3110CC03D30276FF18920150C5BD4D672821CB285F5E1EF121
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>].OP..OP..OP..7...OP..:Q..OP..:U..OP..:T..OP..:S..OP..:Q..OP..$Q..OP..OQ..OP..:Y..OP..:P..OP..:R..OP.Rich.OP.................PE..d......d.........." .....*...,.......'....................................................`..........................................Q..T...dQ..........d....p.......................G..T...........................0H..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....`.......J..............@....pdata.......p.......P..............@..@.rsrc...d............T..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI66962\win32com\shell\shell.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):528384
                                                              Entropy (8bit):6.160155013206866
                                                              Encrypted:false
                                                              SSDEEP:6144:z1DMeMqifNWPvtQlhzFRAnhgUWW9Ko6pWa5p5zic7RRWf:z1DMeMqKQ3tQjFmNL6pWahT7R4f
                                                              MD5:91244BF7D99D73496F22BD804A74993E
                                                              SHA1:0E8D158F944E761A63E37F11817B96EB33F1B208
                                                              SHA-256:E5FCA249DDCFF94134145DFA6BCA90FA6471B941CE351C867E8AA327395C7D09
                                                              SHA-512:34D64C76DF3BDC37DD841BE50E29942F6FE398E31E81945834D3D136B31E6DE2CEA629645D89BE24BD106228A96D1F86281371DDFE057DD7120B75A3D705FAF9
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.C.............bh.....Wo......Wo......Wo......Wo.......q.......o.......q.......q...............o..C....o.......o......Rich....................PE..d...9..d.........." .....$................................................................`.............................................L...............L.......xx...............!......T..............................8............@...............................text...n#.......$.................. ..`.rdata.......@.......(..............@..@.data........0...^..................@....pdata..xx.......z...p..............@..@.rsrc...L...........................@..@.reloc...!......."..................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\gen_py\3.12\__init__.py

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:ASCII text, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):176
                                                              Entropy (8bit):4.713840781302666
                                                              Encrypted:false
                                                              SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                              MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                              SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                              SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                              SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                              Malicious:false
                                                              Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                              C:\Users\user\AppData\Local\Temp\gen_py\3.12\dicts.dat

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):10
                                                              Entropy (8bit):2.7219280948873625
                                                              Encrypted:false
                                                              SSDEEP:3:qW6:qW6
                                                              MD5:2C7344F3031A5107275CE84AED227411
                                                              SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                              SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                              SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                              Malicious:false
                                                              Preview:..K....}..

                                                              \Device\ConDrv

                                                              Download File
                                                              Process:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):65
                                                              Entropy (8bit):4.392930843824841
                                                              Encrypted:false
                                                              SSDEEP:3:t6X4F4IABFReNmI4LUAuF5QEyn:B45MmI4LP3
                                                              MD5:97132A94CAED4DCA6D0BA0708B57364E
                                                              SHA1:CB57CA1CB8BA75CA29908C538607F77C66A41E7E
                                                              SHA-256:3F03CDC7D9C05ED0BB0C96394AF0E1039B03D6D03824C54A7A7ECBEDC7D4A0EC
                                                              SHA-512:405B1320034F9F69A12928F6B3513E85D6AE7D4BC9B753A11269F54CCC0196008EC438F3F89C554FC37A2134AD3B07EAAAE4A47AF8C3D6B7B248F74687755C05
                                                              Malicious:false
                                                              Preview:[7052] Failed to execute script 'f' due to unhandled exception!..

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (console) x86-64, for MS Windows
                                                              Entropy (8bit):7.994925085162345
                                                              TrID:
                                                              • Win64 Executable Console (202006/5) 92.65%
                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                              • DOS Executable Generic (2002/1) 0.92%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:rQTI6IKszT.exe
                                                              File size:13'383'948 bytes
                                                              MD5:daa45a56bb222aee14337b90549880e3
                                                              SHA1:9926047a67befc5935a68b58cef0a162d1679db9
                                                              SHA256:fa8cf7b851ce2ea62a493d23bfa6bb340cd0f980b51d7ca694c90b4e276e1b64
                                                              SHA512:e174d00e49cf8f8ae0fb43ac3aadd4af0587ec2d1d1122c1d50bf0f02a88fc544938eb2aba81a60f9429dac65a7924d103b6b170c4b1ef7a82e1b7fae7760bd1
                                                              SSDEEP:196608:9rw40sKYu/PaQ8MCOmwuLIRBA1HeT39IigQh1ncKOVVtoqSE37puhHtQON9Yx74Q:jQ8Odxq1+TtIiLv0VgCp+6pu
                                                              TLSH:61D6334173A208F9E6ABA53B8061CF268373FC095731D69F93EC46962F930924D79B71
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.CU3.-.3.-.3.-.x...4.-.x.(...-.x.).9.-..;..0.-..;..:.-..;).".-..;(...-.x.,.4.-.3.,.O.-. <).*.-. </.2.-.Rich3.-.........PE..d..

                                                              File Icon

                                                              Icon Hash:2e1e7c4c4c61e979

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x14000b4d0
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows cui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x669EBF38 [Mon Jul 22 20:21:12 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:ba2fe82dbe3fc8bdddc26ef88c3ef15a

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F067C802F4Ch
                                                              dec eax
                                                              add esp, 28h
                                                              jmp 00007F067C802B5Fh
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F067C8032D8h
                                                              test eax, eax
                                                              je 00007F067C802D13h
                                                              dec eax
                                                              mov eax, dword ptr [00000030h]
                                                              dec eax
                                                              mov ecx, dword ptr [eax+08h]
                                                              jmp 00007F067C802CF7h
                                                              dec eax
                                                              cmp ecx, eax
                                                              je 00007F067C802D06h
                                                              xor eax, eax
                                                              dec eax
                                                              cmpxchg dword ptr [0003A03Ch], ecx
                                                              jne 00007F067C802CE0h
                                                              xor al, al
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              mov al, 01h
                                                              jmp 00007F067C802CE9h
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              test ecx, ecx
                                                              jne 00007F067C802CF9h
                                                              mov byte ptr [0003A025h], 00000001h
                                                              call 00007F067C802435h
                                                              call 00007F067C8036F0h
                                                              test al, al
                                                              jne 00007F067C802CF6h
                                                              xor al, al
                                                              jmp 00007F067C802D06h
                                                              call 00007F067C811BBFh
                                                              test al, al
                                                              jne 00007F067C802CFBh
                                                              xor ecx, ecx
                                                              call 00007F067C803700h
                                                              jmp 00007F067C802CDCh
                                                              mov al, 01h
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              int3
                                                              int3
                                                              inc eax
                                                              push ebx
                                                              dec eax
                                                              sub esp, 20h
                                                              cmp byte ptr [00039FECh], 00000000h
                                                              mov ebx, ecx
                                                              jne 00007F067C802D59h
                                                              cmp ecx, 01h
                                                              jnbe 00007F067C802D5Ch
                                                              call 00007F067C80324Eh
                                                              test eax, eax
                                                              je 00007F067C802D1Ah
                                                              test ebx, ebx
                                                              jne 00007F067C802D16h
                                                              dec eax
                                                              lea ecx, dword ptr [00039FD6h]
                                                              call 00007F067C8119B2h

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6940x50.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000xef8c.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x470000x22c8.pdata
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x768.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3ac600x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3ab200x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x398.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x2a2b00x2a400e053bf2f68c38f61c99aca86be7960ddFalse0.5460082285502958data6.489919752629757IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x2c0000x1233a0x124004f90bfe8fae9b5abebd03bca0532ddb6False0.5267417594178082data5.783055894841891IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x3f0000x73e80xe000a0e29468eba7a0d037450c69e0a49c7False0.134765625data1.846104717976044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x470000x22c80x24000c9766474f47260d6400d369145300b2False0.4747178819444444data5.345499890484728IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .rsrc0x4a0000xef8c0xf000182535996cad843065a3dadaf64df887False0.8010091145833333data7.350145587019619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x590000x7680x80020f278305f39ce7b0fa7b6fef8861e19False0.52099609375data5.224382024500949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x4a2080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                              RT_ICON0x4b0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                              RT_ICON0x4b9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                              RT_ICON0x4bec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                              RT_ICON0x54f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                              RT_ICON0x575040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                              RT_ICON0x585ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                              RT_GROUP_ICON0x58a140x68data0.7019230769230769
                                                              RT_MANIFEST0x58a7c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                              Imports

                                                              DLLImport
                                                              USER32.dllGetWindowThreadProcessId, ShowWindow
                                                              KERNEL32.dllGetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, FormatMessageW, GetCurrentProcess, GetCurrentProcessId, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, HeapReAlloc, GetLastError, WriteConsoleW, SetEndOfFile, Sleep, EnterCriticalSection, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize
                                                              ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 3, 2024 09:56:03.417392969 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.417474985 CEST44349731149.137.136.16192.168.2.4
                                                              Aug 3, 2024 09:56:03.417551041 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.418229103 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.418263912 CEST44349731149.137.136.16192.168.2.4
                                                              Aug 3, 2024 09:56:03.925602913 CEST44349731149.137.136.16192.168.2.4
                                                              Aug 3, 2024 09:56:03.926222086 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.926284075 CEST44349731149.137.136.16192.168.2.4
                                                              Aug 3, 2024 09:56:03.928445101 CEST44349731149.137.136.16192.168.2.4
                                                              Aug 3, 2024 09:56:03.928534985 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.929774046 CEST49731443192.168.2.4149.137.136.16
                                                              Aug 3, 2024 09:56:03.929917097 CEST49731443192.168.2.4149.137.136.16

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 3, 2024 09:56:03.404737949 CEST6380653192.168.2.41.1.1.1
                                                              Aug 3, 2024 09:56:03.414161921 CEST53638061.1.1.1192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Aug 3, 2024 09:56:03.404737949 CEST192.168.2.41.1.1.10x3670Standard query (0)f005.backblazeb2.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Aug 3, 2024 09:56:03.414161921 CEST1.1.1.1192.168.2.40x3670No error (0)f005.backblazeb2.com149.137.136.16A (IP address)IN (0x0001)false

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:55:57
                                                              Start date:03/08/2024
                                                              Path:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\rQTI6IKszT.exe"
                                                              Imagebase:0x7ff704c00000
                                                              File size:13'383'948 bytes
                                                              MD5 hash:DAA45A56BB222AEE14337B90549880E3
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:03:55:57
                                                              Start date:03/08/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff7699e0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:03:55:59
                                                              Start date:03/08/2024
                                                              Path:C:\Users\user\Desktop\rQTI6IKszT.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\rQTI6IKszT.exe"
                                                              Imagebase:0x7ff704c00000
                                                              File size:13'383'948 bytes
                                                              MD5 hash:DAA45A56BB222AEE14337B90549880E3
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:9.2%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:9.3%
                                                                Total number of Nodes:2000
                                                                Total number of Limit Nodes:38
                                                                execution_graph 19676 7ff704c217f0 19694 7ff704c20668 EnterCriticalSection 19676->19694 19563 7ff704c156f4 19564 7ff704c1572b 19563->19564 19565 7ff704c1570e 19563->19565 19564->19565 19567 7ff704c1573e CreateFileW 19564->19567 19566 7ff704c1b578 _fread_nolock 11 API calls 19565->19566 19568 7ff704c15713 19566->19568 19569 7ff704c157a8 19567->19569 19570 7ff704c15772 19567->19570 19572 7ff704c1b598 _set_fmode 11 API calls 19568->19572 19614 7ff704c15cd0 19569->19614 19588 7ff704c15848 GetFileType 19570->19588 19575 7ff704c1571b 19572->19575 19579 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19575->19579 19577 7ff704c157dc 19635 7ff704c15a90 19577->19635 19578 7ff704c157b1 19582 7ff704c1b50c _fread_nolock 11 API calls 19578->19582 19584 7ff704c15726 19579->19584 19580 7ff704c15787 CloseHandle 19580->19584 19581 7ff704c1579d CloseHandle 19581->19584 19587 7ff704c157bb 19582->19587 19587->19584 19589 7ff704c15953 19588->19589 19590 7ff704c15896 19588->19590 19592 7ff704c1595b 19589->19592 19593 7ff704c1597d 19589->19593 19591 7ff704c158c2 GetFileInformationByHandle 19590->19591 19595 7ff704c15bcc 21 API calls 19590->19595 19596 7ff704c158eb 19591->19596 19597 7ff704c1596e GetLastError 19591->19597 19592->19597 19598 7ff704c1595f 19592->19598 19594 7ff704c159a0 PeekNamedPipe 19593->19594 19605 7ff704c1593e 19593->19605 19594->19605 19599 7ff704c158b0 19595->19599 19600 7ff704c15a90 51 API calls 19596->19600 19602 7ff704c1b50c _fread_nolock 11 API calls 19597->19602 19601 7ff704c1b598 _set_fmode 11 API calls 19598->19601 19599->19591 19599->19605 19604 7ff704c158f6 19600->19604 19601->19605 19602->19605 19603 7ff704c0ac60 _log10_special 8 API calls 19606 7ff704c15780 19603->19606 19652 7ff704c159f0 19604->19652 19605->19603 19606->19580 19606->19581 19609 7ff704c159f0 10 API calls 19610 7ff704c15915 19609->19610 19611 7ff704c159f0 10 API calls 19610->19611 19612 7ff704c15926 19611->19612 19612->19605 19613 7ff704c1b598 _set_fmode 11 API calls 19612->19613 19613->19605 19615 7ff704c15d06 19614->19615 19616 7ff704c1b598 _set_fmode 11 API calls 19615->19616 19629 7ff704c15d9e __std_exception_destroy 19615->19629 19618 7ff704c15d18 19616->19618 19617 7ff704c0ac60 _log10_special 8 API calls 19619 7ff704c157ad 19617->19619 19620 7ff704c1b598 _set_fmode 11 API calls 19618->19620 19619->19577 19619->19578 19621 7ff704c15d20 19620->19621 19622 7ff704c17e54 45 API calls 19621->19622 19623 7ff704c15d35 19622->19623 19624 7ff704c15d47 19623->19624 19625 7ff704c15d3d 19623->19625 19627 7ff704c1b598 _set_fmode 11 API calls 19624->19627 19626 7ff704c1b598 _set_fmode 11 API calls 19625->19626 19634 7ff704c15d42 19626->19634 19628 7ff704c15d4c 19627->19628 19628->19629 19630 7ff704c1b598 _set_fmode 11 API calls 19628->19630 19629->19617 19631 7ff704c15d56 19630->19631 19632 7ff704c17e54 45 API calls 19631->19632 19632->19634 19633 7ff704c15d90 GetDriveTypeW 19633->19629 19634->19629 19634->19633 19636 7ff704c15ab8 19635->19636 19644 7ff704c157e9 19636->19644 19659 7ff704c1fab4 19636->19659 19638 7ff704c15b4c 19639 7ff704c1fab4 51 API calls 19638->19639 19638->19644 19640 7ff704c15b5f 19639->19640 19641 7ff704c1fab4 51 API calls 19640->19641 19640->19644 19642 7ff704c15b72 19641->19642 19643 7ff704c1fab4 51 API calls 19642->19643 19642->19644 19643->19644 19645 7ff704c15bcc 19644->19645 19646 7ff704c15be6 19645->19646 19647 7ff704c15c1d 19646->19647 19648 7ff704c15bf6 19646->19648 19649 7ff704c1f948 21 API calls 19647->19649 19650 7ff704c1b50c _fread_nolock 11 API calls 19648->19650 19651 7ff704c15c06 19648->19651 19649->19651 19650->19651 19651->19587 19653 7ff704c15a19 FileTimeToSystemTime 19652->19653 19654 7ff704c15a0c 19652->19654 19655 7ff704c15a2d SystemTimeToTzSpecificLocalTime 19653->19655 19656 7ff704c15a14 19653->19656 19654->19653 19654->19656 19655->19656 19657 7ff704c0ac60 _log10_special 8 API calls 19656->19657 19658 7ff704c15905 19657->19658 19658->19609 19660 7ff704c1fae5 19659->19660 19661 7ff704c1fac1 19659->19661 19663 7ff704c1fb1f 19660->19663 19666 7ff704c1fb3e 19660->19666 19661->19660 19662 7ff704c1fac6 19661->19662 19664 7ff704c1b598 _set_fmode 11 API calls 19662->19664 19665 7ff704c1b598 _set_fmode 11 API calls 19663->19665 19667 7ff704c1facb 19664->19667 19668 7ff704c1fb24 19665->19668 19669 7ff704c14ee8 45 API calls 19666->19669 19670 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19667->19670 19671 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19668->19671 19672 7ff704c1fb4b 19669->19672 19673 7ff704c1fad6 19670->19673 19674 7ff704c1fb2f 19671->19674 19672->19674 19675 7ff704c2086c 51 API calls 19672->19675 19673->19638 19674->19638 19675->19672 19738 7ff704c19de0 19741 7ff704c19d58 19738->19741 19748 7ff704c20668 EnterCriticalSection 19741->19748 19749 7ff704c1afe0 19750 7ff704c1afe5 19749->19750 19754 7ff704c1affa 19749->19754 19755 7ff704c1b000 19750->19755 19756 7ff704c1b04a 19755->19756 19757 7ff704c1b042 19755->19757 19759 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19756->19759 19758 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19757->19758 19758->19756 19760 7ff704c1b057 19759->19760 19761 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19760->19761 19762 7ff704c1b064 19761->19762 19763 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19762->19763 19764 7ff704c1b071 19763->19764 19765 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19764->19765 19766 7ff704c1b07e 19765->19766 19767 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19766->19767 19768 7ff704c1b08b 19767->19768 19769 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19768->19769 19770 7ff704c1b098 19769->19770 19771 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19770->19771 19772 7ff704c1b0a5 19771->19772 19773 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19772->19773 19774 7ff704c1b0b5 19773->19774 19775 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19774->19775 19776 7ff704c1b0c5 19775->19776 19781 7ff704c1aeac 19776->19781 19795 7ff704c20668 EnterCriticalSection 19781->19795 20952 7ff704c0b260 20953 7ff704c0b270 20952->20953 20969 7ff704c19bf8 20953->20969 20955 7ff704c0b27c 20975 7ff704c0b568 20955->20975 20957 7ff704c0b84c 7 API calls 20959 7ff704c0b315 20957->20959 20958 7ff704c0b294 _RTC_Initialize 20967 7ff704c0b2e9 20958->20967 20980 7ff704c0b718 20958->20980 20961 7ff704c0b2a9 20983 7ff704c19068 20961->20983 20967->20957 20968 7ff704c0b305 20967->20968 20970 7ff704c19c09 20969->20970 20971 7ff704c1b598 _set_fmode 11 API calls 20970->20971 20972 7ff704c19c11 20970->20972 20973 7ff704c19c20 20971->20973 20972->20955 20974 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 20973->20974 20974->20972 20976 7ff704c0b579 20975->20976 20979 7ff704c0b57e __scrt_release_startup_lock 20975->20979 20977 7ff704c0b84c 7 API calls 20976->20977 20976->20979 20978 7ff704c0b5f2 20977->20978 20979->20958 21008 7ff704c0b6dc 20980->21008 20982 7ff704c0b721 20982->20961 20984 7ff704c19088 20983->20984 20985 7ff704c0b2b5 20983->20985 20986 7ff704c19090 20984->20986 20987 7ff704c190a6 GetModuleFileNameW 20984->20987 20985->20967 21007 7ff704c0b7ec InitializeSListHead 20985->21007 20988 7ff704c1b598 _set_fmode 11 API calls 20986->20988 20991 7ff704c190d1 20987->20991 20989 7ff704c19095 20988->20989 20990 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 20989->20990 20990->20985 20992 7ff704c19008 11 API calls 20991->20992 20993 7ff704c19111 20992->20993 20994 7ff704c19119 20993->20994 20998 7ff704c19131 20993->20998 20995 7ff704c1b598 _set_fmode 11 API calls 20994->20995 20996 7ff704c1911e 20995->20996 20997 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20996->20997 20997->20985 20999 7ff704c19153 20998->20999 21001 7ff704c19198 20998->21001 21002 7ff704c1917f 20998->21002 21000 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20999->21000 21000->20985 21004 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 21001->21004 21003 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 21002->21003 21005 7ff704c19188 21003->21005 21004->20999 21006 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 21005->21006 21006->20985 21009 7ff704c0b6ef 21008->21009 21010 7ff704c0b6f6 21008->21010 21009->20982 21012 7ff704c1a27c 21010->21012 21015 7ff704c19eb8 21012->21015 21022 7ff704c20668 EnterCriticalSection 21015->21022 21023 7ff704c2af8c 21025 7ff704c2af9c 21023->21025 21027 7ff704c15238 LeaveCriticalSection 21025->21027 19812 7ff704c2b112 19815 7ff704c15238 LeaveCriticalSection 19812->19815 19922 7ff704c2b1a7 19923 7ff704c2b1c0 19922->19923 19924 7ff704c2b1b6 19922->19924 19926 7ff704c206c8 LeaveCriticalSection 19924->19926 19952 7ff704c27fb0 19955 7ff704c22980 19952->19955 19956 7ff704c2298d 19955->19956 19960 7ff704c229d2 19955->19960 19961 7ff704c1b234 19956->19961 19962 7ff704c1b260 FlsSetValue 19961->19962 19963 7ff704c1b245 FlsGetValue 19961->19963 19965 7ff704c1b252 19962->19965 19966 7ff704c1b26d 19962->19966 19964 7ff704c1b25a 19963->19964 19963->19965 19964->19962 19967 7ff704c1a51c __CxxCallCatchBlock 45 API calls 19965->19967 19969 7ff704c1b258 19965->19969 19968 7ff704c1f014 _set_fmode 11 API calls 19966->19968 19970 7ff704c1b2d5 19967->19970 19971 7ff704c1b27c 19968->19971 19981 7ff704c22654 19969->19981 19972 7ff704c1b29a FlsSetValue 19971->19972 19973 7ff704c1b28a FlsSetValue 19971->19973 19974 7ff704c1b2b8 19972->19974 19975 7ff704c1b2a6 FlsSetValue 19972->19975 19976 7ff704c1b293 19973->19976 19977 7ff704c1af0c _set_fmode 11 API calls 19974->19977 19975->19976 19978 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19976->19978 19979 7ff704c1b2c0 19977->19979 19978->19965 19980 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19979->19980 19980->19969 20004 7ff704c228c4 19981->20004 19983 7ff704c22689 20019 7ff704c22354 19983->20019 19986 7ff704c226a6 19986->19960 19987 7ff704c1d8d4 _fread_nolock 12 API calls 19988 7ff704c226b7 19987->19988 19989 7ff704c226bf 19988->19989 19991 7ff704c226ce 19988->19991 19990 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19989->19990 19990->19986 19991->19991 20026 7ff704c229fc 19991->20026 19994 7ff704c227ca 19995 7ff704c1b598 _set_fmode 11 API calls 19994->19995 19997 7ff704c227cf 19995->19997 19996 7ff704c22825 19999 7ff704c2288c 19996->19999 20037 7ff704c22184 19996->20037 20000 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19997->20000 19998 7ff704c227e4 19998->19996 20001 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19998->20001 20003 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19999->20003 20000->19986 20001->19996 20003->19986 20005 7ff704c228e7 20004->20005 20008 7ff704c228f1 20005->20008 20052 7ff704c20668 EnterCriticalSection 20005->20052 20007 7ff704c22963 20007->19983 20008->20007 20010 7ff704c1a51c __CxxCallCatchBlock 45 API calls 20008->20010 20012 7ff704c2297b 20010->20012 20014 7ff704c229d2 20012->20014 20016 7ff704c1b234 50 API calls 20012->20016 20014->19983 20017 7ff704c229bc 20016->20017 20018 7ff704c22654 65 API calls 20017->20018 20018->20014 20020 7ff704c14ee8 45 API calls 20019->20020 20021 7ff704c22368 20020->20021 20022 7ff704c22374 GetOEMCP 20021->20022 20023 7ff704c22386 20021->20023 20024 7ff704c2239b 20022->20024 20023->20024 20025 7ff704c2238b GetACP 20023->20025 20024->19986 20024->19987 20025->20024 20027 7ff704c22354 47 API calls 20026->20027 20028 7ff704c22a29 20027->20028 20029 7ff704c22b7f 20028->20029 20031 7ff704c22a66 IsValidCodePage 20028->20031 20036 7ff704c22a80 memcpy_s 20028->20036 20030 7ff704c0ac60 _log10_special 8 API calls 20029->20030 20032 7ff704c227c1 20030->20032 20031->20029 20033 7ff704c22a77 20031->20033 20032->19994 20032->19998 20034 7ff704c22aa6 GetCPInfo 20033->20034 20033->20036 20034->20029 20034->20036 20053 7ff704c2246c 20036->20053 20109 7ff704c20668 EnterCriticalSection 20037->20109 20054 7ff704c224a9 GetCPInfo 20053->20054 20055 7ff704c2259f 20053->20055 20054->20055 20060 7ff704c224bc 20054->20060 20056 7ff704c0ac60 _log10_special 8 API calls 20055->20056 20058 7ff704c2263e 20056->20058 20057 7ff704c231d0 48 API calls 20059 7ff704c22533 20057->20059 20058->20029 20064 7ff704c27f14 20059->20064 20060->20057 20063 7ff704c27f14 54 API calls 20063->20055 20065 7ff704c14ee8 45 API calls 20064->20065 20066 7ff704c27f39 20065->20066 20069 7ff704c27be0 20066->20069 20070 7ff704c27c21 20069->20070 20071 7ff704c1fc30 _fread_nolock MultiByteToWideChar 20070->20071 20074 7ff704c27c6b 20071->20074 20072 7ff704c27ee9 20073 7ff704c0ac60 _log10_special 8 API calls 20072->20073 20075 7ff704c22566 20073->20075 20074->20072 20076 7ff704c1d8d4 _fread_nolock 12 API calls 20074->20076 20078 7ff704c27ca3 20074->20078 20088 7ff704c27da1 20074->20088 20075->20063 20076->20078 20077 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20077->20072 20079 7ff704c1fc30 _fread_nolock MultiByteToWideChar 20078->20079 20078->20088 20080 7ff704c27d16 20079->20080 20080->20088 20100 7ff704c1f460 20080->20100 20083 7ff704c27db2 20086 7ff704c27e84 20083->20086 20087 7ff704c1d8d4 _fread_nolock 12 API calls 20083->20087 20090 7ff704c27dd0 20083->20090 20084 7ff704c27d61 20085 7ff704c1f460 __crtLCMapStringW 6 API calls 20084->20085 20084->20088 20085->20088 20086->20088 20089 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20086->20089 20087->20090 20088->20072 20088->20077 20089->20088 20090->20088 20091 7ff704c1f460 __crtLCMapStringW 6 API calls 20090->20091 20092 7ff704c27e50 20091->20092 20092->20086 20093 7ff704c27e70 20092->20093 20094 7ff704c27e86 20092->20094 20095 7ff704c20b78 WideCharToMultiByte 20093->20095 20096 7ff704c20b78 WideCharToMultiByte 20094->20096 20097 7ff704c27e7e 20095->20097 20096->20097 20097->20086 20098 7ff704c27e9e 20097->20098 20098->20088 20099 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20098->20099 20099->20088 20101 7ff704c1f08c __crtLCMapStringW 5 API calls 20100->20101 20102 7ff704c1f49e 20101->20102 20103 7ff704c1f4a6 20102->20103 20106 7ff704c1f54c 20102->20106 20103->20083 20103->20084 20103->20088 20105 7ff704c1f50f LCMapStringW 20105->20103 20107 7ff704c1f08c __crtLCMapStringW 5 API calls 20106->20107 20108 7ff704c1f57a __crtLCMapStringW 20107->20108 20108->20105 19510 7ff704c199b1 19511 7ff704c1a468 45 API calls 19510->19511 19512 7ff704c199b6 19511->19512 19513 7ff704c19a27 19512->19513 19514 7ff704c199dd GetModuleHandleW 19512->19514 19522 7ff704c198b4 19513->19522 19514->19513 19520 7ff704c199ea 19514->19520 19520->19513 19536 7ff704c19ad8 GetModuleHandleExW 19520->19536 19542 7ff704c20668 EnterCriticalSection 19522->19542 19537 7ff704c19b0c GetProcAddress 19536->19537 19538 7ff704c19b35 19536->19538 19539 7ff704c19b1e 19537->19539 19540 7ff704c19b3a FreeLibrary 19538->19540 19541 7ff704c19b41 19538->19541 19539->19538 19540->19541 19541->19513 16702 7ff704c1fd1c 16703 7ff704c1ff0e 16702->16703 16707 7ff704c1fd5e _isindst 16702->16707 16754 7ff704c1b598 16703->16754 16707->16703 16708 7ff704c1fdde _isindst 16707->16708 16723 7ff704c26524 16708->16723 16713 7ff704c1ff3a 16766 7ff704c1a954 IsProcessorFeaturePresent 16713->16766 16720 7ff704c1fe3b 16722 7ff704c1fefe 16720->16722 16747 7ff704c26568 16720->16747 16757 7ff704c0ac60 16722->16757 16724 7ff704c26533 16723->16724 16728 7ff704c1fdfc 16723->16728 16770 7ff704c20668 EnterCriticalSection 16724->16770 16729 7ff704c25928 16728->16729 16730 7ff704c1fe11 16729->16730 16731 7ff704c25931 16729->16731 16730->16713 16735 7ff704c25958 16730->16735 16732 7ff704c1b598 _set_fmode 11 API calls 16731->16732 16733 7ff704c25936 16732->16733 16771 7ff704c1a934 16733->16771 16736 7ff704c25961 16735->16736 16738 7ff704c1fe22 16735->16738 16737 7ff704c1b598 _set_fmode 11 API calls 16736->16737 16739 7ff704c25966 16737->16739 16738->16713 16741 7ff704c25988 16738->16741 16740 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 16739->16740 16740->16738 16742 7ff704c1fe33 16741->16742 16743 7ff704c25991 16741->16743 16742->16713 16742->16720 16744 7ff704c1b598 _set_fmode 11 API calls 16743->16744 16745 7ff704c25996 16744->16745 16746 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 16745->16746 16746->16742 16855 7ff704c20668 EnterCriticalSection 16747->16855 16856 7ff704c1b2d8 GetLastError 16754->16856 16756 7ff704c1b5a1 16756->16722 16758 7ff704c0ac69 16757->16758 16759 7ff704c0ac74 16758->16759 16760 7ff704c0aff0 IsProcessorFeaturePresent 16758->16760 16761 7ff704c0b008 16760->16761 16873 7ff704c0b1e8 RtlCaptureContext 16761->16873 16767 7ff704c1a967 16766->16767 16878 7ff704c1a668 16767->16878 16774 7ff704c1a7cc 16771->16774 16773 7ff704c1a94d 16773->16730 16775 7ff704c1a7f7 16774->16775 16778 7ff704c1a868 16775->16778 16777 7ff704c1a81e 16777->16773 16788 7ff704c1a5b0 16778->16788 16782 7ff704c1a8a3 16782->16777 16784 7ff704c1a954 _isindst 17 API calls 16785 7ff704c1a933 16784->16785 16786 7ff704c1a7cc _invalid_parameter_noinfo 37 API calls 16785->16786 16787 7ff704c1a94d 16786->16787 16787->16777 16789 7ff704c1a607 16788->16789 16790 7ff704c1a5cc GetLastError 16788->16790 16789->16782 16794 7ff704c1a61c 16789->16794 16791 7ff704c1a5dc 16790->16791 16797 7ff704c1b3a0 16791->16797 16795 7ff704c1a638 GetLastError SetLastError 16794->16795 16796 7ff704c1a650 16794->16796 16795->16796 16796->16782 16796->16784 16798 7ff704c1b3da FlsSetValue 16797->16798 16799 7ff704c1b3bf FlsGetValue 16797->16799 16800 7ff704c1b3e7 16798->16800 16803 7ff704c1a5f7 SetLastError 16798->16803 16801 7ff704c1b3d4 16799->16801 16799->16803 16814 7ff704c1f014 16800->16814 16801->16798 16803->16789 16805 7ff704c1b414 FlsSetValue 16808 7ff704c1b420 FlsSetValue 16805->16808 16809 7ff704c1b432 16805->16809 16806 7ff704c1b404 FlsSetValue 16807 7ff704c1b40d 16806->16807 16821 7ff704c1a574 16807->16821 16808->16807 16827 7ff704c1af0c 16809->16827 16819 7ff704c1f025 _set_fmode 16814->16819 16815 7ff704c1f076 16817 7ff704c1b598 _set_fmode 10 API calls 16815->16817 16816 7ff704c1f05a RtlAllocateHeap 16818 7ff704c1b3f6 16816->16818 16816->16819 16817->16818 16818->16805 16818->16806 16819->16815 16819->16816 16832 7ff704c23920 16819->16832 16822 7ff704c1a579 RtlRestoreThreadPreferredUILanguages 16821->16822 16826 7ff704c1a5a8 16821->16826 16823 7ff704c1a594 GetLastError 16822->16823 16822->16826 16824 7ff704c1a5a1 Concurrency::details::SchedulerProxy::DeleteThis 16823->16824 16825 7ff704c1b598 _set_fmode 9 API calls 16824->16825 16825->16826 16826->16803 16841 7ff704c1ade4 16827->16841 16835 7ff704c23960 16832->16835 16840 7ff704c20668 EnterCriticalSection 16835->16840 16853 7ff704c20668 EnterCriticalSection 16841->16853 16857 7ff704c1b319 FlsSetValue 16856->16857 16863 7ff704c1b2fc 16856->16863 16858 7ff704c1b32b 16857->16858 16862 7ff704c1b309 16857->16862 16860 7ff704c1f014 _set_fmode 5 API calls 16858->16860 16859 7ff704c1b385 SetLastError 16859->16756 16861 7ff704c1b33a 16860->16861 16864 7ff704c1b358 FlsSetValue 16861->16864 16865 7ff704c1b348 FlsSetValue 16861->16865 16862->16859 16863->16857 16863->16862 16867 7ff704c1b364 FlsSetValue 16864->16867 16868 7ff704c1b376 16864->16868 16866 7ff704c1b351 16865->16866 16869 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16866->16869 16867->16866 16870 7ff704c1af0c _set_fmode 5 API calls 16868->16870 16869->16862 16871 7ff704c1b37e 16870->16871 16872 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16871->16872 16872->16859 16874 7ff704c0b202 RtlLookupFunctionEntry 16873->16874 16875 7ff704c0b218 RtlVirtualUnwind 16874->16875 16876 7ff704c0b01b 16874->16876 16875->16874 16875->16876 16877 7ff704c0afb0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16876->16877 16879 7ff704c1a6a2 __CxxCallCatchBlock memcpy_s 16878->16879 16880 7ff704c1a6ca RtlCaptureContext RtlLookupFunctionEntry 16879->16880 16881 7ff704c1a73a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16880->16881 16882 7ff704c1a704 RtlVirtualUnwind 16880->16882 16884 7ff704c1a78c __CxxCallCatchBlock 16881->16884 16882->16881 16883 7ff704c0ac60 _log10_special 8 API calls 16885 7ff704c1a7ab GetCurrentProcess TerminateProcess 16883->16885 16884->16883 16886 7ff704c0b34c 16907 7ff704c0b52c 16886->16907 16889 7ff704c0b36d __scrt_acquire_startup_lock 16892 7ff704c0b4ad 16889->16892 16898 7ff704c0b38b __scrt_release_startup_lock 16889->16898 16890 7ff704c0b4a3 17052 7ff704c0b84c IsProcessorFeaturePresent 16890->17052 16893 7ff704c0b84c 7 API calls 16892->16893 16895 7ff704c0b4b8 __CxxCallCatchBlock 16893->16895 16894 7ff704c0b3b0 16896 7ff704c0b436 16915 7ff704c197d0 16896->16915 16898->16894 16898->16896 17041 7ff704c19b7c 16898->17041 16900 7ff704c0b43b 16921 7ff704c01000 16900->16921 16904 7ff704c0b45f 16904->16895 17048 7ff704c0b6b0 16904->17048 16908 7ff704c0b534 16907->16908 16909 7ff704c0b540 __scrt_dllmain_crt_thread_attach 16908->16909 16910 7ff704c0b365 16909->16910 16911 7ff704c0b54d 16909->16911 16910->16889 16910->16890 17059 7ff704c1a41c 16911->17059 16916 7ff704c197e0 16915->16916 16917 7ff704c197f5 16915->16917 16916->16917 17102 7ff704c19260 16916->17102 16917->16900 16922 7ff704c026b0 16921->16922 17171 7ff704c154d0 16922->17171 16924 7ff704c026eb 17178 7ff704c025a0 16924->17178 16927 7ff704c026f8 16929 7ff704c0ac60 _log10_special 8 API calls 16927->16929 16931 7ff704c02a6e 16929->16931 17046 7ff704c0b99c GetModuleHandleW 16931->17046 16932 7ff704c02836 17354 7ff704c031c0 16932->17354 16933 7ff704c0272c 16935 7ff704c01bd0 49 API calls 16933->16935 16938 7ff704c02748 16935->16938 16937 7ff704c02885 17377 7ff704c01df0 GetCurrentProcessId 16937->17377 16940 7ff704c02994 16938->16940 16941 7ff704c0299b 16938->16941 17383 7ff704c076e0 GetConsoleWindow 16940->17383 16945 7ff704c029a4 16941->16945 16946 7ff704c0299f 16941->16946 16943 7ff704c02878 16947 7ff704c0289f 16943->16947 16948 7ff704c0287d 16943->16948 17240 7ff704c070f0 16945->17240 17388 7ff704c07850 GetConsoleWindow 16946->17388 16953 7ff704c01bd0 49 API calls 16947->16953 17373 7ff704c0e6f4 16948->17373 16955 7ff704c028be 16953->16955 16954 7ff704c029b0 __std_exception_destroy 16956 7ff704c02ab3 16954->16956 16957 7ff704c029f2 16954->16957 16962 7ff704c018d0 114 API calls 16955->16962 17393 7ff704c030e0 16956->17393 16958 7ff704c070f0 14 API calls 16957->16958 16961 7ff704c029fe 16958->16961 16960 7ff704c02ac1 16964 7ff704c02ad4 16960->16964 16965 7ff704c02ae0 16960->16965 17253 7ff704c07260 16961->17253 16963 7ff704c028df 16962->16963 16963->16938 16967 7ff704c028ef 16963->16967 17396 7ff704c03230 16964->17396 16969 7ff704c01bd0 49 API calls 16965->16969 16971 7ff704c01df0 81 API calls 16967->16971 16981 7ff704c02a39 __std_exception_destroy 16969->16981 16970 7ff704c02a0d 16972 7ff704c02a84 16970->16972 16975 7ff704c02a17 16970->16975 16971->16927 17262 7ff704c07730 16972->17262 17258 7ff704c01bd0 16975->17258 16976 7ff704c02b0d 16979 7ff704c02a40 16976->16979 16980 7ff704c02b1e SetDllDirectoryW 16976->16980 16985 7ff704c01df0 81 API calls 16979->16985 16982 7ff704c02b32 16980->16982 16981->16979 17312 7ff704c07aa0 16981->17312 16984 7ff704c02cad 16982->16984 17317 7ff704c057e0 16982->17317 16987 7ff704c02cbf 16984->16987 16988 7ff704c02cb8 16984->16988 16985->16927 16990 7ff704c02cc3 16987->16990 16991 7ff704c02cc8 16987->16991 16992 7ff704c076e0 4 API calls 16988->16992 16995 7ff704c07850 4 API calls 16990->16995 17443 7ff704c02240 16991->17443 16996 7ff704c02cbd 16992->16996 16994 7ff704c02b59 16997 7ff704c02bb6 16994->16997 16998 7ff704c02b70 16994->16998 17399 7ff704c05820 16994->17399 16995->16991 16996->16991 16997->16984 17003 7ff704c02bcb 16997->17003 17012 7ff704c02b74 16998->17012 17420 7ff704c05bf0 16998->17420 17334 7ff704c022a0 17003->17334 17009 7ff704c05a00 FreeLibrary 17011 7ff704c02cee 17009->17011 17012->16997 17013 7ff704c01df0 81 API calls 17012->17013 17014 7ff704c02bae 17013->17014 17436 7ff704c05a00 17014->17436 17042 7ff704c19bb4 17041->17042 17043 7ff704c19b93 17041->17043 19461 7ff704c1a468 17042->19461 17043->16896 17047 7ff704c0b9ad 17046->17047 17047->16904 17050 7ff704c0b6c1 17048->17050 17049 7ff704c0b476 17049->16894 17050->17049 17051 7ff704c0bf68 7 API calls 17050->17051 17051->17049 17053 7ff704c0b872 __CxxCallCatchBlock memcpy_s 17052->17053 17054 7ff704c0b891 RtlCaptureContext RtlLookupFunctionEntry 17053->17054 17055 7ff704c0b8ba RtlVirtualUnwind 17054->17055 17056 7ff704c0b8f6 memcpy_s 17054->17056 17055->17056 17057 7ff704c0b928 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17056->17057 17058 7ff704c0b976 __CxxCallCatchBlock 17057->17058 17058->16892 17060 7ff704c2383c 17059->17060 17061 7ff704c0b552 17060->17061 17069 7ff704c1c630 17060->17069 17061->16910 17063 7ff704c0bf68 17061->17063 17064 7ff704c0bf7a 17063->17064 17065 7ff704c0bf70 17063->17065 17064->16910 17081 7ff704c0c304 17065->17081 17080 7ff704c20668 EnterCriticalSection 17069->17080 17082 7ff704c0bf75 17081->17082 17083 7ff704c0c313 17081->17083 17085 7ff704c0c370 17082->17085 17089 7ff704c0c540 17083->17089 17086 7ff704c0c39b 17085->17086 17087 7ff704c0c37e DeleteCriticalSection 17086->17087 17088 7ff704c0c39f 17086->17088 17087->17086 17088->17064 17093 7ff704c0c3a8 17089->17093 17094 7ff704c0c3ec __vcrt_FlsAlloc 17093->17094 17100 7ff704c0c492 TlsFree 17093->17100 17095 7ff704c0c41a LoadLibraryExW 17094->17095 17098 7ff704c0c4d9 GetProcAddress 17094->17098 17094->17100 17101 7ff704c0c45d LoadLibraryExW 17094->17101 17096 7ff704c0c4b9 17095->17096 17097 7ff704c0c43b GetLastError 17095->17097 17096->17098 17099 7ff704c0c4d0 FreeLibrary 17096->17099 17097->17094 17098->17100 17099->17098 17101->17094 17101->17096 17103 7ff704c19279 17102->17103 17110 7ff704c19275 17102->17110 17123 7ff704c22dcc GetEnvironmentStringsW 17103->17123 17106 7ff704c19292 17130 7ff704c193e0 17106->17130 17107 7ff704c19286 17108 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17107->17108 17108->17110 17110->16917 17115 7ff704c19620 17110->17115 17112 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17113 7ff704c192b9 17112->17113 17114 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17113->17114 17114->17110 17116 7ff704c19643 17115->17116 17121 7ff704c1965a 17115->17121 17116->16917 17117 7ff704c1fc30 MultiByteToWideChar _fread_nolock 17117->17121 17118 7ff704c1f014 _set_fmode 11 API calls 17118->17121 17119 7ff704c196ce 17120 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17119->17120 17120->17116 17121->17116 17121->17117 17121->17118 17121->17119 17122 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17121->17122 17122->17121 17124 7ff704c22df0 17123->17124 17125 7ff704c1927e 17123->17125 17149 7ff704c1d8d4 17124->17149 17125->17106 17125->17107 17127 7ff704c22e27 memcpy_s 17128 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17127->17128 17129 7ff704c22e47 FreeEnvironmentStringsW 17128->17129 17129->17125 17131 7ff704c19408 17130->17131 17132 7ff704c1f014 _set_fmode 11 API calls 17131->17132 17138 7ff704c19443 17132->17138 17133 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17134 7ff704c1929a 17133->17134 17134->17112 17135 7ff704c194c5 17136 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17135->17136 17136->17134 17137 7ff704c1f014 _set_fmode 11 API calls 17137->17138 17138->17135 17138->17137 17139 7ff704c194b4 17138->17139 17143 7ff704c194e8 17138->17143 17146 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17138->17146 17147 7ff704c1944b 17138->17147 17156 7ff704c20804 17138->17156 17165 7ff704c194fc 17139->17165 17145 7ff704c1a954 _isindst 17 API calls 17143->17145 17144 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17144->17147 17148 7ff704c194fa 17145->17148 17146->17138 17147->17133 17150 7ff704c1d91f 17149->17150 17154 7ff704c1d8e3 _set_fmode 17149->17154 17151 7ff704c1b598 _set_fmode 11 API calls 17150->17151 17153 7ff704c1d91d 17151->17153 17152 7ff704c1d906 RtlAllocateHeap 17152->17153 17152->17154 17153->17127 17154->17150 17154->17152 17155 7ff704c23920 _set_fmode 2 API calls 17154->17155 17155->17154 17157 7ff704c2081b 17156->17157 17158 7ff704c20811 17156->17158 17159 7ff704c1b598 _set_fmode 11 API calls 17157->17159 17158->17157 17163 7ff704c20837 17158->17163 17160 7ff704c20823 17159->17160 17161 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17160->17161 17162 7ff704c2082f 17161->17162 17162->17138 17163->17162 17164 7ff704c1b598 _set_fmode 11 API calls 17163->17164 17164->17160 17166 7ff704c194bc 17165->17166 17167 7ff704c19501 17165->17167 17166->17144 17168 7ff704c1952a 17167->17168 17169 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17167->17169 17170 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17168->17170 17169->17167 17170->17166 17174 7ff704c1f810 17171->17174 17172 7ff704c1f863 17173 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17172->17173 17177 7ff704c1f88c 17173->17177 17174->17172 17175 7ff704c1f8b6 17174->17175 17456 7ff704c1f6e8 17175->17456 17177->16924 17464 7ff704c0af60 17178->17464 17181 7ff704c025db 17471 7ff704c01ed0 GetLastError 17181->17471 17182 7ff704c025f8 17466 7ff704c07990 FindFirstFileExW 17182->17466 17186 7ff704c02665 17487 7ff704c07b50 17186->17487 17187 7ff704c0260b 17478 7ff704c07a10 CreateFileW 17187->17478 17189 7ff704c0ac60 _log10_special 8 API calls 17191 7ff704c0269d 17189->17191 17191->16927 17200 7ff704c018d0 17191->17200 17193 7ff704c025ee 17193->17189 17194 7ff704c02673 17194->17193 17197 7ff704c01e50 78 API calls 17194->17197 17195 7ff704c02634 __vcrt_FlsAlloc 17195->17186 17196 7ff704c0261c 17481 7ff704c01e50 17196->17481 17197->17193 17201 7ff704c031c0 108 API calls 17200->17201 17202 7ff704c01905 17201->17202 17203 7ff704c01b96 17202->17203 17204 7ff704c06920 83 API calls 17202->17204 17205 7ff704c0ac60 _log10_special 8 API calls 17203->17205 17207 7ff704c0194b 17204->17207 17206 7ff704c01bb1 17205->17206 17206->16932 17206->16933 17208 7ff704c0197c 17207->17208 17511 7ff704c0ed7c 17207->17511 17210 7ff704c0e6f4 74 API calls 17208->17210 17210->17203 17211 7ff704c01965 17212 7ff704c01981 17211->17212 17213 7ff704c01969 17211->17213 17515 7ff704c0ea44 17212->17515 17518 7ff704c01db0 17213->17518 17217 7ff704c0199f 17219 7ff704c01db0 80 API calls 17217->17219 17218 7ff704c019b7 17220 7ff704c019e6 17218->17220 17221 7ff704c019ce 17218->17221 17219->17208 17223 7ff704c01bd0 49 API calls 17220->17223 17222 7ff704c01db0 80 API calls 17221->17222 17222->17208 17224 7ff704c019fd 17223->17224 17225 7ff704c01bd0 49 API calls 17224->17225 17226 7ff704c01a48 17225->17226 17227 7ff704c0ed7c 73 API calls 17226->17227 17228 7ff704c01a6c 17227->17228 17229 7ff704c01a81 17228->17229 17230 7ff704c01a99 17228->17230 17231 7ff704c01db0 80 API calls 17229->17231 17232 7ff704c0ea44 _fread_nolock 53 API calls 17230->17232 17231->17208 17233 7ff704c01aae 17232->17233 17234 7ff704c01ab4 17233->17234 17235 7ff704c01acc 17233->17235 17236 7ff704c01db0 80 API calls 17234->17236 17523 7ff704c0e7b8 17235->17523 17236->17208 17239 7ff704c01df0 81 API calls 17239->17208 17241 7ff704c070fa 17240->17241 17242 7ff704c07aa0 2 API calls 17241->17242 17243 7ff704c07119 GetEnvironmentVariableW 17242->17243 17244 7ff704c07136 ExpandEnvironmentStringsW 17243->17244 17245 7ff704c07182 17243->17245 17244->17245 17247 7ff704c07158 17244->17247 17246 7ff704c0ac60 _log10_special 8 API calls 17245->17246 17248 7ff704c07194 17246->17248 17249 7ff704c07b50 2 API calls 17247->17249 17248->16954 17250 7ff704c0716a 17249->17250 17251 7ff704c0ac60 _log10_special 8 API calls 17250->17251 17252 7ff704c0717a 17251->17252 17252->16954 17254 7ff704c07aa0 2 API calls 17253->17254 17255 7ff704c07274 17254->17255 17889 7ff704c18284 17255->17889 17257 7ff704c07286 __std_exception_destroy 17257->16970 17259 7ff704c01bf5 17258->17259 17260 7ff704c14a14 49 API calls 17259->17260 17261 7ff704c01c18 17260->17261 17261->16981 17263 7ff704c07745 17262->17263 17907 7ff704c06dd0 GetCurrentProcess OpenProcessToken 17263->17907 17266 7ff704c06dd0 7 API calls 17267 7ff704c07771 17266->17267 17268 7ff704c077a4 17267->17268 17269 7ff704c0778a 17267->17269 17271 7ff704c06ec0 48 API calls 17268->17271 17917 7ff704c06ec0 17269->17917 17273 7ff704c077b7 LocalFree LocalFree 17271->17273 17274 7ff704c077d3 17273->17274 17276 7ff704c077df 17273->17276 17275 7ff704c01e50 78 API calls 17274->17275 17275->17276 17277 7ff704c0ac60 _log10_special 8 API calls 17276->17277 17278 7ff704c02a89 17277->17278 17278->16979 17279 7ff704c06f20 17278->17279 17280 7ff704c06f38 17279->17280 17281 7ff704c06f5c 17280->17281 17282 7ff704c06fba GetTempPathW GetCurrentProcessId 17280->17282 17284 7ff704c070f0 14 API calls 17281->17284 18115 7ff704c078b0 17282->18115 17285 7ff704c06f68 17284->17285 18122 7ff704c06a50 17285->18122 17290 7ff704c18284 38 API calls 17292 7ff704c06f8e __std_exception_destroy 17290->17292 17292->17282 17300 7ff704c06f9c 17292->17300 17294 7ff704c06fa8 __std_exception_destroy 17311 7ff704c07094 __std_exception_destroy 17294->17311 17295 7ff704c06fe8 __std_exception_destroy 17298 7ff704c07025 __std_exception_destroy 17295->17298 18119 7ff704c18bbc 17295->18119 17297 7ff704c0ac60 _log10_special 8 API calls 17299 7ff704c070d5 17297->17299 17303 7ff704c07aa0 2 API calls 17298->17303 17298->17311 17299->16981 17302 7ff704c01e50 78 API calls 17300->17302 17302->17294 17304 7ff704c07071 17303->17304 17305 7ff704c07076 17304->17305 17306 7ff704c070a9 17304->17306 17307 7ff704c07aa0 2 API calls 17305->17307 17308 7ff704c18284 38 API calls 17306->17308 17309 7ff704c07086 17307->17309 17308->17311 17310 7ff704c18284 38 API calls 17309->17310 17310->17311 17311->17297 17313 7ff704c07ac2 MultiByteToWideChar 17312->17313 17314 7ff704c07ae6 17312->17314 17313->17314 17316 7ff704c07afc __std_exception_destroy 17313->17316 17315 7ff704c07b03 MultiByteToWideChar 17314->17315 17314->17316 17315->17316 17316->16976 17318 7ff704c057f5 17317->17318 17319 7ff704c02b44 17318->17319 17320 7ff704c01db0 80 API calls 17318->17320 17321 7ff704c05d80 17319->17321 17320->17319 17322 7ff704c05dca __std_exception_destroy 17321->17322 17323 7ff704c05db0 17321->17323 17322->16994 17323->17322 18386 7ff704c01420 17323->18386 17325 7ff704c05dd4 17325->17322 17326 7ff704c03230 49 API calls 17325->17326 17327 7ff704c05df6 17326->17327 17328 7ff704c03230 49 API calls 17327->17328 17332 7ff704c05dfb 17327->17332 17330 7ff704c05e1a 17328->17330 17329 7ff704c01df0 81 API calls 17329->17322 17331 7ff704c03230 49 API calls 17330->17331 17330->17332 17331->17332 17332->17329 17333 7ff704c05eaf __std_exception_destroy memcpy_s 17332->17333 17333->16994 17346 7ff704c022ae memcpy_s 17334->17346 17335 7ff704c0ac60 _log10_special 8 API calls 17337 7ff704c0254e 17335->17337 17336 7ff704c024a7 17336->17335 17337->16927 17353 7ff704c076c0 LocalFree 17337->17353 17339 7ff704c01bd0 49 API calls 17339->17346 17340 7ff704c024c9 17342 7ff704c01df0 81 API calls 17340->17342 17342->17336 17345 7ff704c024a9 17348 7ff704c01df0 81 API calls 17345->17348 17346->17336 17346->17339 17346->17340 17346->17345 17347 7ff704c01df0 81 API calls 17346->17347 17351 7ff704c024b7 17346->17351 18447 7ff704c03160 17346->18447 18453 7ff704c067b0 17346->18453 18464 7ff704c015a0 17346->18464 18502 7ff704c05b60 17346->18502 18506 7ff704c02d90 17346->18506 18550 7ff704c03050 17346->18550 17347->17346 17348->17336 17352 7ff704c01df0 81 API calls 17351->17352 17352->17336 17355 7ff704c031cc 17354->17355 17356 7ff704c07aa0 2 API calls 17355->17356 17357 7ff704c031f4 17356->17357 17358 7ff704c07aa0 2 API calls 17357->17358 17359 7ff704c03207 17358->17359 18686 7ff704c16064 17359->18686 17362 7ff704c0ac60 _log10_special 8 API calls 17363 7ff704c02846 17362->17363 17363->16937 17364 7ff704c06920 17363->17364 17365 7ff704c06944 17364->17365 17366 7ff704c0ed7c 73 API calls 17365->17366 17371 7ff704c06a1b __std_exception_destroy 17365->17371 17367 7ff704c06960 17366->17367 17367->17371 19077 7ff704c17914 17367->19077 17369 7ff704c0ed7c 73 API calls 17372 7ff704c06975 17369->17372 17370 7ff704c0ea44 _fread_nolock 53 API calls 17370->17372 17371->16943 17372->17369 17372->17370 17372->17371 17374 7ff704c0e724 17373->17374 19092 7ff704c0e4d0 17374->19092 17376 7ff704c0e73d 17376->16937 17378 7ff704c01e1a 17377->17378 17379 7ff704c01d60 78 API calls 17378->17379 17380 7ff704c01e2c 17379->17380 17381 7ff704c01c30 80 API calls 17380->17381 17382 7ff704c01e3b 17381->17382 17382->16927 17384 7ff704c076f4 GetCurrentProcessId GetWindowThreadProcessId 17383->17384 17385 7ff704c02999 17383->17385 17384->17385 17386 7ff704c07713 17384->17386 17385->16945 17386->17385 17387 7ff704c07719 ShowWindow 17386->17387 17387->17385 17389 7ff704c07864 GetCurrentProcessId GetWindowThreadProcessId 17388->17389 17390 7ff704c07897 17388->17390 17389->17390 17391 7ff704c07883 17389->17391 17390->16945 17391->17390 17392 7ff704c07889 ShowWindow 17391->17392 17392->17390 17394 7ff704c01bd0 49 API calls 17393->17394 17395 7ff704c030fd 17394->17395 17395->16960 17397 7ff704c01bd0 49 API calls 17396->17397 17398 7ff704c03260 17397->17398 17398->16981 17400 7ff704c0583c 17399->17400 17402 7ff704c017c0 45 API calls 17400->17402 17404 7ff704c059dd 17400->17404 17405 7ff704c01bd0 49 API calls 17400->17405 17407 7ff704c0595f 17400->17407 17408 7ff704c059ca 17400->17408 17410 7ff704c03160 10 API calls 17400->17410 17411 7ff704c067b0 52 API calls 17400->17411 17412 7ff704c0598d 17400->17412 17413 7ff704c01df0 81 API calls 17400->17413 17415 7ff704c059b7 17400->17415 17416 7ff704c015a0 115 API calls 17400->17416 17418 7ff704c059a0 17400->17418 17401 7ff704c0ac60 _log10_special 8 API calls 17403 7ff704c05971 17401->17403 17402->17400 17403->16998 17406 7ff704c01df0 81 API calls 17404->17406 17405->17400 17406->17407 17407->17401 17409 7ff704c01df0 81 API calls 17408->17409 17409->17407 17410->17400 17411->17400 17414 7ff704c01df0 81 API calls 17412->17414 17413->17400 17414->17407 17417 7ff704c01df0 81 API calls 17415->17417 17416->17400 17417->17407 17419 7ff704c01df0 81 API calls 17418->17419 17419->17407 19103 7ff704c07480 17420->19103 17422 7ff704c05c09 17423 7ff704c07480 3 API calls 17422->17423 17424 7ff704c05c1c 17423->17424 17425 7ff704c05c4f 17424->17425 17426 7ff704c05c34 17424->17426 17427 7ff704c01df0 81 API calls 17425->17427 19107 7ff704c06120 GetProcAddress 17426->19107 17429 7ff704c02b85 17427->17429 17429->17012 17430 7ff704c05f50 17429->17430 17431 7ff704c05f6d 17430->17431 17432 7ff704c01df0 81 API calls 17431->17432 17435 7ff704c05fd8 17431->17435 17433 7ff704c05fc0 17432->17433 17434 7ff704c05a00 FreeLibrary 17433->17434 17434->17435 17435->17012 17437 7ff704c05b56 17436->17437 17442 7ff704c05a12 17436->17442 17437->16997 17438 7ff704c05b2a 17440 7ff704c05b42 17438->17440 19171 7ff704c07460 FreeLibrary 17438->19171 17440->16997 17442->17438 19170 7ff704c07460 FreeLibrary 17442->19170 19172 7ff704c04d70 17443->19172 17447 7ff704c02261 17451 7ff704c02279 17447->17451 19242 7ff704c04a80 17447->19242 17449 7ff704c0226d 17449->17451 19251 7ff704c04c10 17449->19251 17452 7ff704c02560 17451->17452 17453 7ff704c0256e 17452->17453 17454 7ff704c0257f 17453->17454 19460 7ff704c07460 FreeLibrary 17453->19460 17454->17009 17463 7ff704c1522c EnterCriticalSection 17456->17463 17465 7ff704c025ac GetModuleFileNameW 17464->17465 17465->17181 17465->17182 17467 7ff704c079e2 17466->17467 17468 7ff704c079cf FindClose 17466->17468 17469 7ff704c0ac60 _log10_special 8 API calls 17467->17469 17468->17467 17470 7ff704c02602 17469->17470 17470->17186 17470->17187 17472 7ff704c01f0b 17471->17472 17492 7ff704c148f0 17472->17492 17474 7ff704c01f29 FormatMessageW 17475 7ff704c01f73 17474->17475 17499 7ff704c01d60 17475->17499 17479 7ff704c07a50 GetFinalPathNameByHandleW CloseHandle 17478->17479 17480 7ff704c02618 17478->17480 17479->17480 17480->17195 17480->17196 17482 7ff704c01e70 17481->17482 17483 7ff704c01d60 78 API calls 17482->17483 17484 7ff704c01e8e 17483->17484 17485 7ff704c148f0 78 API calls 17484->17485 17486 7ff704c01ec0 17485->17486 17486->17193 17488 7ff704c07b7a WideCharToMultiByte 17487->17488 17490 7ff704c07ba5 17487->17490 17488->17490 17491 7ff704c07bbb __std_exception_destroy 17488->17491 17489 7ff704c07bc2 WideCharToMultiByte 17489->17491 17490->17489 17490->17491 17491->17194 17493 7ff704c1491a 17492->17493 17494 7ff704c14952 17493->17494 17496 7ff704c14985 17493->17496 17495 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17494->17495 17498 7ff704c1497b 17495->17498 17503 7ff704c0f228 17496->17503 17498->17474 17500 7ff704c01d86 17499->17500 17501 7ff704c148f0 78 API calls 17500->17501 17502 7ff704c01d9c 17501->17502 17502->17193 17510 7ff704c1522c EnterCriticalSection 17503->17510 17512 7ff704c0edac 17511->17512 17529 7ff704c0eb0c 17512->17529 17514 7ff704c0edc5 17514->17211 17541 7ff704c0ea64 17515->17541 17555 7ff704c01c30 17518->17555 17524 7ff704c0e7c1 17523->17524 17525 7ff704c01ae6 17523->17525 17526 7ff704c1b598 _set_fmode 11 API calls 17524->17526 17525->17208 17525->17239 17527 7ff704c0e7c6 17526->17527 17528 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17527->17528 17528->17525 17530 7ff704c0eb76 17529->17530 17531 7ff704c0eb36 17529->17531 17530->17531 17533 7ff704c0eb82 17530->17533 17532 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17531->17532 17539 7ff704c0eb5d 17532->17539 17540 7ff704c1522c EnterCriticalSection 17533->17540 17539->17514 17542 7ff704c01999 17541->17542 17543 7ff704c0ea8e 17541->17543 17542->17217 17542->17218 17543->17542 17544 7ff704c0eada 17543->17544 17545 7ff704c0ea9d memcpy_s 17543->17545 17554 7ff704c1522c EnterCriticalSection 17544->17554 17547 7ff704c1b598 _set_fmode 11 API calls 17545->17547 17549 7ff704c0eab2 17547->17549 17551 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17549->17551 17551->17542 17556 7ff704c01c40 17555->17556 17572 7ff704c14a14 17556->17572 17559 7ff704c07aa0 2 API calls 17560 7ff704c01ca0 17559->17560 17561 7ff704c01caa 17560->17561 17562 7ff704c01cc8 17560->17562 17564 7ff704c01d60 78 API calls 17561->17564 17590 7ff704c01d10 17562->17590 17565 7ff704c01cc6 17564->17565 17566 7ff704c0ac60 _log10_special 8 API calls 17565->17566 17567 7ff704c01cf1 17566->17567 17568 7ff704c15380 17567->17568 17569 7ff704c153ab 17568->17569 17875 7ff704c15244 17569->17875 17574 7ff704c14a6e 17572->17574 17573 7ff704c14a93 17575 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17573->17575 17574->17573 17576 7ff704c14acf 17574->17576 17578 7ff704c14abd 17575->17578 17594 7ff704c11908 17576->17594 17580 7ff704c0ac60 _log10_special 8 API calls 17578->17580 17579 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17579->17578 17581 7ff704c01c88 17580->17581 17581->17559 17583 7ff704c14bd0 17586 7ff704c14bda 17583->17586 17588 7ff704c14bac 17583->17588 17584 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17584->17578 17585 7ff704c14b78 17587 7ff704c14b81 17585->17587 17585->17588 17589 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17586->17589 17587->17584 17588->17579 17589->17578 17591 7ff704c01d36 17590->17591 17860 7ff704c147cc 17591->17860 17593 7ff704c01d4c 17593->17565 17595 7ff704c11946 17594->17595 17596 7ff704c11936 17594->17596 17597 7ff704c1194f 17595->17597 17605 7ff704c1197d 17595->17605 17598 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17596->17598 17599 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17597->17599 17600 7ff704c11975 17598->17600 17599->17600 17600->17583 17600->17585 17600->17587 17600->17588 17603 7ff704c11c2c 17604 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17603->17604 17604->17596 17605->17596 17605->17600 17605->17603 17608 7ff704c12cd8 17605->17608 17634 7ff704c123b8 17605->17634 17664 7ff704c11450 17605->17664 17667 7ff704c143c0 17605->17667 17609 7ff704c12d1a 17608->17609 17610 7ff704c12d8d 17608->17610 17611 7ff704c12db7 17609->17611 17612 7ff704c12d20 17609->17612 17613 7ff704c12de7 17610->17613 17614 7ff704c12d92 17610->17614 17691 7ff704c10278 17611->17691 17621 7ff704c12d25 17612->17621 17625 7ff704c12df6 17612->17625 17613->17611 17613->17625 17632 7ff704c12d50 17613->17632 17615 7ff704c12dc7 17614->17615 17616 7ff704c12d94 17614->17616 17698 7ff704c0fe68 17615->17698 17618 7ff704c12d35 17616->17618 17624 7ff704c12da3 17616->17624 17633 7ff704c12e25 17618->17633 17673 7ff704c13b00 17618->17673 17621->17618 17623 7ff704c12d68 17621->17623 17621->17632 17623->17633 17683 7ff704c13fbc 17623->17683 17624->17611 17626 7ff704c12da8 17624->17626 17625->17633 17705 7ff704c10688 17625->17705 17626->17633 17687 7ff704c14154 17626->17687 17628 7ff704c0ac60 _log10_special 8 API calls 17630 7ff704c130bb 17628->17630 17630->17605 17632->17633 17712 7ff704c1eb30 17632->17712 17633->17628 17635 7ff704c123d9 17634->17635 17636 7ff704c123c3 17634->17636 17637 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17635->17637 17638 7ff704c12417 17635->17638 17636->17638 17639 7ff704c12d1a 17636->17639 17640 7ff704c12d8d 17636->17640 17637->17638 17638->17605 17641 7ff704c12db7 17639->17641 17642 7ff704c12d20 17639->17642 17643 7ff704c12de7 17640->17643 17644 7ff704c12d92 17640->17644 17647 7ff704c10278 38 API calls 17641->17647 17651 7ff704c12d25 17642->17651 17655 7ff704c12df6 17642->17655 17643->17641 17643->17655 17659 7ff704c12d50 17643->17659 17645 7ff704c12dc7 17644->17645 17646 7ff704c12d94 17644->17646 17649 7ff704c0fe68 38 API calls 17645->17649 17648 7ff704c12d35 17646->17648 17653 7ff704c12da3 17646->17653 17647->17659 17650 7ff704c13b00 47 API calls 17648->17650 17663 7ff704c12e25 17648->17663 17649->17659 17650->17659 17651->17648 17654 7ff704c12d68 17651->17654 17651->17659 17652 7ff704c10688 38 API calls 17652->17659 17653->17641 17656 7ff704c12da8 17653->17656 17657 7ff704c13fbc 47 API calls 17654->17657 17654->17663 17655->17652 17655->17663 17660 7ff704c14154 37 API calls 17656->17660 17656->17663 17657->17659 17658 7ff704c0ac60 _log10_special 8 API calls 17661 7ff704c130bb 17658->17661 17662 7ff704c1eb30 47 API calls 17659->17662 17659->17663 17660->17659 17661->17605 17662->17659 17663->17658 17797 7ff704c0f43c 17664->17797 17668 7ff704c143d7 17667->17668 17814 7ff704c1dc90 17668->17814 17674 7ff704c13b22 17673->17674 17722 7ff704c0f2a8 17674->17722 17679 7ff704c13c5f 17681 7ff704c143c0 45 API calls 17679->17681 17682 7ff704c13ce8 17679->17682 17680 7ff704c143c0 45 API calls 17680->17679 17681->17682 17682->17632 17684 7ff704c1403c 17683->17684 17685 7ff704c13fd4 17683->17685 17684->17632 17685->17684 17686 7ff704c1eb30 47 API calls 17685->17686 17686->17684 17690 7ff704c14175 17687->17690 17688 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17689 7ff704c141a6 17688->17689 17689->17632 17690->17688 17690->17689 17692 7ff704c102ab 17691->17692 17693 7ff704c102da 17692->17693 17695 7ff704c10397 17692->17695 17694 7ff704c0f2a8 12 API calls 17693->17694 17697 7ff704c10317 17693->17697 17694->17697 17696 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17695->17696 17696->17697 17697->17632 17699 7ff704c0fe9b 17698->17699 17700 7ff704c0feca 17699->17700 17702 7ff704c0ff87 17699->17702 17701 7ff704c0f2a8 12 API calls 17700->17701 17704 7ff704c0ff07 17700->17704 17701->17704 17703 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17702->17703 17703->17704 17704->17632 17706 7ff704c106bb 17705->17706 17707 7ff704c106ea 17706->17707 17709 7ff704c107a7 17706->17709 17708 7ff704c0f2a8 12 API calls 17707->17708 17711 7ff704c10727 17707->17711 17708->17711 17710 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17709->17710 17710->17711 17711->17632 17713 7ff704c1eb58 17712->17713 17714 7ff704c1eb9d 17713->17714 17715 7ff704c143c0 45 API calls 17713->17715 17718 7ff704c1eb5d memcpy_s 17713->17718 17721 7ff704c1eb86 memcpy_s 17713->17721 17714->17718 17714->17721 17794 7ff704c20b78 17714->17794 17715->17714 17716 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17716->17718 17718->17632 17721->17716 17721->17718 17723 7ff704c0f2df 17722->17723 17724 7ff704c0f2ce 17722->17724 17723->17724 17725 7ff704c1d8d4 _fread_nolock 12 API calls 17723->17725 17730 7ff704c1e848 17724->17730 17726 7ff704c0f30c 17725->17726 17727 7ff704c0f320 17726->17727 17728 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17726->17728 17729 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17727->17729 17728->17727 17729->17724 17731 7ff704c1e898 17730->17731 17732 7ff704c1e865 17730->17732 17731->17732 17734 7ff704c1e8ca 17731->17734 17733 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17732->17733 17743 7ff704c13c3d 17733->17743 17736 7ff704c1e9dd 17734->17736 17747 7ff704c1e912 17734->17747 17735 7ff704c1eacf 17785 7ff704c1dd34 17735->17785 17736->17735 17738 7ff704c1ea95 17736->17738 17740 7ff704c1ea64 17736->17740 17741 7ff704c1ea27 17736->17741 17744 7ff704c1ea1d 17736->17744 17778 7ff704c1e0cc 17738->17778 17771 7ff704c1e3ac 17740->17771 17761 7ff704c1e5dc 17741->17761 17743->17679 17743->17680 17744->17738 17746 7ff704c1ea22 17744->17746 17746->17740 17746->17741 17747->17743 17752 7ff704c1a4bc 17747->17752 17750 7ff704c1a954 _isindst 17 API calls 17751 7ff704c1eb2c 17750->17751 17753 7ff704c1a4c9 17752->17753 17755 7ff704c1a4d3 17752->17755 17753->17755 17759 7ff704c1a4ee 17753->17759 17754 7ff704c1b598 _set_fmode 11 API calls 17756 7ff704c1a4da 17754->17756 17755->17754 17757 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17756->17757 17758 7ff704c1a4e6 17757->17758 17758->17743 17758->17750 17759->17758 17760 7ff704c1b598 _set_fmode 11 API calls 17759->17760 17760->17756 17762 7ff704c2443c 38 API calls 17761->17762 17763 7ff704c1e629 17762->17763 17764 7ff704c23e84 37 API calls 17763->17764 17765 7ff704c1e684 17764->17765 17766 7ff704c1e6d9 17765->17766 17768 7ff704c1e6a4 17765->17768 17770 7ff704c1e688 17765->17770 17767 7ff704c1e1c8 45 API calls 17766->17767 17767->17770 17769 7ff704c1e484 45 API calls 17768->17769 17769->17770 17770->17743 17772 7ff704c2443c 38 API calls 17771->17772 17773 7ff704c1e3f6 17772->17773 17774 7ff704c23e84 37 API calls 17773->17774 17775 7ff704c1e446 17774->17775 17776 7ff704c1e44a 17775->17776 17777 7ff704c1e484 45 API calls 17775->17777 17776->17743 17777->17776 17779 7ff704c2443c 38 API calls 17778->17779 17780 7ff704c1e117 17779->17780 17781 7ff704c23e84 37 API calls 17780->17781 17782 7ff704c1e16f 17781->17782 17783 7ff704c1e173 17782->17783 17784 7ff704c1e1c8 45 API calls 17782->17784 17783->17743 17784->17783 17786 7ff704c1dd79 17785->17786 17787 7ff704c1ddac 17785->17787 17788 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17786->17788 17789 7ff704c1ddc4 17787->17789 17792 7ff704c1de45 17787->17792 17791 7ff704c1dda5 memcpy_s 17788->17791 17790 7ff704c1e0cc 46 API calls 17789->17790 17790->17791 17791->17743 17792->17791 17793 7ff704c143c0 45 API calls 17792->17793 17793->17791 17796 7ff704c20b9c WideCharToMultiByte 17794->17796 17798 7ff704c0f469 17797->17798 17799 7ff704c0f47b 17797->17799 17800 7ff704c1b598 _set_fmode 11 API calls 17798->17800 17802 7ff704c0f488 17799->17802 17807 7ff704c0f4c5 17799->17807 17801 7ff704c0f46e 17800->17801 17803 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17801->17803 17804 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17802->17804 17805 7ff704c0f479 17803->17805 17804->17805 17805->17605 17806 7ff704c0f56e 17806->17805 17809 7ff704c1b598 _set_fmode 11 API calls 17806->17809 17807->17806 17808 7ff704c1b598 _set_fmode 11 API calls 17807->17808 17810 7ff704c0f563 17808->17810 17811 7ff704c0f618 17809->17811 17812 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17810->17812 17813 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17811->17813 17812->17806 17813->17805 17815 7ff704c1dca9 17814->17815 17816 7ff704c143ff 17814->17816 17815->17816 17822 7ff704c23694 17815->17822 17818 7ff704c1dcfc 17816->17818 17819 7ff704c1dd15 17818->17819 17821 7ff704c1440f 17818->17821 17819->17821 17857 7ff704c229e0 17819->17857 17821->17605 17834 7ff704c1b160 GetLastError 17822->17834 17825 7ff704c236ee 17825->17816 17835 7ff704c1b1a1 FlsSetValue 17834->17835 17836 7ff704c1b184 FlsGetValue 17834->17836 17838 7ff704c1b1b3 17835->17838 17853 7ff704c1b191 17835->17853 17837 7ff704c1b19b 17836->17837 17836->17853 17837->17835 17840 7ff704c1f014 _set_fmode 11 API calls 17838->17840 17839 7ff704c1b20d SetLastError 17842 7ff704c1b21a 17839->17842 17843 7ff704c1b22d 17839->17843 17841 7ff704c1b1c2 17840->17841 17845 7ff704c1b1e0 FlsSetValue 17841->17845 17846 7ff704c1b1d0 FlsSetValue 17841->17846 17842->17825 17856 7ff704c20668 EnterCriticalSection 17842->17856 17844 7ff704c1a51c __CxxCallCatchBlock 38 API calls 17843->17844 17847 7ff704c1b232 17844->17847 17849 7ff704c1b1ec FlsSetValue 17845->17849 17850 7ff704c1b1fe 17845->17850 17848 7ff704c1b1d9 17846->17848 17851 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17848->17851 17849->17848 17852 7ff704c1af0c _set_fmode 11 API calls 17850->17852 17851->17853 17854 7ff704c1b206 17852->17854 17853->17839 17855 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17854->17855 17855->17839 17858 7ff704c1b160 __CxxCallCatchBlock 45 API calls 17857->17858 17859 7ff704c229e9 17858->17859 17861 7ff704c147f6 17860->17861 17862 7ff704c1482e 17861->17862 17864 7ff704c14861 17861->17864 17863 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17862->17863 17866 7ff704c14857 17863->17866 17867 7ff704c0f268 17864->17867 17866->17593 17874 7ff704c1522c EnterCriticalSection 17867->17874 17888 7ff704c1845c EnterCriticalSection 17875->17888 17890 7ff704c18291 17889->17890 17891 7ff704c182a4 17889->17891 17893 7ff704c1b598 _set_fmode 11 API calls 17890->17893 17899 7ff704c17f08 17891->17899 17894 7ff704c18296 17893->17894 17895 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 17894->17895 17897 7ff704c182a2 17895->17897 17897->17257 17906 7ff704c20668 EnterCriticalSection 17899->17906 17908 7ff704c06e11 GetTokenInformation 17907->17908 17911 7ff704c06e93 __std_exception_destroy 17907->17911 17909 7ff704c06e32 GetLastError 17908->17909 17910 7ff704c06e3d 17908->17910 17909->17910 17909->17911 17910->17911 17914 7ff704c06e59 GetTokenInformation 17910->17914 17912 7ff704c06ea6 CloseHandle 17911->17912 17913 7ff704c06eac 17911->17913 17912->17913 17913->17266 17914->17911 17915 7ff704c06e7c 17914->17915 17915->17911 17916 7ff704c06e86 ConvertSidToStringSidW 17915->17916 17916->17911 17918 7ff704c06ee5 17917->17918 17921 7ff704c14c68 17918->17921 17923 7ff704c14cc2 17921->17923 17922 7ff704c14ce7 17925 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17922->17925 17923->17922 17924 7ff704c14d23 17923->17924 17939 7ff704c11f58 17924->17939 17927 7ff704c14d11 17925->17927 17929 7ff704c0ac60 _log10_special 8 API calls 17927->17929 17928 7ff704c14e04 17930 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17928->17930 17932 7ff704c06f08 17929->17932 17930->17927 17932->17273 17933 7ff704c14dd9 17937 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17933->17937 17934 7ff704c14e2a 17934->17928 17936 7ff704c14e34 17934->17936 17935 7ff704c14dd0 17935->17928 17935->17933 17938 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17936->17938 17937->17927 17938->17927 17940 7ff704c11f96 17939->17940 17945 7ff704c11f86 17939->17945 17941 7ff704c11f9f 17940->17941 17946 7ff704c11fcd 17940->17946 17943 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17941->17943 17942 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17944 7ff704c11fc5 17942->17944 17943->17944 17944->17928 17944->17933 17944->17934 17944->17935 17945->17942 17946->17944 17946->17945 17950 7ff704c135a0 17946->17950 17983 7ff704c126f0 17946->17983 18020 7ff704c114e0 17946->18020 17951 7ff704c135e2 17950->17951 17952 7ff704c13653 17950->17952 17955 7ff704c135e8 17951->17955 17956 7ff704c1367d 17951->17956 17953 7ff704c13658 17952->17953 17954 7ff704c136ac 17952->17954 17957 7ff704c1365a 17953->17957 17958 7ff704c1368d 17953->17958 17962 7ff704c136c3 17954->17962 17963 7ff704c136b6 17954->17963 17968 7ff704c136bb 17954->17968 17959 7ff704c1361c 17955->17959 17960 7ff704c135ed 17955->17960 18039 7ff704c1047c 17956->18039 17961 7ff704c135fc 17957->17961 17971 7ff704c13669 17957->17971 18046 7ff704c1006c 17958->18046 17965 7ff704c135f3 17959->17965 17959->17968 17960->17962 17960->17965 17981 7ff704c136ec 17961->17981 18023 7ff704c13d54 17961->18023 18053 7ff704c142a8 17962->18053 17963->17956 17963->17968 17965->17961 17969 7ff704c13617 17965->17969 17972 7ff704c1362e 17965->17972 17968->17981 18057 7ff704c1088c 17968->18057 17979 7ff704c143c0 45 API calls 17969->17979 17969->17981 17982 7ff704c138d8 17969->17982 17971->17956 17974 7ff704c1366e 17971->17974 17972->17981 18033 7ff704c14090 17972->18033 17977 7ff704c14154 37 API calls 17974->17977 17974->17981 17976 7ff704c0ac60 _log10_special 8 API calls 17978 7ff704c139e6 17976->17978 17977->17969 17978->17946 17979->17982 17981->17976 17982->17981 18064 7ff704c1ece0 17982->18064 17984 7ff704c126fe 17983->17984 17985 7ff704c12714 17983->17985 17987 7ff704c12754 17984->17987 17988 7ff704c135e2 17984->17988 17989 7ff704c13653 17984->17989 17986 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 17985->17986 17985->17987 17986->17987 17987->17946 17992 7ff704c135e8 17988->17992 17993 7ff704c1367d 17988->17993 17990 7ff704c13658 17989->17990 17991 7ff704c136ac 17989->17991 17994 7ff704c1365a 17990->17994 17995 7ff704c1368d 17990->17995 17999 7ff704c136c3 17991->17999 18000 7ff704c136b6 17991->18000 18005 7ff704c136bb 17991->18005 17996 7ff704c1361c 17992->17996 17997 7ff704c135ed 17992->17997 18001 7ff704c1047c 38 API calls 17993->18001 17998 7ff704c135fc 17994->17998 18009 7ff704c13669 17994->18009 18003 7ff704c1006c 38 API calls 17995->18003 18002 7ff704c135f3 17996->18002 17996->18005 17997->17999 17997->18002 18004 7ff704c13d54 47 API calls 17998->18004 18019 7ff704c136ec 17998->18019 18006 7ff704c142a8 45 API calls 17999->18006 18000->17993 18000->18005 18015 7ff704c13617 18001->18015 18002->17998 18007 7ff704c1362e 18002->18007 18002->18015 18003->18015 18004->18015 18008 7ff704c1088c 38 API calls 18005->18008 18005->18019 18006->18015 18010 7ff704c14090 46 API calls 18007->18010 18007->18019 18008->18015 18009->17993 18011 7ff704c1366e 18009->18011 18010->18015 18013 7ff704c14154 37 API calls 18011->18013 18011->18019 18012 7ff704c0ac60 _log10_special 8 API calls 18014 7ff704c139e6 18012->18014 18013->18015 18014->17946 18016 7ff704c143c0 45 API calls 18015->18016 18018 7ff704c138d8 18015->18018 18015->18019 18016->18018 18017 7ff704c1ece0 46 API calls 18017->18018 18018->18017 18018->18019 18019->18012 18098 7ff704c0f6f0 18020->18098 18024 7ff704c13d7a 18023->18024 18025 7ff704c0f2a8 12 API calls 18024->18025 18026 7ff704c13dca 18025->18026 18027 7ff704c1e848 46 API calls 18026->18027 18028 7ff704c13e9d 18027->18028 18029 7ff704c13ebf 18028->18029 18030 7ff704c143c0 45 API calls 18028->18030 18031 7ff704c143c0 45 API calls 18029->18031 18032 7ff704c13f4d 18029->18032 18030->18029 18031->18032 18032->17969 18034 7ff704c140c5 18033->18034 18035 7ff704c1410a 18034->18035 18036 7ff704c140e3 18034->18036 18037 7ff704c143c0 45 API calls 18034->18037 18035->17969 18038 7ff704c1ece0 46 API calls 18036->18038 18037->18036 18038->18035 18040 7ff704c104af 18039->18040 18041 7ff704c104de 18040->18041 18043 7ff704c1059b 18040->18043 18045 7ff704c1051b 18041->18045 18076 7ff704c0f350 18041->18076 18044 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 18043->18044 18044->18045 18045->17969 18048 7ff704c1009f 18046->18048 18047 7ff704c100ce 18049 7ff704c0f350 12 API calls 18047->18049 18052 7ff704c1010b 18047->18052 18048->18047 18050 7ff704c1018b 18048->18050 18049->18052 18051 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 18050->18051 18051->18052 18052->17969 18054 7ff704c142eb 18053->18054 18056 7ff704c142ef __crtLCMapStringW 18054->18056 18084 7ff704c14344 18054->18084 18056->17969 18058 7ff704c108bf 18057->18058 18059 7ff704c108ee 18058->18059 18061 7ff704c109ab 18058->18061 18060 7ff704c0f350 12 API calls 18059->18060 18063 7ff704c1092b 18059->18063 18060->18063 18062 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 18061->18062 18062->18063 18063->17969 18065 7ff704c1ed11 18064->18065 18071 7ff704c1ed1f 18064->18071 18066 7ff704c1ed3f 18065->18066 18067 7ff704c143c0 45 API calls 18065->18067 18065->18071 18068 7ff704c1ed77 18066->18068 18069 7ff704c1ed50 18066->18069 18067->18066 18068->18071 18072 7ff704c1ee02 18068->18072 18073 7ff704c1eda1 18068->18073 18088 7ff704c20430 18069->18088 18071->17982 18074 7ff704c1fc30 _fread_nolock MultiByteToWideChar 18072->18074 18073->18071 18091 7ff704c1fc30 18073->18091 18074->18071 18077 7ff704c0f387 18076->18077 18083 7ff704c0f376 18076->18083 18078 7ff704c1d8d4 _fread_nolock 12 API calls 18077->18078 18077->18083 18079 7ff704c0f3b8 18078->18079 18080 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18079->18080 18082 7ff704c0f3cc 18079->18082 18080->18082 18081 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18081->18083 18082->18081 18083->18045 18085 7ff704c14362 18084->18085 18087 7ff704c1436a 18084->18087 18086 7ff704c143c0 45 API calls 18085->18086 18086->18087 18087->18056 18094 7ff704c27118 18088->18094 18092 7ff704c1fc39 MultiByteToWideChar 18091->18092 18097 7ff704c2717c 18094->18097 18095 7ff704c0ac60 _log10_special 8 API calls 18096 7ff704c2044d 18095->18096 18096->18071 18097->18095 18099 7ff704c0f737 18098->18099 18100 7ff704c0f725 18098->18100 18102 7ff704c0f745 18099->18102 18106 7ff704c0f781 18099->18106 18101 7ff704c1b598 _set_fmode 11 API calls 18100->18101 18103 7ff704c0f72a 18101->18103 18105 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 18102->18105 18104 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18103->18104 18111 7ff704c0f735 18104->18111 18105->18111 18107 7ff704c0fafd 18106->18107 18108 7ff704c1b598 _set_fmode 11 API calls 18106->18108 18109 7ff704c1b598 _set_fmode 11 API calls 18107->18109 18107->18111 18110 7ff704c0faf2 18108->18110 18112 7ff704c0fd91 18109->18112 18114 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18110->18114 18111->17946 18113 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18112->18113 18113->18111 18114->18107 18116 7ff704c078d5 18115->18116 18117 7ff704c14c68 48 API calls 18116->18117 18118 7ff704c078f4 18117->18118 18118->17295 18154 7ff704c187e8 18119->18154 18123 7ff704c06a5c 18122->18123 18124 7ff704c07aa0 2 API calls 18123->18124 18125 7ff704c06a7b 18124->18125 18126 7ff704c06a96 ExpandEnvironmentStringsW 18125->18126 18127 7ff704c06a83 18125->18127 18129 7ff704c06abc __std_exception_destroy 18126->18129 18128 7ff704c01e50 78 API calls 18127->18128 18130 7ff704c06a8f __std_exception_destroy 18128->18130 18131 7ff704c06ad3 18129->18131 18132 7ff704c06ac0 18129->18132 18134 7ff704c0ac60 _log10_special 8 API calls 18130->18134 18136 7ff704c06b3f 18131->18136 18145 7ff704c06ae1 GetDriveTypeW 18131->18145 18133 7ff704c01e50 78 API calls 18132->18133 18133->18130 18135 7ff704c06c27 18134->18135 18135->17290 18135->17294 18292 7ff704c17e54 18136->18292 18139 7ff704c06b15 18142 7ff704c01e50 78 API calls 18139->18142 18140 7ff704c06b30 18285 7ff704c179b8 18140->18285 18141 7ff704c06b51 18142->18130 18145->18139 18145->18140 18195 7ff704c218e8 18154->18195 18254 7ff704c21660 18195->18254 18275 7ff704c20668 EnterCriticalSection 18254->18275 18286 7ff704c17a09 18285->18286 18287 7ff704c179d6 18285->18287 18286->18130 18287->18286 18288 7ff704c20804 37 API calls 18287->18288 18289 7ff704c17a05 18288->18289 18289->18286 18290 7ff704c1a954 _isindst 17 API calls 18289->18290 18291 7ff704c17a39 18290->18291 18293 7ff704c17ede 18292->18293 18294 7ff704c17e70 18292->18294 18329 7ff704c20b50 18293->18329 18294->18293 18296 7ff704c17e75 18294->18296 18297 7ff704c17eaa 18296->18297 18298 7ff704c17e8d 18296->18298 18312 7ff704c17c98 GetFullPathNameW 18297->18312 18304 7ff704c17c24 GetFullPathNameW 18298->18304 18303 7ff704c17ea2 __std_exception_destroy 18303->18141 18305 7ff704c17c4a GetLastError 18304->18305 18308 7ff704c17c60 18304->18308 18306 7ff704c1b50c _fread_nolock 11 API calls 18305->18306 18307 7ff704c17c57 18306->18307 18309 7ff704c1b598 _set_fmode 11 API calls 18307->18309 18310 7ff704c1b598 _set_fmode 11 API calls 18308->18310 18311 7ff704c17c5c 18308->18311 18309->18311 18310->18311 18311->18303 18313 7ff704c17ccb GetLastError 18312->18313 18318 7ff704c17ce1 __std_exception_destroy 18312->18318 18314 7ff704c1b50c _fread_nolock 11 API calls 18313->18314 18315 7ff704c17cd8 18314->18315 18316 7ff704c1b598 _set_fmode 11 API calls 18315->18316 18317 7ff704c17cdd 18316->18317 18320 7ff704c17d70 18317->18320 18318->18317 18319 7ff704c17d3b GetFullPathNameW 18318->18319 18319->18313 18319->18317 18321 7ff704c17de4 memcpy_s 18320->18321 18324 7ff704c17d99 memcpy_s 18320->18324 18321->18303 18322 7ff704c17dcd 18324->18321 18324->18322 18326 7ff704c17e06 18324->18326 18326->18321 18332 7ff704c20960 18329->18332 18333 7ff704c2098b 18332->18333 18334 7ff704c209a2 18332->18334 18335 7ff704c1b598 _set_fmode 11 API calls 18333->18335 18336 7ff704c209c7 18334->18336 18337 7ff704c209a6 18334->18337 18351 7ff704c20990 18335->18351 18370 7ff704c1f948 18336->18370 18358 7ff704c20acc 18337->18358 18342 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18357 7ff704c2099b __std_exception_destroy 18342->18357 18349 7ff704c0ac60 _log10_special 8 API calls 18351->18342 18357->18349 18359 7ff704c20b16 18358->18359 18360 7ff704c20ae6 18358->18360 18361 7ff704c20b01 18359->18361 18362 7ff704c20b21 GetDriveTypeW 18359->18362 18363 7ff704c1b578 _fread_nolock 11 API calls 18360->18363 18365 7ff704c0ac60 _log10_special 8 API calls 18361->18365 18362->18361 18364 7ff704c20aeb 18363->18364 18384 7ff704c2a860 18370->18384 18373 7ff704c1f9bc 18374 7ff704c1f995 18385 7ff704c1f97e GetCurrentDirectoryW 18384->18385 18385->18373 18385->18374 18387 7ff704c031c0 108 API calls 18386->18387 18388 7ff704c01443 18387->18388 18389 7ff704c0146c 18388->18389 18390 7ff704c0144b 18388->18390 18392 7ff704c0ed7c 73 API calls 18389->18392 18391 7ff704c01df0 81 API calls 18390->18391 18393 7ff704c0145b 18391->18393 18394 7ff704c01481 18392->18394 18393->17325 18395 7ff704c01485 18394->18395 18396 7ff704c014a1 18394->18396 18397 7ff704c01db0 80 API calls 18395->18397 18398 7ff704c014d1 18396->18398 18399 7ff704c014b1 18396->18399 18405 7ff704c0149c __std_exception_destroy 18397->18405 18402 7ff704c014d7 18398->18402 18407 7ff704c014ea 18398->18407 18400 7ff704c01db0 80 API calls 18399->18400 18400->18405 18401 7ff704c0e6f4 74 API calls 18403 7ff704c01564 18401->18403 18410 7ff704c011d0 18402->18410 18403->17325 18405->18401 18406 7ff704c0ea44 _fread_nolock 53 API calls 18406->18407 18407->18405 18407->18406 18408 7ff704c01576 18407->18408 18409 7ff704c01db0 80 API calls 18408->18409 18409->18405 18411 7ff704c01228 18410->18411 18412 7ff704c0122f 18411->18412 18413 7ff704c01257 18411->18413 18414 7ff704c01df0 81 API calls 18412->18414 18416 7ff704c01271 18413->18416 18417 7ff704c0128d 18413->18417 18415 7ff704c01242 18414->18415 18415->18405 18418 7ff704c01db0 80 API calls 18416->18418 18419 7ff704c0129f 18417->18419 18426 7ff704c012bb memcpy_s 18417->18426 18422 7ff704c01288 __std_exception_destroy 18418->18422 18420 7ff704c01db0 80 API calls 18419->18420 18420->18422 18421 7ff704c0ea44 _fread_nolock 53 API calls 18421->18426 18422->18405 18423 7ff704c0137f 18424 7ff704c01df0 81 API calls 18423->18424 18424->18422 18426->18421 18426->18422 18426->18423 18427 7ff704c0e7b8 37 API calls 18426->18427 18428 7ff704c0f184 18426->18428 18427->18426 18429 7ff704c0f1b4 18428->18429 18432 7ff704c0eed4 18429->18432 18431 7ff704c0f1d2 18431->18426 18433 7ff704c0ef21 18432->18433 18434 7ff704c0eef4 18432->18434 18433->18431 18434->18433 18435 7ff704c0ef29 18434->18435 18436 7ff704c0eefe 18434->18436 18439 7ff704c0ee14 18435->18439 18438 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 18436->18438 18438->18433 18446 7ff704c1522c EnterCriticalSection 18439->18446 18448 7ff704c0316a 18447->18448 18449 7ff704c07aa0 2 API calls 18448->18449 18450 7ff704c0318f 18449->18450 18451 7ff704c0ac60 _log10_special 8 API calls 18450->18451 18452 7ff704c031b7 18451->18452 18452->17346 18454 7ff704c067be 18453->18454 18455 7ff704c01bd0 49 API calls 18454->18455 18458 7ff704c068e2 18454->18458 18461 7ff704c06845 18455->18461 18456 7ff704c0ac60 _log10_special 8 API calls 18457 7ff704c06913 18456->18457 18457->17346 18458->18456 18459 7ff704c01bd0 49 API calls 18459->18461 18460 7ff704c03160 10 API calls 18460->18461 18461->18458 18461->18459 18461->18460 18462 7ff704c07aa0 2 API calls 18461->18462 18463 7ff704c068b3 CreateDirectoryW 18462->18463 18463->18458 18463->18461 18465 7ff704c015b3 18464->18465 18466 7ff704c015d7 18464->18466 18553 7ff704c01030 18465->18553 18468 7ff704c031c0 108 API calls 18466->18468 18470 7ff704c015eb 18468->18470 18469 7ff704c015b8 18471 7ff704c015ce 18469->18471 18474 7ff704c01df0 81 API calls 18469->18474 18472 7ff704c015f3 18470->18472 18473 7ff704c0161b 18470->18473 18471->17346 18475 7ff704c01db0 80 API calls 18472->18475 18476 7ff704c031c0 108 API calls 18473->18476 18474->18471 18477 7ff704c0160a 18475->18477 18478 7ff704c0162f 18476->18478 18477->17346 18479 7ff704c01651 18478->18479 18480 7ff704c01637 18478->18480 18481 7ff704c0ed7c 73 API calls 18479->18481 18482 7ff704c01df0 81 API calls 18480->18482 18484 7ff704c01666 18481->18484 18483 7ff704c01647 18482->18483 18488 7ff704c0e6f4 74 API calls 18483->18488 18485 7ff704c0168b 18484->18485 18486 7ff704c0166a 18484->18486 18489 7ff704c01691 18485->18489 18490 7ff704c016a9 18485->18490 18487 7ff704c01db0 80 API calls 18486->18487 18496 7ff704c01681 __std_exception_destroy 18487->18496 18491 7ff704c017ad 18488->18491 18492 7ff704c011d0 89 API calls 18489->18492 18494 7ff704c016cb 18490->18494 18498 7ff704c016ec 18490->18498 18491->17346 18492->18496 18493 7ff704c0e6f4 74 API calls 18493->18483 18495 7ff704c01db0 80 API calls 18494->18495 18495->18496 18496->18493 18497 7ff704c0ea44 _fread_nolock 53 API calls 18497->18498 18498->18496 18498->18497 18499 7ff704c0f184 76 API calls 18498->18499 18501 7ff704c01755 18498->18501 18499->18498 18500 7ff704c01db0 80 API calls 18500->18496 18501->18500 18503 7ff704c05bcb 18502->18503 18505 7ff704c05b84 18502->18505 18503->17346 18505->18503 18592 7ff704c14fc0 18505->18592 18507 7ff704c02da1 18506->18507 18508 7ff704c030e0 49 API calls 18507->18508 18509 7ff704c02ddb 18508->18509 18510 7ff704c030e0 49 API calls 18509->18510 18511 7ff704c02deb 18510->18511 18512 7ff704c02e0d 18511->18512 18513 7ff704c02e3c 18511->18513 18623 7ff704c02d10 18512->18623 18514 7ff704c02d10 51 API calls 18513->18514 18516 7ff704c02e3a 18514->18516 18517 7ff704c02e9c 18516->18517 18518 7ff704c02e67 18516->18518 18520 7ff704c02d10 51 API calls 18517->18520 18630 7ff704c06680 18518->18630 18522 7ff704c02ec0 18520->18522 18525 7ff704c02d10 51 API calls 18522->18525 18538 7ff704c02f12 18522->18538 18523 7ff704c02f93 18526 7ff704c018d0 114 API calls 18523->18526 18524 7ff704c01df0 81 API calls 18530 7ff704c02e97 18524->18530 18531 7ff704c02ee9 18525->18531 18528 7ff704c02f9d 18526->18528 18527 7ff704c0ac60 _log10_special 8 API calls 18529 7ff704c03035 18527->18529 18533 7ff704c02fa5 18528->18533 18534 7ff704c02ffe 18528->18534 18529->17346 18530->18527 18532 7ff704c02d10 51 API calls 18531->18532 18531->18538 18532->18538 18656 7ff704c017c0 18533->18656 18535 7ff704c01df0 81 API calls 18534->18535 18539 7ff704c02f17 18535->18539 18536 7ff704c02f8c 18536->18533 18536->18539 18538->18523 18538->18536 18538->18539 18541 7ff704c02f7b 18538->18541 18542 7ff704c01df0 81 API calls 18539->18542 18545 7ff704c01df0 81 API calls 18541->18545 18542->18530 18543 7ff704c02fd2 18547 7ff704c015a0 115 API calls 18543->18547 18544 7ff704c02fbc 18546 7ff704c01df0 81 API calls 18544->18546 18545->18539 18546->18530 18548 7ff704c02fe0 18547->18548 18548->18530 18549 7ff704c01df0 81 API calls 18548->18549 18549->18530 18551 7ff704c01bd0 49 API calls 18550->18551 18552 7ff704c03074 18551->18552 18552->17346 18554 7ff704c031c0 108 API calls 18553->18554 18555 7ff704c0106b 18554->18555 18556 7ff704c01073 18555->18556 18557 7ff704c01088 18555->18557 18558 7ff704c01df0 81 API calls 18556->18558 18559 7ff704c0ed7c 73 API calls 18557->18559 18564 7ff704c01083 __std_exception_destroy 18558->18564 18560 7ff704c0109d 18559->18560 18561 7ff704c010a1 18560->18561 18562 7ff704c010bd 18560->18562 18563 7ff704c01db0 80 API calls 18561->18563 18565 7ff704c010ed 18562->18565 18566 7ff704c010cd 18562->18566 18572 7ff704c010b8 __std_exception_destroy 18563->18572 18564->18469 18569 7ff704c010f3 18565->18569 18575 7ff704c01106 18565->18575 18567 7ff704c01db0 80 API calls 18566->18567 18567->18572 18568 7ff704c0e6f4 74 API calls 18570 7ff704c01174 18568->18570 18571 7ff704c011d0 89 API calls 18569->18571 18570->18564 18578 7ff704c032f0 18570->18578 18571->18572 18572->18568 18574 7ff704c0ea44 _fread_nolock 53 API calls 18574->18575 18575->18572 18575->18574 18576 7ff704c011ac 18575->18576 18577 7ff704c01db0 80 API calls 18576->18577 18577->18572 18579 7ff704c03300 18578->18579 18580 7ff704c07aa0 2 API calls 18579->18580 18582 7ff704c0332b 18580->18582 18581 7ff704c0339e 18584 7ff704c0ac60 _log10_special 8 API calls 18581->18584 18582->18581 18583 7ff704c07aa0 2 API calls 18582->18583 18585 7ff704c03346 18583->18585 18586 7ff704c033b9 18584->18586 18585->18581 18587 7ff704c0334b CreateSymbolicLinkW 18585->18587 18586->18564 18587->18581 18588 7ff704c03375 18587->18588 18588->18581 18589 7ff704c0337e GetLastError 18588->18589 18589->18581 18590 7ff704c03389 18589->18590 18591 7ff704c032f0 10 API calls 18590->18591 18591->18581 18593 7ff704c14ffa 18592->18593 18594 7ff704c14fcd 18592->18594 18596 7ff704c1501d 18593->18596 18599 7ff704c15039 18593->18599 18595 7ff704c14f84 18594->18595 18597 7ff704c1b598 _set_fmode 11 API calls 18594->18597 18595->18505 18598 7ff704c1b598 _set_fmode 11 API calls 18596->18598 18600 7ff704c14fd7 18597->18600 18601 7ff704c15022 18598->18601 18607 7ff704c14ee8 18599->18607 18603 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18600->18603 18604 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18601->18604 18605 7ff704c14fe2 18603->18605 18606 7ff704c1502d 18604->18606 18605->18505 18606->18505 18608 7ff704c14f0c 18607->18608 18614 7ff704c14f07 18607->18614 18609 7ff704c1b160 __CxxCallCatchBlock 45 API calls 18608->18609 18608->18614 18610 7ff704c14f27 18609->18610 18615 7ff704c1dc5c 18610->18615 18614->18606 18616 7ff704c14f4a 18615->18616 18617 7ff704c1dc71 18615->18617 18619 7ff704c1dcc8 18616->18619 18617->18616 18618 7ff704c23694 45 API calls 18617->18618 18618->18616 18620 7ff704c1dcdd 18619->18620 18621 7ff704c1dcf0 18619->18621 18620->18621 18622 7ff704c229e0 45 API calls 18620->18622 18621->18614 18622->18621 18624 7ff704c02d36 18623->18624 18625 7ff704c14a14 49 API calls 18624->18625 18627 7ff704c02d5c 18625->18627 18626 7ff704c02d6d 18626->18516 18627->18626 18628 7ff704c03160 10 API calls 18627->18628 18629 7ff704c02d7f 18628->18629 18629->18516 18631 7ff704c06695 18630->18631 18632 7ff704c031c0 108 API calls 18631->18632 18633 7ff704c066bb 18632->18633 18634 7ff704c031c0 108 API calls 18633->18634 18647 7ff704c066e2 18633->18647 18635 7ff704c066d2 18634->18635 18637 7ff704c066dd 18635->18637 18638 7ff704c066ec 18635->18638 18636 7ff704c0ac60 _log10_special 8 API calls 18639 7ff704c02e77 18636->18639 18641 7ff704c0e6f4 74 API calls 18637->18641 18660 7ff704c0e78c 18638->18660 18639->18524 18639->18530 18641->18647 18642 7ff704c0e6f4 74 API calls 18644 7ff704c06777 18642->18644 18643 7ff704c0ea44 _fread_nolock 53 API calls 18654 7ff704c066f1 18643->18654 18645 7ff704c0e6f4 74 API calls 18644->18645 18645->18647 18646 7ff704c06756 18648 7ff704c0e7b8 37 API calls 18646->18648 18647->18636 18650 7ff704c06751 18648->18650 18649 7ff704c0f184 76 API calls 18649->18654 18653 7ff704c0674f 18650->18653 18666 7ff704c17364 18650->18666 18651 7ff704c0e7b8 37 API calls 18651->18654 18653->18642 18654->18643 18654->18646 18654->18649 18654->18650 18654->18651 18654->18653 18655 7ff704c0e78c 37 API calls 18654->18655 18655->18654 18658 7ff704c01855 18656->18658 18659 7ff704c017e5 18656->18659 18657 7ff704c14fc0 45 API calls 18657->18659 18658->18543 18658->18544 18659->18657 18659->18658 18661 7ff704c0e7a5 18660->18661 18662 7ff704c0e795 18660->18662 18661->18654 18663 7ff704c1b598 _set_fmode 11 API calls 18662->18663 18664 7ff704c0e79a 18663->18664 18665 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18664->18665 18665->18661 18667 7ff704c1736c 18666->18667 18668 7ff704c17388 18667->18668 18669 7ff704c173a9 18667->18669 18671 7ff704c1b598 _set_fmode 11 API calls 18668->18671 18685 7ff704c1522c EnterCriticalSection 18669->18685 18673 7ff704c1738d 18671->18673 18674 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18673->18674 18687 7ff704c15f98 18686->18687 18688 7ff704c15fbe 18687->18688 18690 7ff704c15ff1 18687->18690 18689 7ff704c1b598 _set_fmode 11 API calls 18688->18689 18691 7ff704c15fc3 18689->18691 18692 7ff704c15ff7 18690->18692 18693 7ff704c16004 18690->18693 18694 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 18691->18694 18695 7ff704c1b598 _set_fmode 11 API calls 18692->18695 18705 7ff704c1ac40 18693->18705 18697 7ff704c03216 18694->18697 18695->18697 18697->17362 18718 7ff704c20668 EnterCriticalSection 18705->18718 19078 7ff704c17944 19077->19078 19081 7ff704c17420 19078->19081 19080 7ff704c1795d 19080->17372 19082 7ff704c1746a 19081->19082 19083 7ff704c1743b 19081->19083 19091 7ff704c1522c EnterCriticalSection 19082->19091 19084 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 19083->19084 19086 7ff704c1745b 19084->19086 19086->19080 19093 7ff704c0e519 19092->19093 19094 7ff704c0e4eb 19092->19094 19096 7ff704c0e50b 19093->19096 19102 7ff704c1522c EnterCriticalSection 19093->19102 19095 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 19094->19095 19095->19096 19096->17376 19104 7ff704c07aa0 2 API calls 19103->19104 19105 7ff704c07494 LoadLibraryExW 19104->19105 19106 7ff704c074b3 __std_exception_destroy 19105->19106 19106->17422 19108 7ff704c06173 GetProcAddress 19107->19108 19109 7ff704c06149 19107->19109 19108->19109 19110 7ff704c06198 GetProcAddress 19108->19110 19112 7ff704c01ed0 80 API calls 19109->19112 19110->19109 19111 7ff704c061bd GetProcAddress 19110->19111 19111->19109 19113 7ff704c061e5 GetProcAddress 19111->19113 19114 7ff704c06163 19112->19114 19113->19109 19115 7ff704c0620d GetProcAddress 19113->19115 19114->17429 19115->19109 19116 7ff704c06235 GetProcAddress 19115->19116 19117 7ff704c06251 19116->19117 19118 7ff704c0625d GetProcAddress 19116->19118 19117->19118 19119 7ff704c06285 GetProcAddress 19118->19119 19120 7ff704c06279 19118->19120 19121 7ff704c062a1 19119->19121 19122 7ff704c062ad GetProcAddress 19119->19122 19120->19119 19121->19122 19123 7ff704c062d5 GetProcAddress 19122->19123 19124 7ff704c062c9 19122->19124 19125 7ff704c062f1 19123->19125 19126 7ff704c062fd GetProcAddress 19123->19126 19124->19123 19125->19126 19127 7ff704c06325 GetProcAddress 19126->19127 19128 7ff704c06319 19126->19128 19129 7ff704c06341 19127->19129 19130 7ff704c0634d GetProcAddress 19127->19130 19128->19127 19129->19130 19131 7ff704c06375 GetProcAddress 19130->19131 19132 7ff704c06369 19130->19132 19133 7ff704c06391 19131->19133 19134 7ff704c0639d GetProcAddress 19131->19134 19132->19131 19133->19134 19135 7ff704c063c5 GetProcAddress 19134->19135 19136 7ff704c063b9 19134->19136 19137 7ff704c063e1 19135->19137 19138 7ff704c063ed GetProcAddress 19135->19138 19136->19135 19137->19138 19139 7ff704c06415 GetProcAddress 19138->19139 19140 7ff704c06409 19138->19140 19141 7ff704c06431 19139->19141 19142 7ff704c0643d GetProcAddress 19139->19142 19140->19139 19141->19142 19143 7ff704c06465 GetProcAddress 19142->19143 19144 7ff704c06459 19142->19144 19144->19143 19170->17438 19171->17440 19173 7ff704c04d85 19172->19173 19174 7ff704c01bd0 49 API calls 19173->19174 19175 7ff704c04dc1 19174->19175 19176 7ff704c04ded 19175->19176 19177 7ff704c04dca 19175->19177 19178 7ff704c03230 49 API calls 19176->19178 19179 7ff704c01df0 81 API calls 19177->19179 19180 7ff704c04e05 19178->19180 19202 7ff704c04de3 19179->19202 19181 7ff704c04e23 19180->19181 19182 7ff704c01df0 81 API calls 19180->19182 19183 7ff704c03160 10 API calls 19181->19183 19182->19181 19185 7ff704c04e2d 19183->19185 19184 7ff704c0ac60 _log10_special 8 API calls 19186 7ff704c0224e 19184->19186 19187 7ff704c04e3b 19185->19187 19188 7ff704c07480 3 API calls 19185->19188 19186->17451 19203 7ff704c04f00 19186->19203 19189 7ff704c03230 49 API calls 19187->19189 19188->19187 19190 7ff704c04e54 19189->19190 19191 7ff704c04e79 19190->19191 19192 7ff704c04e59 19190->19192 19193 7ff704c07480 3 API calls 19191->19193 19194 7ff704c01df0 81 API calls 19192->19194 19195 7ff704c04e86 19193->19195 19194->19202 19196 7ff704c04e92 19195->19196 19197 7ff704c04ec9 19195->19197 19198 7ff704c07aa0 2 API calls 19196->19198 19257 7ff704c04300 GetProcAddress 19197->19257 19200 7ff704c04eaa 19198->19200 19201 7ff704c01ed0 80 API calls 19200->19201 19201->19202 19202->19184 19342 7ff704c03ed0 19203->19342 19205 7ff704c04f3a 19206 7ff704c04f53 19205->19206 19207 7ff704c04f42 19205->19207 19349 7ff704c036a0 19206->19349 19208 7ff704c01df0 81 API calls 19207->19208 19216 7ff704c04f4e 19208->19216 19211 7ff704c04f70 19214 7ff704c04f90 19211->19214 19215 7ff704c04f7f 19211->19215 19212 7ff704c04f5f 19213 7ff704c01df0 81 API calls 19212->19213 19213->19216 19353 7ff704c03950 19214->19353 19217 7ff704c01df0 81 API calls 19215->19217 19216->17447 19217->19216 19219 7ff704c04fab 19220 7ff704c04fc0 19219->19220 19221 7ff704c04faf 19219->19221 19223 7ff704c04fe0 19220->19223 19224 7ff704c04fcf 19220->19224 19222 7ff704c01df0 81 API calls 19221->19222 19222->19216 19360 7ff704c037f0 19223->19360 19225 7ff704c01df0 81 API calls 19224->19225 19225->19216 19243 7ff704c04aa0 19242->19243 19243->19243 19244 7ff704c04ac9 19243->19244 19250 7ff704c04ae0 __std_exception_destroy 19243->19250 19245 7ff704c01df0 81 API calls 19244->19245 19246 7ff704c04ad5 19245->19246 19246->17449 19247 7ff704c04beb 19247->17449 19248 7ff704c01420 113 API calls 19248->19250 19249 7ff704c01df0 81 API calls 19249->19250 19250->19247 19250->19248 19250->19249 19252 7ff704c04d37 19251->19252 19255 7ff704c04c46 19251->19255 19252->17451 19253 7ff704c04d52 19254 7ff704c01df0 81 API calls 19253->19254 19254->19252 19255->19252 19255->19253 19256 7ff704c01df0 81 API calls 19255->19256 19256->19255 19258 7ff704c04322 19257->19258 19259 7ff704c04347 GetProcAddress 19257->19259 19261 7ff704c01ed0 80 API calls 19258->19261 19259->19258 19260 7ff704c0436c GetProcAddress 19259->19260 19260->19258 19262 7ff704c04391 GetProcAddress 19260->19262 19263 7ff704c0433c 19261->19263 19262->19258 19264 7ff704c043b9 GetProcAddress 19262->19264 19263->19202 19264->19258 19265 7ff704c043e1 GetProcAddress 19264->19265 19265->19258 19266 7ff704c04409 GetProcAddress 19265->19266 19267 7ff704c04425 19266->19267 19268 7ff704c04431 GetProcAddress 19266->19268 19267->19268 19269 7ff704c0444d 19268->19269 19270 7ff704c04459 GetProcAddress 19268->19270 19269->19270 19271 7ff704c04475 19270->19271 19272 7ff704c04481 GetProcAddress 19270->19272 19271->19272 19273 7ff704c0449d 19272->19273 19274 7ff704c044a9 GetProcAddress 19272->19274 19273->19274 19275 7ff704c044c5 19274->19275 19276 7ff704c044d1 GetProcAddress 19274->19276 19275->19276 19277 7ff704c044ed 19276->19277 19278 7ff704c044f9 GetProcAddress 19276->19278 19277->19278 19279 7ff704c04515 19278->19279 19280 7ff704c04521 GetProcAddress 19278->19280 19279->19280 19281 7ff704c0453d 19280->19281 19282 7ff704c04549 GetProcAddress 19280->19282 19281->19282 19283 7ff704c04565 19282->19283 19284 7ff704c04571 GetProcAddress 19282->19284 19283->19284 19343 7ff704c03efc 19342->19343 19344 7ff704c03f04 19343->19344 19345 7ff704c040a4 19343->19345 19380 7ff704c16b74 19343->19380 19344->19205 19346 7ff704c04267 __std_exception_destroy 19345->19346 19347 7ff704c033d0 47 API calls 19345->19347 19346->19205 19347->19345 19350 7ff704c036d0 19349->19350 19351 7ff704c0ac60 _log10_special 8 API calls 19350->19351 19352 7ff704c0373a 19351->19352 19352->19211 19352->19212 19354 7ff704c039bf 19353->19354 19357 7ff704c0396b 19353->19357 19355 7ff704c03550 2 API calls 19354->19355 19356 7ff704c039cc 19355->19356 19356->19219 19359 7ff704c039aa 19357->19359 19438 7ff704c03550 19357->19438 19359->19219 19361 7ff704c03805 19360->19361 19362 7ff704c01bd0 49 API calls 19361->19362 19363 7ff704c03851 19362->19363 19364 7ff704c038d7 __std_exception_destroy 19363->19364 19365 7ff704c01bd0 49 API calls 19363->19365 19367 7ff704c0ac60 _log10_special 8 API calls 19364->19367 19366 7ff704c03890 19365->19366 19366->19364 19381 7ff704c16ba4 19380->19381 19384 7ff704c16070 19381->19384 19383 7ff704c16bd4 19383->19343 19385 7ff704c160a1 19384->19385 19386 7ff704c160b3 19384->19386 19387 7ff704c1b598 _set_fmode 11 API calls 19385->19387 19388 7ff704c160fd 19386->19388 19390 7ff704c160c0 19386->19390 19389 7ff704c160a6 19387->19389 19391 7ff704c16118 19388->19391 19392 7ff704c143c0 45 API calls 19388->19392 19394 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19389->19394 19395 7ff704c1a868 _invalid_parameter_noinfo 37 API calls 19390->19395 19397 7ff704c1613a 19391->19397 19405 7ff704c16afc 19391->19405 19392->19391 19402 7ff704c160b1 19394->19402 19395->19402 19396 7ff704c161db 19399 7ff704c1b598 _set_fmode 11 API calls 19396->19399 19396->19402 19397->19396 19398 7ff704c1b598 _set_fmode 11 API calls 19397->19398 19400 7ff704c161d0 19398->19400 19401 7ff704c16286 19399->19401 19403 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19400->19403 19404 7ff704c1a934 _invalid_parameter_noinfo 37 API calls 19401->19404 19402->19383 19403->19396 19404->19402 19406 7ff704c16b1f 19405->19406 19407 7ff704c16b36 19405->19407 19411 7ff704c202f8 19406->19411 19409 7ff704c16b24 19407->19409 19416 7ff704c20328 19407->19416 19409->19391 19412 7ff704c1b160 __CxxCallCatchBlock 45 API calls 19411->19412 19413 7ff704c20301 19412->19413 19414 7ff704c1dc5c 45 API calls 19413->19414 19415 7ff704c2031a 19414->19415 19415->19409 19417 7ff704c14ee8 45 API calls 19416->19417 19418 7ff704c20361 19417->19418 19422 7ff704c2036d 19418->19422 19423 7ff704c231d0 19418->19423 19420 7ff704c0ac60 _log10_special 8 API calls 19421 7ff704c20417 19420->19421 19421->19409 19422->19420 19424 7ff704c14ee8 45 API calls 19423->19424 19425 7ff704c23212 19424->19425 19426 7ff704c1fc30 _fread_nolock MultiByteToWideChar 19425->19426 19428 7ff704c23248 19426->19428 19427 7ff704c2324f 19429 7ff704c0ac60 _log10_special 8 API calls 19427->19429 19428->19427 19430 7ff704c1d8d4 _fread_nolock 12 API calls 19428->19430 19432 7ff704c2330c 19428->19432 19434 7ff704c23278 memcpy_s 19428->19434 19431 7ff704c23345 19429->19431 19430->19434 19431->19422 19432->19427 19433 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19432->19433 19433->19427 19434->19432 19435 7ff704c1fc30 _fread_nolock MultiByteToWideChar 19434->19435 19436 7ff704c232ee 19435->19436 19436->19432 19437 7ff704c232f2 GetStringTypeW 19436->19437 19437->19432 19439 7ff704c07aa0 2 API calls 19438->19439 19440 7ff704c03575 __std_exception_destroy 19439->19440 19440->19359 19460->17454 19462 7ff704c1b160 __CxxCallCatchBlock 45 API calls 19461->19462 19463 7ff704c1a471 19462->19463 19466 7ff704c1a51c 19463->19466 19475 7ff704c239e0 19466->19475 19501 7ff704c23998 19475->19501 19506 7ff704c20668 EnterCriticalSection 19501->19506 20185 7ff704c151d0 20186 7ff704c151db 20185->20186 20194 7ff704c1f624 20186->20194 20207 7ff704c20668 EnterCriticalSection 20194->20207 21117 7ff704c21a40 21128 7ff704c27774 21117->21128 21129 7ff704c27781 21128->21129 21130 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 21129->21130 21131 7ff704c2779d 21129->21131 21130->21129 21132 7ff704c1a574 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 21131->21132 21133 7ff704c21a49 21131->21133 21132->21131 21134 7ff704c20668 EnterCriticalSection 21133->21134

                                                                Executed Functions

                                                                Function 00007FF704C25F90 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 335 7ff704c25f90-7ff704c25fcb call 7ff704c25918 call 7ff704c25920 call 7ff704c25988 342 7ff704c25fd1-7ff704c25fdc call 7ff704c25928 335->342 343 7ff704c261f5-7ff704c26241 call 7ff704c1a954 call 7ff704c25918 call 7ff704c25920 call 7ff704c25988 335->343 342->343 348 7ff704c25fe2-7ff704c25fec 342->348 369 7ff704c26247-7ff704c26252 call 7ff704c25928 343->369 370 7ff704c2637f-7ff704c263ed call 7ff704c1a954 call 7ff704c21908 343->370 350 7ff704c2600e-7ff704c26012 348->350 351 7ff704c25fee-7ff704c25ff1 348->351 354 7ff704c26015-7ff704c2601d 350->354 353 7ff704c25ff4-7ff704c25fff 351->353 356 7ff704c2600a-7ff704c2600c 353->356 357 7ff704c26001-7ff704c26008 353->357 354->354 358 7ff704c2601f-7ff704c26032 call 7ff704c1d8d4 354->358 356->350 360 7ff704c2603b-7ff704c26049 356->360 357->353 357->356 365 7ff704c2604a-7ff704c26056 call 7ff704c1a574 358->365 366 7ff704c26034-7ff704c26036 call 7ff704c1a574 358->366 376 7ff704c2605d-7ff704c26065 365->376 366->360 369->370 378 7ff704c26258-7ff704c26263 call 7ff704c25958 369->378 389 7ff704c263fb-7ff704c263fe 370->389 390 7ff704c263ef-7ff704c263f6 370->390 376->376 379 7ff704c26067-7ff704c26078 call 7ff704c20804 376->379 378->370 387 7ff704c26269-7ff704c2628c call 7ff704c1a574 GetTimeZoneInformation 378->387 379->343 388 7ff704c2607e-7ff704c260d4 call 7ff704c2a860 * 4 call 7ff704c25eac 379->388 404 7ff704c26292-7ff704c262b3 387->404 405 7ff704c26354-7ff704c2637e call 7ff704c25910 call 7ff704c25900 call 7ff704c25908 387->405 447 7ff704c260d6-7ff704c260da 388->447 391 7ff704c26400 389->391 392 7ff704c26435-7ff704c26448 call 7ff704c1d8d4 389->392 395 7ff704c2648b-7ff704c2648e 390->395 397 7ff704c26403 391->397 411 7ff704c2644a 392->411 412 7ff704c26453-7ff704c2646e call 7ff704c21908 392->412 396 7ff704c26494-7ff704c2649c call 7ff704c25f90 395->396 395->397 402 7ff704c26408-7ff704c26434 call 7ff704c1a574 call 7ff704c0ac60 396->402 397->402 403 7ff704c26403 call 7ff704c2620c 397->403 403->402 409 7ff704c262be-7ff704c262c5 404->409 410 7ff704c262b5-7ff704c262bb 404->410 418 7ff704c262c7-7ff704c262cf 409->418 419 7ff704c262d9 409->419 410->409 420 7ff704c2644c-7ff704c26451 call 7ff704c1a574 411->420 434 7ff704c26470-7ff704c26473 412->434 435 7ff704c26475-7ff704c26487 call 7ff704c1a574 412->435 418->419 426 7ff704c262d1-7ff704c262d7 418->426 423 7ff704c262db-7ff704c2634f call 7ff704c2a860 * 4 call 7ff704c22eec call 7ff704c264a4 * 2 419->423 420->391 423->405 426->423 434->420 435->395 449 7ff704c260dc 447->449 450 7ff704c260e0-7ff704c260e4 447->450 449->450 450->447 452 7ff704c260e6-7ff704c2610b call 7ff704c16c28 450->452 458 7ff704c2610e-7ff704c26112 452->458 460 7ff704c26121-7ff704c26125 458->460 461 7ff704c26114-7ff704c2611f 458->461 460->458 461->460 463 7ff704c26127-7ff704c2612b 461->463 466 7ff704c261ac-7ff704c261b0 463->466 467 7ff704c2612d-7ff704c26155 call 7ff704c16c28 463->467 468 7ff704c261b7-7ff704c261c4 466->468 469 7ff704c261b2-7ff704c261b4 466->469 474 7ff704c26157 467->474 475 7ff704c26173-7ff704c26177 467->475 472 7ff704c261df-7ff704c261ee call 7ff704c25910 call 7ff704c25900 468->472 473 7ff704c261c6-7ff704c261dc call 7ff704c25eac 468->473 469->468 472->343 473->472 479 7ff704c2615a-7ff704c26161 474->479 475->466 481 7ff704c26179-7ff704c26197 call 7ff704c16c28 475->481 479->475 482 7ff704c26163-7ff704c26171 479->482 487 7ff704c261a3-7ff704c261aa 481->487 482->475 482->479 487->466 488 7ff704c26199-7ff704c2619d 487->488 488->466 489 7ff704c2619f 488->489 489->487
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF704C25FD5
                                                                  • Part of subcall function 00007FF704C25928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2593C
                                                                  • Part of subcall function 00007FF704C1A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                  • Part of subcall function 00007FF704C1A954: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF704C1A933,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1A95D
                                                                  • Part of subcall function 00007FF704C1A954: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF704C1A933,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1A982
                                                                • _get_daylight.LIBCMT ref: 00007FF704C25FC4
                                                                  • Part of subcall function 00007FF704C25988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2599C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2623A
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2624B
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2625C
                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF704C2649C), ref: 00007FF704C26283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 1458651798-239921721
                                                                • Opcode ID: 5d8ca302bc24518753303e1de9637dda799bc5a6da56782543b675025544b69d
                                                                • Instruction ID: 65af95a1366c700a9e708e71c6e02f54ce418ef745a7001a2b88b31cf2711f07
                                                                • Opcode Fuzzy Hash: 5d8ca302bc24518753303e1de9637dda799bc5a6da56782543b675025544b69d
                                                                • Instruction Fuzzy Hash: D7D1A036B0825266EB20BF27DEC01BBA661EF85B94FC44137EA4D47696DF7CE4418360
                                                                Function 00007FF704C26CF4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 579 7ff704c26cf4-7ff704c26d67 call 7ff704c26a28 582 7ff704c26d69-7ff704c26d72 call 7ff704c1b578 579->582 583 7ff704c26d81-7ff704c26d8b call 7ff704c1856c 579->583 590 7ff704c26d75-7ff704c26d7c call 7ff704c1b598 582->590 588 7ff704c26d8d-7ff704c26da4 call 7ff704c1b578 call 7ff704c1b598 583->588 589 7ff704c26da6-7ff704c26e0f CreateFileW 583->589 588->590 592 7ff704c26e8c-7ff704c26e97 GetFileType 589->592 593 7ff704c26e11-7ff704c26e17 589->593 601 7ff704c270c2-7ff704c270e2 590->601 596 7ff704c26eea-7ff704c26ef1 592->596 597 7ff704c26e99-7ff704c26ed4 GetLastError call 7ff704c1b50c CloseHandle 592->597 599 7ff704c26e59-7ff704c26e87 GetLastError call 7ff704c1b50c 593->599 600 7ff704c26e19-7ff704c26e1d 593->600 604 7ff704c26ef9-7ff704c26efc 596->604 605 7ff704c26ef3-7ff704c26ef7 596->605 597->590 613 7ff704c26eda-7ff704c26ee5 call 7ff704c1b598 597->613 599->590 600->599 606 7ff704c26e1f-7ff704c26e57 CreateFileW 600->606 610 7ff704c26f02-7ff704c26f57 call 7ff704c18484 604->610 611 7ff704c26efe 604->611 605->610 606->592 606->599 618 7ff704c26f59-7ff704c26f65 call 7ff704c26c30 610->618 619 7ff704c26f76-7ff704c26fa7 call 7ff704c267a8 610->619 611->610 613->590 618->619 624 7ff704c26f67 618->624 625 7ff704c26fa9-7ff704c26fab 619->625 626 7ff704c26fad-7ff704c26fef 619->626 627 7ff704c26f69-7ff704c26f71 call 7ff704c1aad8 624->627 625->627 628 7ff704c27011-7ff704c2701c 626->628 629 7ff704c26ff1-7ff704c26ff5 626->629 627->601 632 7ff704c270c0 628->632 633 7ff704c27022-7ff704c27026 628->633 629->628 631 7ff704c26ff7-7ff704c2700c 629->631 631->628 632->601 633->632 635 7ff704c2702c-7ff704c27071 CloseHandle CreateFileW 633->635 636 7ff704c27073-7ff704c270a1 GetLastError call 7ff704c1b50c call 7ff704c186ac 635->636 637 7ff704c270a6-7ff704c270bb 635->637 636->637 637->632
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction ID: 31a0e1646a91cee4dbd6c6ba70daa49343d73c5be5c976afeb45ee01ca236230
                                                                • Opcode Fuzzy Hash: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction Fuzzy Hash: 40C1D232B28A4195EB10EFAAC9C16AE7771FB49B98F800236DB1E57394CF78D451C320
                                                                Function 00007FF704C06C30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                • String ID: %s\*
                                                                • API String ID: 1057558799-766152087
                                                                • Opcode ID: 06e408feea88f4fa5bbf8880914eb6697307b1059d5c84f9f3493ba60dd80eca
                                                                • Instruction ID: 059998305c601e89ec7c3ca3a151aa56b5ec017a518e681fd70582175b77bc45
                                                                • Opcode Fuzzy Hash: 06e408feea88f4fa5bbf8880914eb6697307b1059d5c84f9f3493ba60dd80eca
                                                                • Instruction Fuzzy Hash: 30415221B0CA42A1EA20AF26E9C81BBA360FF94754FD10233D65D87694DF7CD659C760
                                                                Function 00007FF704C2620C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 7ff704c2620c-7ff704c26241 call 7ff704c25918 call 7ff704c25920 call 7ff704c25988 875 7ff704c26247-7ff704c26252 call 7ff704c25928 868->875 876 7ff704c2637f-7ff704c263ed call 7ff704c1a954 call 7ff704c21908 868->876 875->876 881 7ff704c26258-7ff704c26263 call 7ff704c25958 875->881 888 7ff704c263fb-7ff704c263fe 876->888 889 7ff704c263ef-7ff704c263f6 876->889 881->876 887 7ff704c26269-7ff704c2628c call 7ff704c1a574 GetTimeZoneInformation 881->887 901 7ff704c26292-7ff704c262b3 887->901 902 7ff704c26354-7ff704c2637e call 7ff704c25910 call 7ff704c25900 call 7ff704c25908 887->902 890 7ff704c26400 888->890 891 7ff704c26435-7ff704c26448 call 7ff704c1d8d4 888->891 893 7ff704c2648b-7ff704c2648e 889->893 895 7ff704c26403 890->895 907 7ff704c2644a 891->907 908 7ff704c26453-7ff704c2646e call 7ff704c21908 891->908 894 7ff704c26494-7ff704c2649c call 7ff704c25f90 893->894 893->895 899 7ff704c26408-7ff704c26434 call 7ff704c1a574 call 7ff704c0ac60 894->899 895->899 900 7ff704c26403 call 7ff704c2620c 895->900 900->899 905 7ff704c262be-7ff704c262c5 901->905 906 7ff704c262b5-7ff704c262bb 901->906 913 7ff704c262c7-7ff704c262cf 905->913 914 7ff704c262d9 905->914 906->905 915 7ff704c2644c-7ff704c26451 call 7ff704c1a574 907->915 926 7ff704c26470-7ff704c26473 908->926 927 7ff704c26475-7ff704c26487 call 7ff704c1a574 908->927 913->914 920 7ff704c262d1-7ff704c262d7 913->920 917 7ff704c262db-7ff704c2634f call 7ff704c2a860 * 4 call 7ff704c22eec call 7ff704c264a4 * 2 914->917 915->890 917->902 920->917 926->915 927->893
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2623A
                                                                  • Part of subcall function 00007FF704C25988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2599C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2624B
                                                                  • Part of subcall function 00007FF704C25928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2593C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2625C
                                                                  • Part of subcall function 00007FF704C25958: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2596C
                                                                  • Part of subcall function 00007FF704C1A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF704C2649C), ref: 00007FF704C26283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 2248164782-239921721
                                                                • Opcode ID: d2e7218d2b32ac445d8d3c687af5ad0aa8287f8229169f051b9e9ef0101c51cb
                                                                • Instruction ID: 785f695de49388f913efb0bc78b5f83631968ce7676923c21df1bc28d47e3279
                                                                • Opcode Fuzzy Hash: d2e7218d2b32ac445d8d3c687af5ad0aa8287f8229169f051b9e9ef0101c51cb
                                                                • Instruction Fuzzy Hash: 80513D32B18652A6E720FF23DEC01BBA661BF88794F844137EA4D43695DF7CE4418760
                                                                Function 00007FF704C07990 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction ID: f675d72df6830113387fc1b3234c6aea036cfccb402dab855e03f476c7b4d48e
                                                                • Opcode Fuzzy Hash: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction Fuzzy Hash: C6F0A422A1964586F7609F65B8C936BA350BF84324F800336EAAD426D4CF3CE0098A00
                                                                Function 00007FF704C01000 Relevance: 40.6, APIs: 1, Strings: 22, Instructions: 364COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ff704c01000-7ff704c026f6 call 7ff704c0af60 call 7ff704c151b0 call 7ff704c154d0 call 7ff704c025a0 10 7ff704c02704-7ff704c02726 call 7ff704c018d0 0->10 11 7ff704c026f8-7ff704c026ff 0->11 17 7ff704c02836-7ff704c0284c call 7ff704c031c0 10->17 18 7ff704c0272c-7ff704c02743 call 7ff704c01bd0 10->18 12 7ff704c02a5e-7ff704c02a79 call 7ff704c0ac60 11->12 23 7ff704c02885-7ff704c0289a call 7ff704c01df0 17->23 24 7ff704c0284e-7ff704c0287b call 7ff704c06920 17->24 22 7ff704c02748-7ff704c0278c 18->22 25 7ff704c02792-7ff704c0279a 22->25 26 7ff704c02981-7ff704c02992 22->26 45 7ff704c02a56 23->45 41 7ff704c0289f-7ff704c028be call 7ff704c01bd0 24->41 42 7ff704c0287d-7ff704c02880 call 7ff704c0e6f4 24->42 31 7ff704c027a0-7ff704c027a4 25->31 28 7ff704c02994-7ff704c02999 call 7ff704c076e0 26->28 29 7ff704c0299b-7ff704c0299d 26->29 36 7ff704c029a4-7ff704c029b6 call 7ff704c070f0 28->36 29->36 37 7ff704c0299f call 7ff704c07850 29->37 32 7ff704c0295e-7ff704c02973 call 7ff704c018c0 31->32 33 7ff704c027aa-7ff704c027c2 call 7ff704c15450 31->33 32->31 52 7ff704c02979 32->52 53 7ff704c027c4-7ff704c027c8 33->53 54 7ff704c027cf-7ff704c027e7 call 7ff704c15450 33->54 56 7ff704c029dd-7ff704c029ec 36->56 57 7ff704c029b8-7ff704c029be 36->57 37->36 61 7ff704c028c1-7ff704c028ca 41->61 42->23 45->12 52->26 53->54 71 7ff704c027f4-7ff704c0280c call 7ff704c15450 54->71 72 7ff704c027e9-7ff704c027ed 54->72 58 7ff704c02ab3-7ff704c02ad2 call 7ff704c030e0 56->58 59 7ff704c029f2-7ff704c02a10 call 7ff704c070f0 call 7ff704c07260 56->59 62 7ff704c029c0-7ff704c029c8 57->62 63 7ff704c029ca-7ff704c029d8 call 7ff704c14ecc 57->63 75 7ff704c02ad4-7ff704c02ade call 7ff704c03230 58->75 76 7ff704c02ae0-7ff704c02af1 call 7ff704c01bd0 58->76 87 7ff704c02a84-7ff704c02a93 call 7ff704c07730 59->87 88 7ff704c02a12-7ff704c02a15 59->88 61->61 67 7ff704c028cc-7ff704c028e9 call 7ff704c018d0 61->67 62->63 63->56 67->22 79 7ff704c028ef-7ff704c02900 call 7ff704c01df0 67->79 71->32 89 7ff704c02812-7ff704c02824 call 7ff704c15510 71->89 72->71 86 7ff704c02af6-7ff704c02b10 call 7ff704c07aa0 75->86 76->86 79->45 99 7ff704c02b12-7ff704c02b19 86->99 100 7ff704c02b1e-7ff704c02b30 SetDllDirectoryW 86->100 101 7ff704c02a95-7ff704c02a9c 87->101 102 7ff704c02a9e-7ff704c02aa1 call 7ff704c06f20 87->102 88->87 93 7ff704c02a17-7ff704c02a3e call 7ff704c01bd0 88->93 104 7ff704c02905-7ff704c02917 call 7ff704c15510 89->104 105 7ff704c0282a-7ff704c02831 89->105 111 7ff704c02a40 93->111 112 7ff704c02a7a-7ff704c02a82 call 7ff704c14ecc 93->112 107 7ff704c02a47 call 7ff704c01df0 99->107 108 7ff704c02b32-7ff704c02b39 100->108 109 7ff704c02b3f-7ff704c02b5b call 7ff704c057e0 call 7ff704c05d80 100->109 101->107 116 7ff704c02aa6-7ff704c02aa8 102->116 120 7ff704c02922-7ff704c02934 call 7ff704c15510 104->120 121 7ff704c02919-7ff704c02920 104->121 105->32 125 7ff704c02a4c-7ff704c02a4e 107->125 108->109 115 7ff704c02cad-7ff704c02cb6 108->115 137 7ff704c02bb6-7ff704c02bb9 call 7ff704c05790 109->137 138 7ff704c02b5d-7ff704c02b63 109->138 111->107 112->86 122 7ff704c02cbf-7ff704c02cc1 115->122 123 7ff704c02cb8-7ff704c02cbd call 7ff704c076e0 115->123 116->86 124 7ff704c02aaa-7ff704c02ab1 116->124 140 7ff704c02936-7ff704c0293d 120->140 141 7ff704c0293f-7ff704c02958 call 7ff704c15510 120->141 121->32 127 7ff704c02cc3 call 7ff704c07850 122->127 128 7ff704c02cc8-7ff704c02cfa call 7ff704c02590 call 7ff704c02240 call 7ff704c02560 call 7ff704c05a00 call 7ff704c05790 122->128 123->128 124->107 125->45 127->128 148 7ff704c02bbe-7ff704c02bc5 137->148 142 7ff704c02b65-7ff704c02b72 call 7ff704c05820 138->142 143 7ff704c02b7d-7ff704c02b87 call 7ff704c05bf0 138->143 140->32 141->32 142->143 156 7ff704c02b74-7ff704c02b7b 142->156 158 7ff704c02b92-7ff704c02ba0 call 7ff704c05f50 143->158 159 7ff704c02b89-7ff704c02b90 143->159 148->115 153 7ff704c02bcb-7ff704c02bd5 call 7ff704c022a0 148->153 153->125 165 7ff704c02bdb-7ff704c02bf0 call 7ff704c076c0 153->165 161 7ff704c02ba9-7ff704c02bb1 call 7ff704c01df0 call 7ff704c05a00 156->161 158->148 172 7ff704c02ba2 158->172 159->161 161->137 176 7ff704c02bf2-7ff704c02bf7 call 7ff704c076e0 165->176 177 7ff704c02bf9-7ff704c02bfb 165->177 172->161 179 7ff704c02c02-7ff704c02c3e call 7ff704c07200 call 7ff704c072a0 call 7ff704c05a00 call 7ff704c05790 call 7ff704c071a0 176->179 177->179 180 7ff704c02bfd call 7ff704c07850 177->180 192 7ff704c02c43-7ff704c02c45 179->192 180->179 193 7ff704c02c9a-7ff704c02ca8 call 7ff704c01880 192->193 194 7ff704c02c47-7ff704c02c5d call 7ff704c074d0 call 7ff704c071a0 192->194 193->125 194->193 201 7ff704c02c5f-7ff704c02c6d 194->201 202 7ff704c02c6f-7ff704c02c89 call 7ff704c01df0 call 7ff704c01880 201->202 203 7ff704c02c8e-7ff704c02c95 call 7ff704c01df0 201->203 202->125 203->193
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-560148345
                                                                • Opcode ID: 40ad16b72f5aee1ff382a7e1f78cee863ee0914870deb46b133445ea1b867fdd
                                                                • Instruction ID: 6d7140bd124989d4c9f00c0aa9b61005717467e968c8d020ff08a1754148462b
                                                                • Opcode Fuzzy Hash: 40ad16b72f5aee1ff382a7e1f78cee863ee0914870deb46b133445ea1b867fdd
                                                                • Instruction Fuzzy Hash: CE024921A08682B1EA25FF26DDDC2BBA355AF54784FC40073DA4D862D6EF6CE945C370
                                                                Function 00007FF704C018D0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 209 7ff704c018d0-7ff704c0190b call 7ff704c031c0 212 7ff704c01ba1-7ff704c01bc5 call 7ff704c0ac60 209->212 213 7ff704c01911-7ff704c01951 call 7ff704c06920 209->213 218 7ff704c01b8e-7ff704c01b91 call 7ff704c0e6f4 213->218 219 7ff704c01957-7ff704c01967 call 7ff704c0ed7c 213->219 223 7ff704c01b96-7ff704c01b9e 218->223 224 7ff704c01981-7ff704c0199d call 7ff704c0ea44 219->224 225 7ff704c01969-7ff704c0197c call 7ff704c01db0 219->225 223->212 230 7ff704c0199f-7ff704c019b2 call 7ff704c01db0 224->230 231 7ff704c019b7-7ff704c019cc call 7ff704c14ec4 224->231 225->218 230->218 236 7ff704c019e6-7ff704c01a67 call 7ff704c01bd0 * 2 call 7ff704c0ed7c 231->236 237 7ff704c019ce-7ff704c019e1 call 7ff704c01db0 231->237 245 7ff704c01a6c-7ff704c01a7f call 7ff704c14ee0 236->245 237->218 248 7ff704c01a81-7ff704c01a94 call 7ff704c01db0 245->248 249 7ff704c01a99-7ff704c01ab2 call 7ff704c0ea44 245->249 248->218 254 7ff704c01ab4-7ff704c01ac7 call 7ff704c01db0 249->254 255 7ff704c01acc-7ff704c01ae8 call 7ff704c0e7b8 249->255 254->218 260 7ff704c01afb-7ff704c01b09 255->260 261 7ff704c01aea-7ff704c01af6 call 7ff704c01df0 255->261 260->218 262 7ff704c01b0f-7ff704c01b1e 260->262 261->218 264 7ff704c01b20-7ff704c01b26 262->264 266 7ff704c01b40-7ff704c01b4f 264->266 267 7ff704c01b28-7ff704c01b35 264->267 266->266 268 7ff704c01b51-7ff704c01b5a 266->268 267->268 269 7ff704c01b6f 268->269 270 7ff704c01b5c-7ff704c01b5f 268->270 272 7ff704c01b71-7ff704c01b8c 269->272 270->269 271 7ff704c01b61-7ff704c01b64 270->271 271->269 273 7ff704c01b66-7ff704c01b69 271->273 272->218 272->264 273->269 274 7ff704c01b6b-7ff704c01b6d 273->274 274->272
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 840049012-3497178890
                                                                • Opcode ID: 441aaf54695964b77a0bb7263fe0175b436a13363e68fc727d1028fa21b27182
                                                                • Instruction ID: a49764e2f35fab0d6dc1021aa1567f43391db36971256e7cb91da49aa1e9d990
                                                                • Opcode Fuzzy Hash: 441aaf54695964b77a0bb7263fe0175b436a13363e68fc727d1028fa21b27182
                                                                • Instruction Fuzzy Hash: A171B971A08682A5EB50FF16D9D43BBE351EF44780F884037E54D87755EF6DE1448760
                                                                Function 00007FF704C015A0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 275 7ff704c015a0-7ff704c015b1 276 7ff704c015b3-7ff704c015bc call 7ff704c01030 275->276 277 7ff704c015d7-7ff704c015f1 call 7ff704c031c0 275->277 282 7ff704c015ce-7ff704c015d6 276->282 283 7ff704c015be-7ff704c015c9 call 7ff704c01df0 276->283 284 7ff704c015f3-7ff704c0161a call 7ff704c01db0 277->284 285 7ff704c0161b-7ff704c01635 call 7ff704c031c0 277->285 283->282 291 7ff704c01651-7ff704c01668 call 7ff704c0ed7c 285->291 292 7ff704c01637-7ff704c0164c call 7ff704c01df0 285->292 298 7ff704c0168b-7ff704c0168f 291->298 299 7ff704c0166a-7ff704c01686 call 7ff704c01db0 291->299 297 7ff704c017a5-7ff704c017a8 call 7ff704c0e6f4 292->297 305 7ff704c017ad-7ff704c017bf 297->305 302 7ff704c01691-7ff704c0169d call 7ff704c011d0 298->302 303 7ff704c016a9-7ff704c016c9 call 7ff704c14ee0 298->303 308 7ff704c0179d-7ff704c017a0 call 7ff704c0e6f4 299->308 309 7ff704c016a2-7ff704c016a4 302->309 312 7ff704c016ec-7ff704c016f7 303->312 313 7ff704c016cb-7ff704c016e7 call 7ff704c01db0 303->313 308->297 309->308 314 7ff704c01786-7ff704c0178e call 7ff704c14ecc 312->314 315 7ff704c016fd-7ff704c01706 312->315 320 7ff704c01793-7ff704c01798 313->320 314->320 319 7ff704c01710-7ff704c01732 call 7ff704c0ea44 315->319 324 7ff704c01765-7ff704c0176c 319->324 325 7ff704c01734-7ff704c0174c call 7ff704c0f184 319->325 320->308 327 7ff704c01773-7ff704c0177c call 7ff704c01db0 324->327 330 7ff704c01755-7ff704c01763 325->330 331 7ff704c0174e-7ff704c01751 325->331 333 7ff704c01781 327->333 330->327 331->319 334 7ff704c01753 331->334 333->314 334->333
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                • API String ID: 2050909247-1550345328
                                                                • Opcode ID: 6c5508d884e44cccb616fe6c84a444988635cc8fe6979f22da10ecedbc67ed35
                                                                • Instruction ID: e4750d3b416986f0cb22e2014ac99d66f33c22ec2828447e67fe7b6aad1e6899
                                                                • Opcode Fuzzy Hash: 6c5508d884e44cccb616fe6c84a444988635cc8fe6979f22da10ecedbc67ed35
                                                                • Instruction Fuzzy Hash: 8E517B61B08642A2EA10BF16ED841BBE360BF45B94FC84133EE1D87696EF7DE5548360
                                                                Function 00007FF704C06F20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetTempPathW.KERNEL32(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06FC4
                                                                • GetCurrentProcessId.KERNEL32(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06FCA
                                                                • CreateDirectoryW.KERNELBASE(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C0700C
                                                                  • Part of subcall function 00007FF704C070F0: GetEnvironmentVariableW.KERNEL32(00007FF704C029B0), ref: 00007FF704C07127
                                                                  • Part of subcall function 00007FF704C070F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF704C07149
                                                                  • Part of subcall function 00007FF704C18284: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C1829D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                • API String ID: 365913792-1339014028
                                                                • Opcode ID: 1449b93aaa976a4ce71a53240a133fe27ef9bf9782ccbfe34c5de52202063f60
                                                                • Instruction ID: c46e468be82cd273c4595729e213b6dcaca37e72374b50ee1d79b9e62b1af8a9
                                                                • Opcode Fuzzy Hash: 1449b93aaa976a4ce71a53240a133fe27ef9bf9782ccbfe34c5de52202063f60
                                                                • Instruction Fuzzy Hash: 6741A021B1964361EA64FF679DD82BBD251AF45784FC41133ED0D877A6EF3CE5008220
                                                                Function 00007FF704C072A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                • String ID: CreateProcessW$Failed to create child process!
                                                                • API String ID: 2895956056-699529898
                                                                • Opcode ID: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction ID: 23d45222ab4f2b0813a48f1ab98516d4fd553f76951033210846fa97759b2722
                                                                • Opcode Fuzzy Hash: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction Fuzzy Hash: 76413331A0878291EA20AF65E8852AFF3A0FF89364F900736E6AD477D5DF7CD0448B50
                                                                Function 00007FF704C011D0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 642 7ff704c011d0-7ff704c0122d call 7ff704c0a490 645 7ff704c0122f-7ff704c01256 call 7ff704c01df0 642->645 646 7ff704c01257-7ff704c0126f call 7ff704c14ee0 642->646 651 7ff704c01271-7ff704c01288 call 7ff704c01db0 646->651 652 7ff704c0128d-7ff704c0129d call 7ff704c14ee0 646->652 659 7ff704c013e9-7ff704c013fe call 7ff704c0a170 call 7ff704c14ecc * 2 651->659 657 7ff704c0129f-7ff704c012b6 call 7ff704c01db0 652->657 658 7ff704c012bb-7ff704c012cd 652->658 657->659 661 7ff704c012d0-7ff704c012f5 call 7ff704c0ea44 658->661 674 7ff704c01403-7ff704c0141d 659->674 668 7ff704c013e1 661->668 669 7ff704c012fb-7ff704c01305 call 7ff704c0e7b8 661->669 668->659 669->668 675 7ff704c0130b-7ff704c01317 669->675 676 7ff704c01320-7ff704c01348 call 7ff704c088d0 675->676 679 7ff704c013c6-7ff704c013dc call 7ff704c01df0 676->679 680 7ff704c0134a-7ff704c0134d 676->680 679->668 682 7ff704c013c1 680->682 683 7ff704c0134f-7ff704c01359 680->683 682->679 684 7ff704c01384-7ff704c01387 683->684 685 7ff704c0135b-7ff704c01369 call 7ff704c0f184 683->685 687 7ff704c0139a-7ff704c0139f 684->687 688 7ff704c01389-7ff704c01397 call 7ff704c2a1c0 684->688 689 7ff704c0136e-7ff704c01371 685->689 687->676 691 7ff704c013a5-7ff704c013a8 687->691 688->687 692 7ff704c01373-7ff704c0137d call 7ff704c0e7b8 689->692 693 7ff704c0137f-7ff704c01382 689->693 695 7ff704c013bc-7ff704c013bf 691->695 696 7ff704c013aa-7ff704c013ad 691->696 692->687 692->693 693->679 695->668 696->679 698 7ff704c013af-7ff704c013b7 696->698 698->661
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2050909247-2813020118
                                                                • Opcode ID: eb64b8991f5b7c37f0d7d6341cfdbcbcf26278e0c8e61880836a4cf470bf7064
                                                                • Instruction ID: 5fc32fee21507786c731fad709839d9b97307365c505fe1fb88fbbf422512c72
                                                                • Opcode Fuzzy Hash: eb64b8991f5b7c37f0d7d6341cfdbcbcf26278e0c8e61880836a4cf470bf7064
                                                                • Instruction Fuzzy Hash: BD51C162A08642A1EA60BF17ECC43BBE291BF84794F884136ED4D87BD5EF3DE5058710
                                                                Function 00007FF704C1F08C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF704C1F426,?,?,-00000018,00007FF704C1AD6B,?,?,?,00007FF704C1AC62,?,?,?,00007FF704C1600E), ref: 00007FF704C1F208
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF704C1F426,?,?,-00000018,00007FF704C1AD6B,?,?,?,00007FF704C1AC62,?,?,?,00007FF704C1600E), ref: 00007FF704C1F214
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction ID: c8e47f19d168c663580162f85360d46a456005f81528bb5989edc6203cfd0b43
                                                                • Opcode Fuzzy Hash: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction Fuzzy Hash: 8241F321B18A0262FA15AF17DD80277A3A1BF46B94FD9413BDD0D977A5EF3CE4458320
                                                                Function 00007FF704C1BB60 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 755 7ff704c1bb60-7ff704c1bb86 756 7ff704c1bb88-7ff704c1bb9c call 7ff704c1b578 call 7ff704c1b598 755->756 757 7ff704c1bba1-7ff704c1bba5 755->757 773 7ff704c1bf92 756->773 759 7ff704c1bf7b-7ff704c1bf87 call 7ff704c1b578 call 7ff704c1b598 757->759 760 7ff704c1bbab-7ff704c1bbb2 757->760 779 7ff704c1bf8d call 7ff704c1a934 759->779 760->759 762 7ff704c1bbb8-7ff704c1bbe6 760->762 762->759 765 7ff704c1bbec-7ff704c1bbf3 762->765 768 7ff704c1bc0c-7ff704c1bc0f 765->768 769 7ff704c1bbf5-7ff704c1bc07 call 7ff704c1b578 call 7ff704c1b598 765->769 771 7ff704c1bf77-7ff704c1bf79 768->771 772 7ff704c1bc15-7ff704c1bc1b 768->772 769->779 776 7ff704c1bf95-7ff704c1bfac 771->776 772->771 777 7ff704c1bc21-7ff704c1bc24 772->777 773->776 777->769 781 7ff704c1bc26-7ff704c1bc4b 777->781 779->773 784 7ff704c1bc7e-7ff704c1bc85 781->784 785 7ff704c1bc4d-7ff704c1bc4f 781->785 786 7ff704c1bc87-7ff704c1bcaf call 7ff704c1d8d4 call 7ff704c1a574 * 2 784->786 787 7ff704c1bc5a-7ff704c1bc71 call 7ff704c1b578 call 7ff704c1b598 call 7ff704c1a934 784->787 788 7ff704c1bc51-7ff704c1bc58 785->788 789 7ff704c1bc76-7ff704c1bc7c 785->789 816 7ff704c1bccc-7ff704c1bcf7 call 7ff704c1c388 786->816 817 7ff704c1bcb1-7ff704c1bcc7 call 7ff704c1b598 call 7ff704c1b578 786->817 821 7ff704c1be04 787->821 788->787 788->789 792 7ff704c1bcfc-7ff704c1bd13 789->792 793 7ff704c1bd8e-7ff704c1bd98 call 7ff704c23cac 792->793 794 7ff704c1bd15-7ff704c1bd1d 792->794 807 7ff704c1bd9e-7ff704c1bdb3 793->807 808 7ff704c1be22 793->808 794->793 797 7ff704c1bd1f-7ff704c1bd21 794->797 797->793 801 7ff704c1bd23-7ff704c1bd39 797->801 801->793 805 7ff704c1bd3b-7ff704c1bd47 801->805 805->793 810 7ff704c1bd49-7ff704c1bd4b 805->810 807->808 813 7ff704c1bdb5-7ff704c1bdc7 GetConsoleMode 807->813 812 7ff704c1be27-7ff704c1be47 ReadFile 808->812 810->793 815 7ff704c1bd4d-7ff704c1bd65 810->815 818 7ff704c1be4d-7ff704c1be55 812->818 819 7ff704c1bf41-7ff704c1bf4a GetLastError 812->819 813->808 820 7ff704c1bdc9-7ff704c1bdd1 813->820 815->793 825 7ff704c1bd67-7ff704c1bd73 815->825 816->792 817->821 818->819 827 7ff704c1be5b 818->827 822 7ff704c1bf67-7ff704c1bf6a 819->822 823 7ff704c1bf4c-7ff704c1bf62 call 7ff704c1b598 call 7ff704c1b578 819->823 820->812 829 7ff704c1bdd3-7ff704c1bdf5 ReadConsoleW 820->829 824 7ff704c1be07-7ff704c1be11 call 7ff704c1a574 821->824 835 7ff704c1bdfd-7ff704c1bdff call 7ff704c1b50c 822->835 836 7ff704c1bf70-7ff704c1bf72 822->836 823->821 824->776 825->793 834 7ff704c1bd75-7ff704c1bd77 825->834 838 7ff704c1be62-7ff704c1be77 827->838 830 7ff704c1bdf7 GetLastError 829->830 831 7ff704c1be16-7ff704c1be20 829->831 830->835 831->838 834->793 843 7ff704c1bd79-7ff704c1bd89 834->843 835->821 836->824 838->824 845 7ff704c1be79-7ff704c1be84 838->845 843->793 848 7ff704c1beab-7ff704c1beb3 845->848 849 7ff704c1be86-7ff704c1be9f call 7ff704c1b778 845->849 850 7ff704c1bf2f-7ff704c1bf3c call 7ff704c1b5b8 848->850 851 7ff704c1beb5-7ff704c1bec7 848->851 854 7ff704c1bea4-7ff704c1bea6 849->854 850->854 855 7ff704c1bec9 851->855 856 7ff704c1bf22-7ff704c1bf2a 851->856 854->824 859 7ff704c1bece-7ff704c1bed5 855->859 856->824 860 7ff704c1bed7-7ff704c1bedb 859->860 861 7ff704c1bf11-7ff704c1bf1c 859->861 862 7ff704c1bef7 860->862 863 7ff704c1bedd-7ff704c1bee4 860->863 861->856 865 7ff704c1befd-7ff704c1bf0d 862->865 863->862 864 7ff704c1bee6-7ff704c1beea 863->864 864->862 866 7ff704c1beec-7ff704c1bef5 864->866 865->859 867 7ff704c1bf0f 865->867 866->865 867->856
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: a7237f40ba55fbfcfd7203fc6e89763ccd47b5f3d6f0ac254d51dd75cb3de353
                                                                • Instruction ID: 8c568419ea73f87d2157057752a46312b9bc6113f20ad45a1f6ccb21f99ff268
                                                                • Opcode Fuzzy Hash: a7237f40ba55fbfcfd7203fc6e89763ccd47b5f3d6f0ac254d51dd75cb3de353
                                                                • Instruction Fuzzy Hash: 0CC18722A0868661E6506F1798C02BFB771EF82780FD54136DA4E077A5EF7CFC558B20
                                                                Function 00007FF704C06DD0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID:
                                                                • API String ID: 995526605-0
                                                                • Opcode ID: 8f9891b798483f92caab1560084f17c35a3d2f20a9512cd4f17cf036ff63b230
                                                                • Instruction ID: 9e1930398a997ca537d1ae51d3e84bfad7a1d4b9351e2940d0e0ad8e8d286a43
                                                                • Opcode Fuzzy Hash: 8f9891b798483f92caab1560084f17c35a3d2f20a9512cd4f17cf036ff63b230
                                                                • Instruction Fuzzy Hash: BC212131B0CB4251EB50AF56E9C462FE3A1EF857A0F900636D66D83AE4DFACE4558720
                                                                Function 00007FF704C025A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF704C026F4), ref: 00007FF704C025D1
                                                                  • Part of subcall function 00007FF704C01ED0: GetLastError.KERNEL32 ref: 00007FF704C01EEC
                                                                  • Part of subcall function 00007FF704C01ED0: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF704C025EE,?,00007FF704C026F4), ref: 00007FF704C01F56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFormatLastMessageModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 1234058594-2863816727
                                                                • Opcode ID: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction ID: 0bbb8e0ea05ac53d1108619ea8cedddd94a14a24f23dd8972d41b65212c4d2b8
                                                                • Opcode Fuzzy Hash: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction Fuzzy Hash: 32215361B18642A1FA20BF26DC9D3BBA251BF58394FC00237E55EC65E5EF6CE5048720
                                                                Function 00007FF704C07730 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00007FF704C06DD0: GetCurrentProcess.KERNEL32 ref: 00007FF704C06DF0
                                                                  • Part of subcall function 00007FF704C06DD0: OpenProcessToken.ADVAPI32 ref: 00007FF704C06E03
                                                                  • Part of subcall function 00007FF704C06DD0: GetTokenInformation.KERNELBASE ref: 00007FF704C06E28
                                                                  • Part of subcall function 00007FF704C06DD0: GetLastError.KERNEL32 ref: 00007FF704C06E32
                                                                  • Part of subcall function 00007FF704C06DD0: GetTokenInformation.KERNELBASE ref: 00007FF704C06E72
                                                                  • Part of subcall function 00007FF704C06DD0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF704C06E8E
                                                                  • Part of subcall function 00007FF704C06DD0: CloseHandle.KERNEL32 ref: 00007FF704C06EA6
                                                                • LocalFree.KERNEL32(00000000,00007FF704C02A89), ref: 00007FF704C077BC
                                                                • LocalFree.KERNEL32 ref: 00007FF704C077C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                • API String ID: 6828938-1529539262
                                                                • Opcode ID: 556c69a12eea041b70645f2e07fe6d8c8337e702e53c411469b4cd7cd588f294
                                                                • Instruction ID: a999881e79e10b0be9bb96e9fe191860ff0b0808a06bf65fb7d06026ddf8b8c9
                                                                • Opcode Fuzzy Hash: 556c69a12eea041b70645f2e07fe6d8c8337e702e53c411469b4cd7cd588f294
                                                                • Instruction Fuzzy Hash: 70214131A08742A1F614BF12ED993EBA261EF94780FC44037EA4D93796DF7DE84587A0
                                                                Function 00007FF704C067B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(00000000,?,00007FF704C0240C,?,?,00007FF704C02BD3), ref: 00007FF704C068C2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID: %.*s$%s%c$\
                                                                • API String ID: 4241100979-1685191245
                                                                • Opcode ID: d2cc5cc4e3729b854815d16a88e1e58836d9ed8a05899cce8d8ad2b010cc0ecc
                                                                • Instruction ID: 50b9c480ebcb9ef6a7c25e9564aa67bdd56357bd9d628318c334349dc1af855e
                                                                • Opcode Fuzzy Hash: d2cc5cc4e3729b854815d16a88e1e58836d9ed8a05899cce8d8ad2b010cc0ecc
                                                                • Instruction Fuzzy Hash: 4331C721B19AC565EA31AF16EC943EBA254EF44BE0F840332EE5D877C5EF2CD6458710
                                                                Function 00007FF704C1D070 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C1D05B), ref: 00007FF704C1D18C
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C1D05B), ref: 00007FF704C1D217
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction ID: 101c98756ce4233f92a89d0adcdbc4b5eb5e7b7c4e3dab7bafdf8d37bf60ce1d
                                                                • Opcode Fuzzy Hash: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction Fuzzy Hash: 5791A572A18651A5F750AF6698C027EABB0AF46788F94413ADE0F577A4CF7CE442C720
                                                                Function 00007FF704C1FD1C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_isindst
                                                                • String ID:
                                                                • API String ID: 4170891091-0
                                                                • Opcode ID: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction ID: e5dbe38f9afca3335b35fccf10a12fe86afc1411b6bdbd4bec67c38100005161
                                                                • Opcode Fuzzy Hash: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction Fuzzy Hash: 9C51E772F0411256EB14EF25DDD56BEA7B16F46358F90013BDD1E52BE5DB38E402C610
                                                                Function 00007FF704C15848 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                • String ID:
                                                                • API String ID: 2780335769-0
                                                                • Opcode ID: 1fe8b629e13490cc55bf597282d2ffe94226c1235e63fb07a40727d64ec3cf1e
                                                                • Instruction ID: d01b7a9188c51f135ce3e6a32799ae025f9cbf4a5fe74b76cd2b1bb83e03bb2f
                                                                • Opcode Fuzzy Hash: 1fe8b629e13490cc55bf597282d2ffe94226c1235e63fb07a40727d64ec3cf1e
                                                                • Instruction Fuzzy Hash: 7F51C022E04641AAF710EF72D8803BEA3B1AF89B58F904136DE0D57798DF7CD4428761
                                                                Function 00007FF704C156F4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction ID: f4b8549006c391c617fc85526d8cf131762757549ab1cb9223d732d341b43865
                                                                • Opcode Fuzzy Hash: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction Fuzzy Hash: 4A41A622D18742A3E250AF22D98137AA370FF967A4F508336E65D03BE5DF6CA4A08750
                                                                Function 00007FF704C19A80 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction ID: c33b39266387cf41b40824c09f3807b4aa297e2565afac7891ff4856891a1b2f
                                                                • Opcode Fuzzy Hash: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction Fuzzy Hash: 84D09254B0860662EB58BF739DE50BE92625F5AB01F90153BC90F163B3DF7DA84D8321
                                                                Function 00007FF704C0E7E4 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction ID: ee5fde864736b1734e366c5529e5db56bf7eb43e44d3e2a8b6478772d5086be2
                                                                • Opcode Fuzzy Hash: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction Fuzzy Hash: B6510A61B0924165F678BE279C8467BE691BF44BA4F848B36DE6D837D5CF3CE401C620
                                                                Function 00007FF704C0B34C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 1236291503-0
                                                                • Opcode ID: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction ID: 656f590481e95b6775b73a56e5f5ac11cd14004f55f08e57c8394f894ca1809c
                                                                • Opcode Fuzzy Hash: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction Fuzzy Hash: 39310C11E0C50261EA14FFA79D993BB9251AF45784FC40436EA0D873E7EF6CB905C671
                                                                Function 00007FF704C1C51C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction ID: dd54671275da25a760c62ff259a25583691ee2426f19b952bd2368622be7625f
                                                                • Opcode Fuzzy Hash: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction Fuzzy Hash: 7331A822A58B45A1D7249F1689D0179A760FF46BB0BA41336E76F073F0CF38E461D311
                                                                Function 00007FF704C1AB70 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF704C1A9ED,?,?,00000000,00007FF704C1AAA2), ref: 00007FF704C1ABDE
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C1A9ED,?,?,00000000,00007FF704C1AAA2), ref: 00007FF704C1ABE8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                • String ID:
                                                                • API String ID: 1687624791-0
                                                                • Opcode ID: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction ID: 790c92996213d95ea078342722beb94fdd5ad8452e84b93ab7ca021b0a24e6e3
                                                                • Opcode Fuzzy Hash: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction Fuzzy Hash: F521D460B0D68221FE507F139DD027F92A29F86BA0F844237EA1E473E6CF7DA4458320
                                                                Function 00007FF704C1C238 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF704C1C224,?,?,?,00000000,?,00007FF704C1C32D), ref: 00007FF704C1C284
                                                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF704C1C224,?,?,?,00000000,?,00007FF704C1C32D), ref: 00007FF704C1C28E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction ID: 71748c94c7920780a101bd45549ec9c61ebfa4901274a2d135164c497f21a3e5
                                                                • Opcode Fuzzy Hash: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction Fuzzy Hash: 27110461708B8292DA10AF66E98007AA361AF46BF0F944332EE7E077F8CF7CD4548740
                                                                Function 00007FF704C159F0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C15905), ref: 00007FF704C15A23
                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C15905), ref: 00007FF704C15A39
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Time$System$FileLocalSpecific
                                                                • String ID:
                                                                • API String ID: 1707611234-0
                                                                • Opcode ID: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction ID: 3732ed0feae7114ead87cadde3fb982fa3b0960e412beeedbc254d1d45433e2c
                                                                • Opcode Fuzzy Hash: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction Fuzzy Hash: 0E11823260C642A5EA54AF56E8C113BF770EF82761F900237E69D81AE4EF6DD014CB10
                                                                Function 00007FF704C1A574 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                • String ID:
                                                                • API String ID: 588628887-0
                                                                • Opcode ID: 092f6e47d3cc2889ea351a036a35bb30039a98c0d818eb03a693ca50e7a47cf5
                                                                • Instruction ID: c9627be7fdb4f71825b77bf41855c10e89c716e6a600cc78f48f80f7a00cb9ac
                                                                • Opcode Fuzzy Hash: 092f6e47d3cc2889ea351a036a35bb30039a98c0d818eb03a693ca50e7a47cf5
                                                                • Instruction Fuzzy Hash: 52E0BF51F0954266FB147FB39DC517AA2615F89740FC44436C90E563A6EF6C68458730
                                                                Function 00007FF704C1BFB0 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 23e1e69210e6edff46c1a20a99ff15067d5ab76a9899098d0cc9a0d673f9d892
                                                                • Instruction ID: 493fb3ef3cca74e88825958646e419f56769b8ac1a9a00c7e3b4253306bc91de
                                                                • Opcode Fuzzy Hash: 23e1e69210e6edff46c1a20a99ff15067d5ab76a9899098d0cc9a0d673f9d892
                                                                • Instruction Fuzzy Hash: 8D41C53290920157EA24AF16E98027AF3B0EF57B90F901136E69E477E1DF2DF402CB61
                                                                Function 00007FF704C06920 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: f02bb41b162cae212a4c4e8ba1cc80ba8dbf6bc1c966a89e31e60eaafa065c52
                                                                • Instruction ID: 01c2be1e501d80dab0b2ed7784c5c50caf0b2911be41d625144db670bd28445f
                                                                • Opcode Fuzzy Hash: f02bb41b162cae212a4c4e8ba1cc80ba8dbf6bc1c966a89e31e60eaafa065c52
                                                                • Instruction Fuzzy Hash: 4A219321B1869266EA10BF13AD883BBD691BF49BD4FC85432EE4D47786DF7DE061C210
                                                                Function 00007FF704C1BA40 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction ID: 88645ab0c7471adb6b74a5221b23d053ef86774e0eceb6d5c2d9e02ee0ea7ce5
                                                                • Opcode Fuzzy Hash: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction Fuzzy Hash: 9D313E21A18512A6E6517F168C8137EA660AF46B90FC10137E91A437E2EF7CF8418B31
                                                                Function 00007FF704C199B1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                • String ID:
                                                                • API String ID: 3947729631-0
                                                                • Opcode ID: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction ID: c31f4f8f0cbba0105f4d567bb5ccdd8b7b0c9ce8d6a33c1b3e09f6d564f03a48
                                                                • Opcode Fuzzy Hash: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction Fuzzy Hash: C521BC72E146429AEB24AF65C8902FD37B0EB05718F841637D61D06BE5DF38E548CB61
                                                                Function 00007FF704C16064 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction ID: 8197f2ab550c3dd7efb5b2fdb241c3e487c894472e069955f205d73e1ca78765
                                                                • Opcode Fuzzy Hash: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction Fuzzy Hash: 26115121A0D641A6EA61BF53988017FE274AFC6B80FD44433EB4D57BA6DF7DE8408724
                                                                Function 00007FF704C266E4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction ID: 4b4ade7ccad2b452f751f3b5fdc73f60b4679e33abacd7a1a98d502f20f7e375
                                                                • Opcode Fuzzy Hash: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction Fuzzy Hash: 6C21A732718A8297EB61AF19E9C037AB6A0FF84B54F944236E75E476D5DF7CD4008B20
                                                                Function 00007FF704C0EA64 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction ID: 4067dce0f1c8ff2df203918aa0b0ed1de9b80dc63ffc4f3ba9ece2541553e828
                                                                • Opcode Fuzzy Hash: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction Fuzzy Hash: 4B01C821A0874151E904FF539D4007AEAA1BF8AFE0F888632DE6C57BD6DF3CD4018710
                                                                Function 00007FF704C1F014 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF704C1B33A,?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2), ref: 00007FF704C1F069
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction ID: da5d1a8ce36005b156e9889956a054d024ab8e03f7f5ff6cba2709791fa96635
                                                                • Opcode Fuzzy Hash: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction Fuzzy Hash: DFF04F54B0920761FE547F639DD02B792A11F9A780F88853A8A0E467B1EF5CE4814230
                                                                Function 00007FF704C1D8D4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF704C1D83D,?,?,?,00007FF704C1130F), ref: 00007FF704C1D912
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction ID: 33cf6c2fdc85e9d82d1747197c0a264db6fc5e873120406fc731886949d0dee7
                                                                • Opcode Fuzzy Hash: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction Fuzzy Hash: A7F03A02A0C20661FE543EA39D8037792A05F577B0F884632DD2F463E1DF6CF4408230
                                                                Function 00007FF704C0B52C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF704C0B540
                                                                  • Part of subcall function 00007FF704C0BF68: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF704C0BF70
                                                                  • Part of subcall function 00007FF704C0BF68: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF704C0BF75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                • String ID:
                                                                • API String ID: 1208906642-0
                                                                • Opcode ID: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction ID: f36c0b34015f6a60cd2ce46790dbb18d41c816dc893120ffe91898af015c638a
                                                                • Opcode Fuzzy Hash: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction Fuzzy Hash: 7DE07E54D0D243B1FD58BEA31DDA2BB82441F22304EC010BBD90D821D3AF4EB8462531

                                                                Non-executed Functions

                                                                Function 00007FF704C06120 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                • API String ID: 190572456-3427451314
                                                                • Opcode ID: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction ID: 7fe959f6accf095bce8f2e6a75cd15345956e423c089aedc6d32909a892ac0d0
                                                                • Opcode Fuzzy Hash: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction Fuzzy Hash: 31E1A664A09B03B0FA19EF46EED46B6E2A5AF48745FD41437C80E62365EFBCB5148270
                                                                Function 00007FF704C2443C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 808467561-2761157908
                                                                • Opcode ID: 6a73d64f3957e79f4831cfdc60d77cefc3706dcd898f99a703ecbe0e680df747
                                                                • Instruction ID: f364e31c65b7f90c4e912d3b584763ed27ed610cedd2acd82b3ec7a36ebf390a
                                                                • Opcode Fuzzy Hash: 6a73d64f3957e79f4831cfdc60d77cefc3706dcd898f99a703ecbe0e680df747
                                                                • Instruction Fuzzy Hash: 34B2FD72E18282ABE725DF66DA807FEB7A1FF44744F805136DA0D57A84DFB8A500CB50
                                                                Function 00007FF704C093BD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                • API String ID: 0-2665694366
                                                                • Opcode ID: 19919c9233c94dbecffabbbafd0da1bd8fe3cdfb3e337fb472f57dc76b8b5787
                                                                • Instruction ID: 8c63cf96067dae629407407d0a35da67102be7d5a2f820d6223388fc202de7f9
                                                                • Opcode Fuzzy Hash: 19919c9233c94dbecffabbbafd0da1bd8fe3cdfb3e337fb472f57dc76b8b5787
                                                                • Instruction Fuzzy Hash: 2B52F5B2A146A69BD7A49F16D89CB7F7BA9FF44340F41413AE64A83781DB3CD844CB10
                                                                Function 00007FF704C0B84C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction ID: 04fd11b5b04037535e5ac0f0ae9ccfb3250ae668ee39d7ef1dd7e691ac1aaaed
                                                                • Opcode Fuzzy Hash: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction Fuzzy Hash: 67315C76608B8196EB60EF61E8803EEB360FB84744F84403ADB4E57B94EF78D548C720
                                                                Function 00007FF704C1A668 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction ID: df62f31e96d9237e218bff1011e02530c757f8f5f7845cc948e51a558d245bd5
                                                                • Opcode Fuzzy Hash: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction Fuzzy Hash: 80316F36608B8196EB60DF26EC802AEB3A4FF89754F940136EA8D43B64DF3DD555CB10
                                                                Function 00007FF704C21C04 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 2227656907-0
                                                                • Opcode ID: 68d9696b78b2b04cbfbbadcaa10e7e272669cffb8f398423c6303c310c021837
                                                                • Instruction ID: 67e0f90ff3a0a1ea5bb89e3d2372f416db2923a210336b40afe76ee38ca877f0
                                                                • Opcode Fuzzy Hash: 68d9696b78b2b04cbfbbadcaa10e7e272669cffb8f398423c6303c310c021837
                                                                • Instruction Fuzzy Hash: 33B1C422B1868291EA61EF23DE841BBE261FF45BD4F884133EA5D07B95DFBCE4418310
                                                                Function 00007FF704C01ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID: %ls: %ls$<FormatMessageW failed.>
                                                                • API String ID: 3479602957-1483686772
                                                                • Opcode ID: dfb41b6bca575f417ea75a48261e7533a71cf37c967872dfe92092f08ec333e5
                                                                • Instruction ID: f0a58a6062a5c3a30d6d13a8ba3710a891fdd56b65375c9e12f4be9cf66b2990
                                                                • Opcode Fuzzy Hash: dfb41b6bca575f417ea75a48261e7533a71cf37c967872dfe92092f08ec333e5
                                                                • Instruction Fuzzy Hash: E5119162A08781A1F320AF13FD457ABA660BF897C4F840136EE8D47765DF7CD5458790
                                                                Function 00007FF704C0B730 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction ID: 40c814b47deadcb83c958e4b4cdfc606d0c47330074912fd97b5a5cc686a65d3
                                                                • Opcode Fuzzy Hash: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction Fuzzy Hash: F8114826B14B019AEB00DF65EC852A973A4FF18B58F840E36DA6D827A4DF78E1548390
                                                                Function 00007FF704C23FA0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: memcpy_s
                                                                • String ID:
                                                                • API String ID: 1502251526-0
                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                • Instruction ID: f32000576bbdecf10400edc04e67eed75c2a66d387134924778d8f03eafdf8be
                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                • Instruction Fuzzy Hash: A8C11572B1868697E728DF1AE58466BF7A1FB94788F809136DB4E53744DB7CE800CB04
                                                                Function 00007FF704C08B8B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                • API String ID: 0-1127688429
                                                                • Opcode ID: ec936d166140e8da51e643a4531226a3b40fe54f705dd7d388a52184c5939a5f
                                                                • Instruction ID: 7f66b4f63ac9060096bd555392c17ff131c2bd71567bd5698374cfa3ebfa0ccc
                                                                • Opcode Fuzzy Hash: ec936d166140e8da51e643a4531226a3b40fe54f705dd7d388a52184c5939a5f
                                                                • Instruction Fuzzy Hash: 6FF1C572A083C56BE795AF16C8CCB3BBAA9FF44744F45853ADA4987391CB38D440C760
                                                                Function 00007FF704C29AB8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise_clrfp
                                                                • String ID:
                                                                • API String ID: 15204871-0
                                                                • Opcode ID: 592aaa1d1e24c0ca7062a383ac7c08c3456e3625a81473f514852d4ab39e7f2b
                                                                • Instruction ID: a4edd527376add6490122706038111d3c3b497702be150a6da3f0fc59237e353
                                                                • Opcode Fuzzy Hash: 592aaa1d1e24c0ca7062a383ac7c08c3456e3625a81473f514852d4ab39e7f2b
                                                                • Instruction Fuzzy Hash: B7B190B3604B848BE715DF2AC98636D7BE0FB84B48F548922DB5D837A4CB79D451C710
                                                                Function 00007FF704C135A0 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-227171996
                                                                • Opcode ID: 4206eb6757f2f30fe17398c19963b784f783257c512c01761c64f214e9c1497b
                                                                • Instruction ID: 7aaa7bbe042f2fbbf8f28d1d38c31fc5cef6a963080588e9978242d5388af7d5
                                                                • Opcode Fuzzy Hash: 4206eb6757f2f30fe17398c19963b784f783257c512c01761c64f214e9c1497b
                                                                • Instruction Fuzzy Hash: 93E18472A0868691FB68AE26899013EA3B0FF46B4CF945137DE4E077B4DF29D851C760
                                                                Function 00007FF704C089EB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: incorrect header check$invalid window size
                                                                • API String ID: 0-900081337
                                                                • Opcode ID: 2ace5609b525119006861535f088e36343376fe54f431f018f35809291a9f140
                                                                • Instruction ID: b8c30f858541bc66d6c534681c86360bc97e4aa9b9378784d29e023833d1383d
                                                                • Opcode Fuzzy Hash: 2ace5609b525119006861535f088e36343376fe54f431f018f35809291a9f140
                                                                • Instruction Fuzzy Hash: CF91A972A183C697E7A4AF15D8CCB3F7AA9FF45354F51813ADA4A86780CB39E540CB10
                                                                Function 00007FF704C1E1C8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: e+000$gfff
                                                                • API String ID: 0-3030954782
                                                                • Opcode ID: 1a606224f95ff019e49c69da0b246c648176fccdedc8a9ba9f88329446dd12d1
                                                                • Instruction ID: 009407016ad26a24dd9c03ba2157b8db3d714c1f4ee491da163f203eb3b125e2
                                                                • Opcode Fuzzy Hash: 1a606224f95ff019e49c69da0b246c648176fccdedc8a9ba9f88329446dd12d1
                                                                • Instruction Fuzzy Hash: F7517C62B186C196E7249E36DC9076AF7A1EB45B90F889232CF9C87BE1CF3DD4408710
                                                                Function 00007FF704C20C58 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                • String ID:
                                                                • API String ID: 1010374628-0
                                                                • Opcode ID: cfe186765fd99fa3ec96a97d0dd1cc61422cc7455a336e2421977b9f05b5ad27
                                                                • Instruction ID: 8b18ca9c0d73ab55f58e6ac25f3c4d5420e74de645c5b70d2d59a09fe7bb7a4e
                                                                • Opcode Fuzzy Hash: cfe186765fd99fa3ec96a97d0dd1cc61422cc7455a336e2421977b9f05b5ad27
                                                                • Instruction Fuzzy Hash: D7028221A0E64261FA55BF53DEC027BA6916F42BA0FC84637DE5D563E2DFBDE4018320
                                                                Function 00007FF704C1DD34 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: gfffffff
                                                                • API String ID: 0-1523873471
                                                                • Opcode ID: 941045972006b9d0f1b3cc48f5e6a6d4cb79917f60820071d235da011363fb5d
                                                                • Instruction ID: 9747fe5d1e261ad1d78a29c57c44dced0c94189b079ee8851b3d0fd6d33e74bd
                                                                • Opcode Fuzzy Hash: 941045972006b9d0f1b3cc48f5e6a6d4cb79917f60820071d235da011363fb5d
                                                                • Instruction Fuzzy Hash: 2FA16962B087C646EB21DF2698807ABBBA1EF52B84F448133DE4E477A5DB3DE501C711
                                                                Function 00007FF704C187E8 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: TMP
                                                                • API String ID: 3215553584-3125297090
                                                                • Opcode ID: 63fbde5e6ac14910810537c58a37d506e670242249e961798800c3dd729a4cd2
                                                                • Instruction ID: c55e9db8ba02fe615ee549aae676c92a4cfae0719661cd237a7d45a14728dbd4
                                                                • Opcode Fuzzy Hash: 63fbde5e6ac14910810537c58a37d506e670242249e961798800c3dd729a4cd2
                                                                • Instruction Fuzzy Hash: 11517B11B0C65261FA68BE279D8117BD2A06F86BC4FC84536DE0D577E6EF3CE4528230
                                                                Function 00007FF704C23810 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: HeapProcess
                                                                • String ID:
                                                                • API String ID: 54951025-0
                                                                • Opcode ID: 9789172150413948e0b28418eec1c8a8ccf4190bb03978cfddeadbc209c5a328
                                                                • Instruction ID: 27075b0b6bf54507fc92c90e880eacc3c9d7a9462ed2e00ffa292473181d97c9
                                                                • Opcode Fuzzy Hash: 9789172150413948e0b28418eec1c8a8ccf4190bb03978cfddeadbc209c5a328
                                                                • Instruction Fuzzy Hash: 0AB09220F0BA06E2EA183F12ADC222A62A57F88B10FE4403AC00C41320DF7C20A58724
                                                                Function 00007FF704C130DC Relevance: .4, Instructions: 374COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2358e72589b6b3377ab2bad04af7216ee3f8f759d040d1f797c8fb69fb0f14ee
                                                                • Instruction ID: a179d0078512684474a3728c9872f967bc85de142e8aeba6b50acaea40c299eb
                                                                • Opcode Fuzzy Hash: 2358e72589b6b3377ab2bad04af7216ee3f8f759d040d1f797c8fb69fb0f14ee
                                                                • Instruction Fuzzy Hash: 05E19326A08282A1FA69AE1789C413BA771FF47B4CF944136CE0E477B5CF39E855C760
                                                                Function 00007FF704C128A0 Relevance: .4, Instructions: 351COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7343539c04ac9af6cdeac4bc6219f2c589e776346b6eb75cb976f653d0c459b
                                                                • Instruction ID: 0bb3fdd7567af0f0ac70607275283d1209d625e2385414d15bf3e1c216c994dd
                                                                • Opcode Fuzzy Hash: a7343539c04ac9af6cdeac4bc6219f2c589e776346b6eb75cb976f653d0c459b
                                                                • Instruction Fuzzy Hash: 10E1C43AA0864295F764AE2A89D437AA7B1EF47754F944277CE0D273F5CF29E841C320
                                                                Function 00007FF704C12CD8 Relevance: .3, Instructions: 327COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cca83ff74b263ce5c295529228f557388dca03720ded2e523bfa844f5f5f9ddc
                                                                • Instruction ID: 7e9e4881d74cf760a23dbcb6faad702f4ca941b0e292003e43058ee16c5e676d
                                                                • Opcode Fuzzy Hash: cca83ff74b263ce5c295529228f557388dca03720ded2e523bfa844f5f5f9ddc
                                                                • Instruction Fuzzy Hash: 23D1C52AA0864295EB68AE2788D027FA7B0EF46B48F944177CE0D577F5CF39D851C360
                                                                Function 00007FF704C07F10 Relevance: .3, Instructions: 287COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 109faad2390431b91b5756b2411542da641bcf6ba28d728522257e2b87dbd1f6
                                                                • Instruction ID: c5f332cd063a3a8ba3f6d7120d58790cf36f2d559af4af013814c9c59d080754
                                                                • Opcode Fuzzy Hash: 109faad2390431b91b5756b2411542da641bcf6ba28d728522257e2b87dbd1f6
                                                                • Instruction Fuzzy Hash: DAC1B7722181F24BD289EB29E86947A73E1F79834DBD4453AEB8747F85C63CE014D760
                                                                Function 00007FF704C11570 Relevance: .2, Instructions: 250COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ec59dfd8bcd7bcec265e8b5b2cbfbb381f6a605a6ab24caa1a9331ef77a952b4
                                                                • Instruction ID: d3ec0948de0c4da89e814bea9a4f14846269955970ce04d2d77ca1307ad6fca9
                                                                • Opcode Fuzzy Hash: ec59dfd8bcd7bcec265e8b5b2cbfbb381f6a605a6ab24caa1a9331ef77a952b4
                                                                • Instruction Fuzzy Hash: 6CB18F72A0865195E764AF2AC89023EBBB1EF4BB48F9D4136CB4D473A5CF2DD840C760
                                                                Function 00007FF704C11908 Relevance: .2, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c6a950e7996a4960caf206d6760023a42f3c60125d50f0e74594167b1f1f849
                                                                • Instruction ID: ceb4d99c29a958773aeeb7fe4055e61941745fcee46ea22f8b5fe64f513d670a
                                                                • Opcode Fuzzy Hash: 5c6a950e7996a4960caf206d6760023a42f3c60125d50f0e74594167b1f1f849
                                                                • Instruction Fuzzy Hash: 5AB1817291868595E7649F2AC89013EBBB0EB4AB48FAC0237CB4D473A5DF3DD441C721
                                                                Function 00007FF704C1E848 Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7110a39ce98c36f7cd450fec5ec8b7d5e4d2d3d1afbc802f151aa1d1f40819fd
                                                                • Instruction ID: 1fe5152b5feb5e96e357468cd83ed0949d6c8cfba99c0731d701cef72ad30b92
                                                                • Opcode Fuzzy Hash: 7110a39ce98c36f7cd450fec5ec8b7d5e4d2d3d1afbc802f151aa1d1f40819fd
                                                                • Instruction Fuzzy Hash: A081D672A0878195E764DF1A988037BEAA1FF46794F944236DE9D87BA5CF3CE400CB10
                                                                Function 00007FF704C267A8 Relevance: .2, Instructions: 183COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 76841ffac59fb1aa117661ef60ddab495c3918d3b22b784fc25b9aee43533823
                                                                • Instruction ID: c36fe5f321c9e53cdbf67005a86fe01e3578b5835cb231d686cbf10b9e46a906
                                                                • Opcode Fuzzy Hash: 76841ffac59fb1aa117661ef60ddab495c3918d3b22b784fc25b9aee43533823
                                                                • Instruction Fuzzy Hash: C461D732F082A266F764BE2ACAD427EE690AF41760F954237D65D427D1DFBDE8408730
                                                                Function 00007FF704C1006C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction ID: 1d2cdc136379cd82dfed8ba54ac14d2c1442c4027e0aeadce0c3b4b1ad23055f
                                                                • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction Fuzzy Hash: A3517576A1465195E7249F2BC49023E77B0EF46B58F648132CE4D57BA4CB3AE883C750
                                                                Function 00007FF704C1088C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction ID: b5946cc4a0fc8cf9674f52ac9bb92f76b14181c529061f1b4f2971b303ecbdc4
                                                                • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction Fuzzy Hash: A4519676A1865595F7249F2BC49022AB3B0EF46B58F648133CE4D57BB4CB3AE883C750
                                                                Function 00007FF704C1047C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction ID: a6757f9bb66f3a6013165a98cd42df1e5d652c8f38453ad5cbcb08e57beb4318
                                                                • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction Fuzzy Hash: 2751A676A1465195E7249F2BC49023A73B0EF46B58F644132CE4D17BB5CF3AE893C750
                                                                Function 00007FF704C0FE68 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                • Instruction ID: 6c524e8209dbb16a9c29850eb167e9f4d3d927ddfcb667160abfe56c06f3d07e
                                                                • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                • Instruction Fuzzy Hash: 8151D732A1865192E7349F2AC48423AB7A0EF45F58F644136DE4C877A5CF7AEC83C750
                                                                Function 00007FF704C10688 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                • Instruction ID: 31389e18af788b43f19c3f972fbc7463464b035ffa630f79359635d6e52a88cc
                                                                • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                • Instruction Fuzzy Hash: 01518B36A1865195E7249F2BC49423E67B0EF46B58F644132CE4D57BB4CF3AE883CB90
                                                                Function 00007FF704C10278 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                • Instruction ID: 6b36165e10c3d9645f27a47a8c62082457d19225376913758177d36b18e1cfe7
                                                                • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                • Instruction Fuzzy Hash: 6D519A3661865196E7249F2BC48463A77B0EF49F58FA44132CE4C57BB5CB3AE883C750
                                                                Function 00007FF704C15E00 Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction ID: 2f0deca2167e2225fad6e3f55f5b678c0cfa51f33b3557d0ab398c33b4938931
                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction Fuzzy Hash: 2F412BA2C09B4A78E9919D1A0DC07BAD6A09FE37A1DD812B7DC9D173F3CF0C6596C120
                                                                Function 00007FF704C19F30 Relevance: .1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                • String ID:
                                                                • API String ID: 588628887-0
                                                                • Opcode ID: 0fd7490daaa7e0a19248f3b6b42aaed158052786efd0fd22baea32bbfaf7da08
                                                                • Instruction ID: c880e37e7c69a83affde06f3ef735476c1b1deb5a9a9c1b288116959431d1702
                                                                • Opcode Fuzzy Hash: 0fd7490daaa7e0a19248f3b6b42aaed158052786efd0fd22baea32bbfaf7da08
                                                                • Instruction Fuzzy Hash: 5641D462B14A5591EF04DF2BDE9416AB3A1BB48FD0B899437DE4D97B68DF3DD0418300
                                                                Function 00007FF704C18130 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5207cac59aa370663d90107647b7fa73a669970ac04eb0856741ddb6baa6332
                                                                • Instruction ID: d4f801c0855a12a51e7c3ebf55a7f49e63f496f0098523ebcf9226d60c6f5255
                                                                • Opcode Fuzzy Hash: f5207cac59aa370663d90107647b7fa73a669970ac04eb0856741ddb6baa6332
                                                                • Instruction Fuzzy Hash: AB31963270DB4151E664FF27A88013FA6A5AF86B90F54423AEA4D53BA5DF3CD4114724
                                                                Function 00007FF704C29900 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b912212f63dff320ae1362ab515060f6369f9d57119dd874f3da221ba5ce9b38
                                                                • Instruction ID: 57883f628d00835e9eee1f2f9c07b9df1cedd93af12b32a71ec0f2f33e89e4ee
                                                                • Opcode Fuzzy Hash: b912212f63dff320ae1362ab515060f6369f9d57119dd874f3da221ba5ce9b38
                                                                • Instruction Fuzzy Hash: FCF06DB17181955AD7A49F29A942526B7D1FB44784F80803ED58D83B08D77D90518F14
                                                                Function 00007FF704C0B9F0 Relevance: .0, Instructions: 2COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5fbf2b8d2d826e568a869ab6bdb6ddabbcfa6ae68d1c00615c4c18dff71faf79
                                                                • Instruction ID: bb4f8f4683a5b4bfed80c31e4d89312db3ac3141df3015f46a3580b13e813805
                                                                • Opcode Fuzzy Hash: 5fbf2b8d2d826e568a869ab6bdb6ddabbcfa6ae68d1c00615c4c18dff71faf79
                                                                • Instruction Fuzzy Hash: 1DA0012591884AE0E654EF42ED95126A220BF54300B800032D20E914A0AF6CB8408260
                                                                Function 00007FF704C04300 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04310
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04351
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04376
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C0439B
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C043C3
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C043EB
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04413
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C0443B
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04463
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                • API String ID: 190572456-2007157414
                                                                • Opcode ID: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction ID: 4dfb4c80bdef450cf07dd298adfea795612ed5d14c42e0238f85f59baba1cfdb
                                                                • Opcode Fuzzy Hash: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction Fuzzy Hash: BA126AA4A09F03B0FA59FF06EED42B7A361AF54745FD41437C90E52250EFBCB5488264
                                                                Function 00007FF704C06A50 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF704C07AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF704C031F4,00000000,00007FF704C01905), ref: 00007FF704C07AD9
                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF704C06F77,?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06AAC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                • API String ID: 2001182103-930877121
                                                                • Opcode ID: 575a631697603eb4a9eb36166bd6d4e279ab7f46c3e8e9ef1e3954877c5b476e
                                                                • Instruction ID: 950869fd5b502cea6a94961ff40d80729c3b9fac2bd92ffecfcbf20fb55f48f3
                                                                • Opcode Fuzzy Hash: 575a631697603eb4a9eb36166bd6d4e279ab7f46c3e8e9ef1e3954877c5b476e
                                                                • Instruction Fuzzy Hash: C641A120B28642A1FA60FF26DDD92BBE251EF84780FC40433E64EC2695EF7CE5148720
                                                                Function 00007FF704C16360 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: -$:$f$p$p
                                                                • API String ID: 3215553584-2013873522
                                                                • Opcode ID: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction ID: ba2a6b3555b91f7e4e1b0cde7098d7f34a186c03e62ded7e6196f2b102ebd06e
                                                                • Opcode Fuzzy Hash: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction Fuzzy Hash: 8F128262B08143A7FB24BE16D99427BE6B1EF42754FC48137D68A477E4DB3CE4908B60
                                                                Function 00007FF704C0F6F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$f$p$p$f
                                                                • API String ID: 3215553584-1325933183
                                                                • Opcode ID: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction ID: 8f3fc297be36ef49c9d3e0fc28976a99b29e7285c48c433dab136f28c5acb5aa
                                                                • Opcode Fuzzy Hash: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction Fuzzy Hash: 33125222A0C157A5FB707E1698986BBF251EF40754FD8413BE689876C4DFBCE5C18B20
                                                                Function 00007FF704C01030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: dda7ef39a1bb89f80a96f06a4601a0e7f1d05c5275264935092f793416021bd7
                                                                • Instruction ID: b03151d47f271da098da31fb97b2a640287b43982f595b15711d9251ec18f260
                                                                • Opcode Fuzzy Hash: dda7ef39a1bb89f80a96f06a4601a0e7f1d05c5275264935092f793416021bd7
                                                                • Instruction Fuzzy Hash: 09418F25A08642A2EA18BF13AD842BBE3A1BF05BC4FC84433ED4D87792DF7DE1048350
                                                                Function 00007FF704C01420 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: 217b5edadd75b3fdc7aaefbb99f771d7274dfda5c0a47f76b6b6cc95b88b486f
                                                                • Instruction ID: b5b40b1fec520bf9e030a314648f306c239ae69f2ea333fbb89e5bd28f346293
                                                                • Opcode Fuzzy Hash: 217b5edadd75b3fdc7aaefbb99f771d7274dfda5c0a47f76b6b6cc95b88b486f
                                                                • Instruction Fuzzy Hash: 28419121A08642A2EA24BF57ED841BBE3A0EF04B90FC84033DE4E47A95EF7DE5418710
                                                                Function 00007FF704C0D0E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction ID: 2f8d337642832ab6c23e1f91b4dcdb213b7081249f6f7ff85865fc8736b72bbe
                                                                • Opcode Fuzzy Hash: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction Fuzzy Hash: F2D1937290874196EB20AFA6D8843AEB7A0FF45798F900236EE4E97755CF38E541C710
                                                                Function 00007FF704C0C3A8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C42D
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C43B
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C465
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C4D3
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C4DF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction ID: faf0a1c275bcdfffc1325a8e9e435cd7b8b2b239878da2d67b56225e3054083e
                                                                • Opcode Fuzzy Hash: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction Fuzzy Hash: D031E621A0AA02A1EF15BF43AC8467AA394FF08BA4FC94637DD1D87795DF3CE0408324
                                                                Function 00007FF704C1B160 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 94da510699dacfaf9f03d55c6cb592829f76f5246ea9dcb29aa2e9ba1ca0a1ad
                                                                • Instruction ID: 8fdcef8045af8c86f5474120eb4ccbdbad5e7c69bb9a01b6a1686004ff518105
                                                                • Opcode Fuzzy Hash: 94da510699dacfaf9f03d55c6cb592829f76f5246ea9dcb29aa2e9ba1ca0a1ad
                                                                • Instruction Fuzzy Hash: 44215E24E0D64261F914BB63AED113FD1625F467E0FD0063AE92E467E6EF2CB8008A20
                                                                Function 00007FF704C280FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction ID: 579f699f6f6b65c6d8b412ff3ada8aacdcdbdd18c6e5db11c986f5f0cd2479e2
                                                                • Opcode Fuzzy Hash: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction Fuzzy Hash: 0D118E21A18A4196E750AF47ED8532AA3A0FF88FE4F844236EA1D977A4CFBCD404C750
                                                                Function 00007FF704C074D0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF704C02C4F), ref: 00007FF704C074FD
                                                                • K32EnumProcessModules.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C0755A
                                                                  • Part of subcall function 00007FF704C07AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF704C031F4,00000000,00007FF704C01905), ref: 00007FF704C07AD9
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C075E5
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C07644
                                                                • FreeLibrary.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C07655
                                                                • FreeLibrary.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C0766A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                • String ID:
                                                                • API String ID: 3462794448-0
                                                                • Opcode ID: 03b7074d898f978953d4d1084a470d0e05b12668f520811b20350f06d8902ea3
                                                                • Instruction ID: c6d180518a99418101aff89c4f95b0a97a06288ddbdcc3bea93eaa838c4c6762
                                                                • Opcode Fuzzy Hash: 03b7074d898f978953d4d1084a470d0e05b12668f520811b20350f06d8902ea3
                                                                • Instruction Fuzzy Hash: 6541B372A1A68251EA34BF17A9886ABA394FF44BC0F844136DF4D97799DF3CE500C720
                                                                Function 00007FF704C1B2D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B2E7
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B31D
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B34A
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B35B
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B36C
                                                                • SetLastError.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B387
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 8ab75262f85b51963af53b9744d216e70e5416ae876e9cef209bcb8e7209323b
                                                                • Instruction ID: 85439d2a1ac166a7e7f7fc9016c79f0fe866e3cfa8cc1a11544f72dfe0fbe88e
                                                                • Opcode Fuzzy Hash: 8ab75262f85b51963af53b9744d216e70e5416ae876e9cef209bcb8e7209323b
                                                                • Instruction Fuzzy Hash: 1A115024E0C64262FA14BF239ED113FE1624F467A0FC4073AE92E567E6EF2CF8114620
                                                                Function 00007FF704C19AD8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction ID: ffb2e8ca21b7b93e1355f2e29ec8338bac4e06ac2f43145ca5cbe4219c15eb0a
                                                                • Opcode Fuzzy Hash: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction Fuzzy Hash: 26F0AF61A08602A1EA20AF26EC9473BA320BF49765F900236C96E462F4CF7CD108C360
                                                                Function 00007FF704C296F8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction ID: 1c0ba80f9c81d413e23cf8c0aa1fa79653d80d0de3e420c60afe8e16ff3710f9
                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction Fuzzy Hash: 4E1190B2F18A0321F6943D66EED537781407F95BA0F980636E96E062E68FBC68414120
                                                                Function 00007FF704C1B3A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B3BF
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B3DE
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B406
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B417
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B428
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: efefa3244719db5ffbc0797f46da7cd3d4accbf2d464c2c4e5502cfb49714c95
                                                                • Instruction ID: 56d77ac17c9175ac140e14d3117f92b17ebab33c2683664310f1cba077171611
                                                                • Opcode Fuzzy Hash: efefa3244719db5ffbc0797f46da7cd3d4accbf2d464c2c4e5502cfb49714c95
                                                                • Instruction Fuzzy Hash: A3116020E0C60261F954BF23ADD117BE1615F463A0FC4473BEA2E567E6EF2CF8028620
                                                                Function 00007FF704C1B234 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: 8e9eccaea017f77f04f15656feaf70c713c43e60222aac1749c685c0d7e82489
                                                                • Instruction ID: 2ce1dea6fe2ba21f6d6f642fc44148aef163dbf03862e6f662eec7ae294b5bbb
                                                                • Opcode Fuzzy Hash: 8e9eccaea017f77f04f15656feaf70c713c43e60222aac1749c685c0d7e82489
                                                                • Instruction Fuzzy Hash: D211C514E0D20761F958BA635DE157B92614F47360FD40B3AD92E1A3F2EF2DB8059A20
                                                                Function 00007FF704C16070 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: verbose
                                                                • API String ID: 3215553584-579935070
                                                                • Opcode ID: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction ID: bc032c641c65f0c83a368cc081f4d0bcf87cd8556b020938d02ddc62efc84663
                                                                • Opcode Fuzzy Hash: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction Fuzzy Hash: 3E91A122B08A4692F721AE26D89037EB6B1AF46B94FD44137DA5A473E5DF3CE4458320
                                                                Function 00007FF704C1FF58 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                • API String ID: 3215553584-1196891531
                                                                • Opcode ID: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction ID: 22300f7571e8ba59aeb78f4e289266264e18ef954f73eac362a47f9562988d37
                                                                • Opcode Fuzzy Hash: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction Fuzzy Hash: D881D635D08212A9F7646F2BDFD027AE6A0AF11B48FD55037CB0967295CBBCE5019321
                                                                Function 00007FF704C0BD28 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction ID: 7779856fe04ed3c36b070cf17fc30e8d22ffba50920e4d84972dd22fb77879c5
                                                                • Opcode Fuzzy Hash: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction Fuzzy Hash: B751D535B19602AADB14EF56D888A7AB391EF44B88F844132EA5D87748EF7CFC41C710
                                                                Function 00007FF704C0D5B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction ID: 12887b0fa3b60ba45a564333cc01fa321973df1bb0671d172c8024476a2661f9
                                                                • Opcode Fuzzy Hash: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction Fuzzy Hash: F4618172908B8591D7609F56E8843AAB7A0FB84B84F444226EB9D43B99CF7CD194CB10
                                                                Function 00007FF704C0D968 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction ID: fee1244b3296d18c12aacade50fb97f3c5871744efcb43c263b8ca56dc371184
                                                                • Opcode Fuzzy Hash: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction Fuzzy Hash: E151B132508342AAEB74AF93988837AB790EF54B94F945237DA4E83795CF3CE550CB10
                                                                Function 00007FF704C1C6B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction ID: bea9441179bada5be1c70ae615fab33cf175a00b2efa449cd07800545826522e
                                                                • Opcode Fuzzy Hash: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction Fuzzy Hash: B9D11572B18A819AE711DF76D8802AD77B1FB45798B808237DE4D97BA9DF38D406C310
                                                                Function 00007FF704C076E0 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction ID: 57dc7cd9f4bd3df40cf22e8911f740d1c47a08d86ea715225c1c059e4dcc073f
                                                                • Opcode Fuzzy Hash: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction Fuzzy Hash: 6EF01C21A19A4292EB556F27ADC403AA2A1AF88BC0B882032DA4A47254DF3CF4458620
                                                                Function 00007FF704C07850 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction ID: 9771e8d346af7f0e84b233df57e4c964c0e000c3c02547153b1c6d3c1e59d5f7
                                                                • Opcode Fuzzy Hash: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction Fuzzy Hash: AAF01C21A2964292EB646F22EDC453EA361AF84B84F881532D94A57654DF3CF445C720
                                                                Function 00007FF704C25EAC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                • String ID: ?
                                                                • API String ID: 1286766494-1684325040
                                                                • Opcode ID: 251138c72b5965edf1fa1f81af5a04797616578f3cc633bdfd53ce657dc71f87
                                                                • Instruction ID: bcc0dbc65a767f6395214734b1452d0fa2d4f3aa5aa1ae6c117a83adc8a071d1
                                                                • Opcode Fuzzy Hash: 251138c72b5965edf1fa1f81af5a04797616578f3cc633bdfd53ce657dc71f87
                                                                • Instruction Fuzzy Hash: A441F722B1828272FB64AF27DA8137BD660EF817A4F944236EF5D06AD5DF7CD4418710
                                                                Function 00007FF704C19068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C1909A
                                                                  • Part of subcall function 00007FF704C1A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF704C0B2B5), ref: 00007FF704C190B8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                                • String ID: C:\Users\user\Desktop\rQTI6IKszT.exe
                                                                • API String ID: 2553983749-1571259150
                                                                • Opcode ID: 3df4ae63d4fff12831f189b335aa218eb560bdcda4609670a69b9ecc1ff23c91
                                                                • Instruction ID: ad9b5fec0b5ca9264a5c5a79d2738aa18d34b1d6ac785481ea1f04601df1cbdc
                                                                • Opcode Fuzzy Hash: 3df4ae63d4fff12831f189b335aa218eb560bdcda4609670a69b9ecc1ff23c91
                                                                • Instruction Fuzzy Hash: 66418275A09B42A6EB14FF229D900BAA6B5AF46794FD44037EE0E03765DF3DE481C320
                                                                Function 00007FF704C20960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                • String ID: .$:
                                                                • API String ID: 2020911589-4202072812
                                                                • Opcode ID: f97400b4b6bea46a78610483c1128240a852cfcae85642ce05e1988dfa049936
                                                                • Instruction ID: 6fbced1a99bc2935f686c93d0088cfbeaede76decce28d6c93f18c28a2640f08
                                                                • Opcode Fuzzy Hash: f97400b4b6bea46a78610483c1128240a852cfcae85642ce05e1988dfa049936
                                                                • Instruction Fuzzy Hash: D1412A22E05A22A8FB11BFB2DD911BEA6B46F15748F940037DF4E67B95EF7894418320
                                                                Function 00007FF704C1CD48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction ID: d0879f7ee3b62277190e9358f3a0b93ccd723063b8f5e451b5a76990086d1157
                                                                • Opcode Fuzzy Hash: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction Fuzzy Hash: 4F41A422A18A8192DB20EF66E8843BAB761FF99794F804136EE4D87798DF7CD441C750
                                                                Function 00007FF704C1F948 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID: :
                                                                • API String ID: 1611563598-336475711
                                                                • Opcode ID: 4bfe2f4935389013acc90f4f61b7abfe708b65c7be8d8a9fbf9a8b0e0cf1ed10
                                                                • Instruction ID: bf0e2566aee44c4308636b30c0d53e638e4d547ee2c9eaeb1d0505ee8b9ae8a9
                                                                • Opcode Fuzzy Hash: 4bfe2f4935389013acc90f4f61b7abfe708b65c7be8d8a9fbf9a8b0e0cf1ed10
                                                                • Instruction Fuzzy Hash: B521D522A0868191EB20AF16D88426FA3B1FF89B44FC5403BD68D53395DF7CE945C760
                                                                Function 00007FF704C0E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction ID: 9ad3c3683b06b248363b45cf6ba6af06d2d9ecd34385e83c38cacf6900f043e6
                                                                • Opcode Fuzzy Hash: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction Fuzzy Hash: 82116D32618B8092EB209F56F98426AB7E4FF88B94F984631DE8D47B65DF3CD551CB00
                                                                Function 00007FF704C20ACC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1735951923.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000000.00000002.1735926105.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1735989333.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736022021.00007FF704C45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1736080692.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                • String ID: :
                                                                • API String ID: 2595371189-336475711
                                                                • Opcode ID: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction ID: 4efe62d04f52bf0597b28e2f8861cd54510ad608e5f3390b451d535b30e62d2a
                                                                • Opcode Fuzzy Hash: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction Fuzzy Hash: 2A018F22A1C20296F730BF62D8E527FA3A0EF45748FC41537D64D866A1EF6CE544CA24

                                                                Executed Functions

                                                                Function 00007FFDFF1A8370 Relevance: 591.1, APIs: 57, Strings: 280, Instructions: 1337libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ffdff1a8370-7ffdff1a83a3 PySys_GetObject 1 7ffdff1a83a5-7ffdff1a83b3 PyLong_AsUnsignedLongMask 0->1 2 7ffdff1a83e1 PyErr_Clear 0->2 3 7ffdff1a83e7-7ffdff1a83f5 call 7ffdff1b3800 1->3 4 7ffdff1a83b5-7ffdff1a83be PyErr_Occurred 1->4 2->3 9 7ffdff1a83f7-7ffdff1a83f9 call 7ffdff1b38d0 3->9 10 7ffdff1a83fe-7ffdff1a8407 ?PyWinGlobals_Ensure@@YAHXZ 3->10 4->3 6 7ffdff1a83c0 4->6 8 7ffdff1a83c2-7ffdff1a83e0 6->8 9->10 10->6 12 7ffdff1a8409-7ffdff1a8421 PyModule_Create2 10->12 12->6 13 7ffdff1a8423-7ffdff1a8432 PyModule_GetDict 12->13 13->6 14 7ffdff1a8434-7ffdff1a843b call 7ffdff1b24b0 13->14 14->6 17 7ffdff1a843d-7ffdff1a8495 PyDict_SetItemString * 3 PyType_Ready 14->17 17->6 18 7ffdff1a849b-7ffdff1a84ae PyType_Ready 17->18 18->6 19 7ffdff1a84b4-7ffdff1a84c7 PyType_Ready 18->19 19->6 20 7ffdff1a84cd-7ffdff1a84e0 PyType_Ready 19->20 20->6 21 7ffdff1a84e6-7ffdff1a85c3 call 7ffdff1e8100 _Py_NewReference PyDict_SetItemString call 7ffdff1e8100 _Py_NewReference PyDict_SetItemString call 7ffdff1e8100 _Py_NewReference PyDict_SetItemString call 7ffdff1e8100 _Py_NewReference PyDict_SetItemString 20->21 30 7ffdff1a85c5-7ffdff1a85dc PyErr_SetString 21->30 31 7ffdff1a85e1-7ffdff1a85f6 PyDict_SetItemString 21->31 30->6 31->6 32 7ffdff1a85fc-7ffdff1a8611 PyDict_SetItemString 31->32 32->6 33 7ffdff1a8617-7ffdff1a8633 PyDict_SetItemString 32->33 33->6 34 7ffdff1a8639-7ffdff1a8667 PyErr_NewException PyDict_SetItemString 33->34 34->6 35 7ffdff1a866d-7ffdff1a867b 34->35 36 7ffdff1a8680-7ffdff1a8694 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 35->36 36->6 37 7ffdff1a869a-7ffdff1a86af PyDict_SetItemString 36->37 38 7ffdff1a86ba-7ffdff1a86bc 37->38 39 7ffdff1a86b1-7ffdff1a86b4 _Py_Dealloc 37->39 38->6 40 7ffdff1a86c2-7ffdff1a86c5 38->40 39->38 40->36 41 7ffdff1a86c7-7ffdff1a86d7 PyType_Ready 40->41 41->6 42 7ffdff1a86dd-7ffdff1a86ed PyType_Ready 41->42 42->6 43 7ffdff1a86f3-7ffdff1a8703 PyType_Ready 42->43 43->6 44 7ffdff1a8709-7ffdff1a8719 PyType_Ready 43->44 44->6 45 7ffdff1a871f-7ffdff1a872f PyType_Ready 44->45 45->6 46 7ffdff1a8735-7ffdff1a874d PyModule_Create2 45->46 46->6 47 7ffdff1a8753-7ffdff1a8786 PyDict_New PyDict_SetItemString GetModuleHandleW 46->47 48 7ffdff1a8788-7ffdff1a87f4 GetProcAddress * 5 47->48 49 7ffdff1a87fb-7ffdff1a880b GetModuleHandleW 47->49 48->49 50 7ffdff1a881f-7ffdff1a882f GetProcAddress 49->50 51 7ffdff1a880d-7ffdff1a881d LoadLibraryW 49->51 52 7ffdff1a8836-7ffdff1a9cd3 call 7ffdff1a8300 * 254 call 7ffdff1a0ef0 50->52 51->50 51->52 563 7ffdff1a9cd5-7ffdff1a9cfb call 7ffdff1a8300 * 2 52->563 564 7ffdff1a9cfd-7ffdff1a9d1d call 7ffdff1a8300 * 2 52->564 573 7ffdff1a9d20-7ffdff1a9d56 call 7ffdff1a8300 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 563->573 564->573 576 7ffdff1a9d58-7ffdff1a9d5b _Py_Dealloc 573->576 577 7ffdff1a9d61-7ffdff1a9d88 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 573->577 576->577 578 7ffdff1a9d8a-7ffdff1a9d8d _Py_Dealloc 577->578 579 7ffdff1a9d93-7ffdff1a9dba ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 577->579 578->579 580 7ffdff1a9dc5-7ffdff1a9dc8 579->580 581 7ffdff1a9dbc-7ffdff1a9dbf _Py_Dealloc 579->581 580->8 581->580
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dict_String$Item$ReadyType_$AddressProc$DeallocFrom$D@@@Err_Object_ReferenceU_object@@$HandleModuleModule_$Create2LongLong_$ClearDictEnsure@@ExceptionGlobals_LibraryLoadMaskObjectOccurredSys_Unsigned
                                                                • String ID: ACTIVEOBJECT_STRONG$ACTIVEOBJECT_WEAK$ArgNotFound$CLSCTX_ALL$CLSCTX_INPROC$CLSCTX_INPROC_HANDLER$CLSCTX_INPROC_SERVER$CLSCTX_LOCAL_SERVER$CLSCTX_REMOTE_SERVER$CLSCTX_SERVER$COINIT_APARTMENTTHREADED$COINIT_DISABLE_OLE1DDE$COINIT_MULTITHREADED$COINIT_SPEED_OVER_MEMORY$COWAIT_ALERTABLE$COWAIT_WAITALL$CoCreateInstanceEx$CoGetCancelObject$CoGetObjectContext$CoInitializeSecurity$CoWaitForMultipleHandles$CreateURLMonikerEx$DATADIR_GET$DATADIR_SET$DESCKIND_FUNCDESC$DESCKIND_VARDESC$DISPATCH_METHOD$DISPATCH_PROPERTYGET$DISPATCH_PROPERTYPUT$DISPATCH_PROPERTYPUTREF$DISPID_COLLECT$DISPID_CONSTRUCTOR$DISPID_DESTRUCTOR$DISPID_EVALUATE$DISPID_NEWENUM$DISPID_PROPERTYPUT$DISPID_STARTENUM$DISPID_THIS$DISPID_UNKNOWN$DISPID_VALUE$DVASPECT_CONTENT$DVASPECT_DOCPRINT$DVASPECT_ICON$DVASPECT_THUMBNAIL$EOAC_ACCESS_CONTROL$EOAC_ANY_AUTHORITY$EOAC_APPID$EOAC_AUTO_IMPERSONATE$EOAC_DEFAULT$EOAC_DISABLE_AAA$EOAC_DYNAMIC$EOAC_DYNAMIC_CLOAKING$EOAC_MAKE_FULLSIC$EOAC_MUTUAL_AUTH$EOAC_NONE$EOAC_NO_CUSTOM_MARSHAL$EOAC_REQUIRE_FULLSIC$EOAC_SECURE_REFS$EOAC_STATIC_CLOAKING$EXTCONN_CALLABLE$EXTCONN_STRONG$EXTCONN_WEAK$Empty$FMTID_DocSummaryInformation$FMTID_SummaryInformation$FMTID_UserDefinedProperties$FUNCFLAG_FBINDABLE$FUNCFLAG_FDEFAULTBIND$FUNCFLAG_FDISPLAYBIND$FUNCFLAG_FHIDDEN$FUNCFLAG_FREQUESTEDIT$FUNCFLAG_FRESTRICTED$FUNCFLAG_FSOURCE$FUNCFLAG_FUSESGETLASTERROR$FUNC_DISPATCH$FUNC_NONVIRTUAL$FUNC_PUREVIRTUAL$FUNC_STATIC$FUNC_VIRTUAL$IDLFLAG_FIN$IDLFLAG_FLCID$IDLFLAG_FOUT$IDLFLAG_FRETVAL$IDLFLAG_NONE$IMPLTYPEFLAG_FDEFAULT$IMPLTYPEFLAG_FRESTRICTED$IMPLTYPEFLAG_FSOURCE$INVOKE_FUNC$INVOKE_PROPERTYGET$INVOKE_PROPERTYPUT$INVOKE_PROPERTYPUTREF$InterfaceNames$MKSYS_ANTIMONIKER$MKSYS_CLASSMONIKER$MKSYS_FILEMONIKER$MKSYS_GENERICCOMPOSITE$MKSYS_ITEMMONIKER$MKSYS_NONE$MKSYS_POINTERMONIKER$MSHCTX_DIFFERENTMACHINE$MSHCTX_INPROC$MSHCTX_LOCAL$MSHCTX_NOSHAREDMEM$MSHLFLAGS_NOPING$MSHLFLAGS_NORMAL$MSHLFLAGS_TABLESTRONG$MSHLFLAGS_TABLEWEAK$Missing$Nothing$PARAMFLAG_FHASDEFAULT$PARAMFLAG_FIN$PARAMFLAG_FLCID$PARAMFLAG_FOPT$PARAMFLAG_FOUT$PARAMFLAG_FRETVAL$PARAMFLAG_NONE$REGCLS_MULTIPLEUSE$REGCLS_MULTI_SEPARATE$REGCLS_SINGLEUSE$REGCLS_SUSPENDED$ROTFLAGS_ALLOWANYCLIENT$ROTFLAGS_REGISTRATIONKEEPSALIVE$RPC_C_AUTHN_DCE_PRIVATE$RPC_C_AUTHN_DCE_PUBLIC$RPC_C_AUTHN_DEC_PUBLIC$RPC_C_AUTHN_DEFAULT$RPC_C_AUTHN_DPA$RPC_C_AUTHN_GSS_KERBEROS$RPC_C_AUTHN_GSS_NEGOTIATE$RPC_C_AUTHN_GSS_SCHANNEL$RPC_C_AUTHN_LEVEL_CALL$RPC_C_AUTHN_LEVEL_CONNECT$RPC_C_AUTHN_LEVEL_DEFAULT$RPC_C_AUTHN_LEVEL_NONE$RPC_C_AUTHN_LEVEL_PKT$RPC_C_AUTHN_LEVEL_PKT_INTEGRITY$RPC_C_AUTHN_LEVEL_PKT_PRIVACY$RPC_C_AUTHN_MQ$RPC_C_AUTHN_MSN$RPC_C_AUTHN_NONE$RPC_C_AUTHN_WINNT$RPC_C_AUTHZ_DCE$RPC_C_AUTHZ_DEFAULT$RPC_C_AUTHZ_NAME$RPC_C_AUTHZ_NONE$RPC_C_IMP_LEVEL_ANONYMOUS$RPC_C_IMP_LEVEL_DEFAULT$RPC_C_IMP_LEVEL_DELEGATE$RPC_C_IMP_LEVEL_IDENTIFY$RPC_C_IMP_LEVEL_IMPERSONATE$STDOLE2_LCID$STDOLE2_MAJORVERNUM$STDOLE2_MINORVERNUM$STDOLE_LCID$STDOLE_MAJORVERNUM$STDOLE_MINORVERNUM$STREAM_SEEK_CUR$STREAM_SEEK_END$STREAM_SEEK_SET$SYS_MAC$SYS_WIN16$SYS_WIN32$ServerInterfaces$TKIND_ALIAS$TKIND_COCLASS$TKIND_DISPATCH$TKIND_ENUM$TKIND_INTERFACE$TKIND_MODULE$TKIND_RECORD$TKIND_UNION$TYMED_ENHMF$TYMED_FILE$TYMED_GDI$TYMED_HGLOBAL$TYMED_ISTORAGE$TYMED_ISTREAM$TYMED_MFPICT$TYMED_NULL$TYPEFLAG_FAGGREGATABLE$TYPEFLAG_FAPPOBJECT$TYPEFLAG_FCANCREATE$TYPEFLAG_FCONTROL$TYPEFLAG_FDISPATCHABLE$TYPEFLAG_FDUAL$TYPEFLAG_FHIDDEN$TYPEFLAG_FLICENSED$TYPEFLAG_FNONEXTENSIBLE$TYPEFLAG_FOLEAUTOMATION$TYPEFLAG_FPREDECLID$TYPEFLAG_FREPLACEABLE$TYPEFLAG_FRESTRICTED$TYPEFLAG_FREVERSEBIND$TypeIIDs$URL_MK_LEGACY$URL_MK_UNIFORM$VARFLAG_FREADONLY$VAR_CONST$VAR_DISPATCH$VAR_PERINSTANCE$VAR_STATIC$VT_ARRAY$VT_BLOB$VT_BLOB_OBJECT$VT_BOOL$VT_BSTR$VT_BSTR_BLOB$VT_BYREF$VT_CARRAY$VT_CF$VT_CLSID$VT_CY$VT_DATE$VT_DECIMAL$VT_DISPATCH$VT_EMPTY$VT_ERROR$VT_FILETIME$VT_HRESULT$VT_I1$VT_I2$VT_I4$VT_I8$VT_ILLEGAL$VT_ILLEGALMASKED$VT_INT$VT_LPSTR$VT_LPWSTR$VT_NULL$VT_PTR$VT_R4$VT_R8$VT_RECORD$VT_RESERVED$VT_SAFEARRAY$VT_STORAGE$VT_STORED_OBJECT$VT_STREAM$VT_STREAMED_OBJECT$VT_TYPEMASK$VT_UI1$VT_UI2$VT_UI4$VT_UI8$VT_UINT$VT_UNKNOWN$VT_USERDEFINED$VT_VARIANT$VT_VECTOR$VT_VOID$_univgw$can't define ole_error$coinit_flags$com_error$dcom$error$fdexNameCaseInsensitive$fdexNameCaseSensitive$fdexNameEnsure$fdexNameImplicit$fdexPropCanCall$fdexPropCanConstruct$fdexPropCanGet$fdexPropCanPut$fdexPropCanPutRef$fdexPropCanSourceEvents$fdexPropCannotCall$fdexPropCannotConstruct$fdexPropCannotGet$fdexPropCannotPut$fdexPropCannotPutRef$fdexPropCannotSourceEvents$fdexPropDynamicType$fdexPropNoSideEffects$frozen$internal_error$ole32.dll$ole_error$pythoncom.internal_error$urlmon.dll
                                                                • API String ID: 1000972437-3953899047
                                                                • Opcode ID: 32bd143a4540e0aac1764720208dbd89c65932e9ec492a27a46a1840abf16d7d
                                                                • Instruction ID: 85811d1d1762102b6b63bd83e3d689ee9d4def359f00411286dbac2c79c98684
                                                                • Opcode Fuzzy Hash: 32bd143a4540e0aac1764720208dbd89c65932e9ec492a27a46a1840abf16d7d
                                                                • Instruction Fuzzy Hash: BBD2F867F18B4350FB14AB16A871AB91321AF46BA0F886235C83F4A6DEDF7DE105C744
                                                                Function 00007FFDFF1A0F50 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 253threadcomCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 582 7ffdff1a0f50-7ffdff1a0fa4 _PyArg_ParseTuple_SizeT 583 7ffdff1a0faa-7ffdff1a0fbc ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 582->583 584 7ffdff1a112f 582->584 583->584 585 7ffdff1a0fc2-7ffdff1a0fd4 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 583->585 586 7ffdff1a1131-7ffdff1a1153 call 7ffdff1e80d0 584->586 585->584 587 7ffdff1a0fda-7ffdff1a0fe6 585->587 589 7ffdff1a0fe8-7ffdff1a0fef 587->589 590 7ffdff1a0ff4-7ffdff1a1006 PyObject_IsInstance 587->590 592 7ffdff1a1231-7ffdff1a126d PyEval_SaveThread CoCreateInstance 589->592 593 7ffdff1a10fa-7ffdff1a1110 PyObject_GetAttrString 590->593 594 7ffdff1a100c-7ffdff1a1011 590->594 599 7ffdff1a1275-7ffdff1a1280 PyEval_RestoreThread 592->599 600 7ffdff1a126f 592->600 597 7ffdff1a1112-7ffdff1a1129 PyErr_Clear PyErr_SetString 593->597 598 7ffdff1a1154-7ffdff1a115d 593->598 595 7ffdff1a103c-7ffdff1a1043 594->595 596 7ffdff1a1013-7ffdff1a101c PyErr_Occurred 594->596 605 7ffdff1a1045 595->605 606 7ffdff1a1054-7ffdff1a1066 PyObject_IsInstance 595->606 603 7ffdff1a1035-7ffdff1a1037 596->603 604 7ffdff1a101e-7ffdff1a102f PyErr_SetString 596->604 597->584 607 7ffdff1a116c-7ffdff1a117e PyObject_IsInstance 598->607 608 7ffdff1a115f-7ffdff1a1167 598->608 601 7ffdff1a1297-7ffdff1a129f 599->601 602 7ffdff1a1282-7ffdff1a1292 call 7ffdff194c20 599->602 600->599 610 7ffdff1a12ba-7ffdff1a12cb ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 601->610 611 7ffdff1a12a1-7ffdff1a12b5 601->611 602->586 612 7ffdff1a1229-7ffdff1a122b 603->612 604->603 613 7ffdff1a104a-7ffdff1a104f 605->613 614 7ffdff1a1068-7ffdff1a1089 PyErr_Format 606->614 615 7ffdff1a108e-7ffdff1a1095 606->615 617 7ffdff1a1180-7ffdff1a11a1 PyErr_Format 607->617 618 7ffdff1a11a3-7ffdff1a11b2 607->618 616 7ffdff1a121a-7ffdff1a121e 608->616 622 7ffdff1a12cd-7ffdff1a12e4 PyDict_GetItem 610->622 623 7ffdff1a1311-7ffdff1a132f PyEval_SaveThread PyEval_RestoreThread 610->623 611->586 612->584 612->592 613->612 614->612 625 7ffdff1a1097-7ffdff1a10ad PyErr_SetString 615->625 626 7ffdff1a10b2-7ffdff1a10dd PyEval_SaveThread PyEval_RestoreThread 615->626 616->612 624 7ffdff1a1220-7ffdff1a1223 _Py_Dealloc 616->624 617->616 619 7ffdff1a11cc-7ffdff1a11f7 PyEval_SaveThread PyEval_RestoreThread 618->619 620 7ffdff1a11b4-7ffdff1a11ca PyErr_SetString 618->620 638 7ffdff1a11f9-7ffdff1a120b call 7ffdff194c20 619->638 639 7ffdff1a120d 619->639 627 7ffdff1a1212 620->627 628 7ffdff1a12e6-7ffdff1a12e9 _Py_Dealloc 622->628 629 7ffdff1a12ef-7ffdff1a12f2 622->629 623->586 624->612 625->612 626->613 637 7ffdff1a10e3-7ffdff1a10f5 call 7ffdff194c20 626->637 627->616 628->629 632 7ffdff1a1334-7ffdff1a1346 PyObject_IsSubclass 629->632 633 7ffdff1a12f4-7ffdff1a12fa PyErr_Clear 629->633 635 7ffdff1a1348-7ffdff1a134f 632->635 636 7ffdff1a1351-7ffdff1a135b 632->636 640 7ffdff1a1301-7ffdff1a130b PyErr_SetString 633->640 635->640 641 7ffdff1a1366-7ffdff1a136e 636->641 642 7ffdff1a135d-7ffdff1a1364 636->642 637->612 638->627 639->627 640->623 648 7ffdff1a1370 641->648 649 7ffdff1a1374-7ffdff1a1377 641->649 642->640 648->649 649->586
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Object_Thread$D@@@InstanceRestoreSaveStringU_object@@$Dealloc$Arg_ClearCreateDict_FormatFromItemOccurredParseSizeSubclassTuple_
                                                                • String ID: OOiO:CoCreateInstance$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 1341742694-835438780
                                                                • Opcode ID: cec569e6556e277e9742b7256b508f7b1fdf824d5307de5a095c6011a441b966
                                                                • Instruction ID: 588cb6798457ad5425c4e57c243b1f7c4dac274f5044d8cc7b9153b42fdfb941
                                                                • Opcode Fuzzy Hash: cec569e6556e277e9742b7256b508f7b1fdf824d5307de5a095c6011a441b966
                                                                • Instruction Fuzzy Hash: E0C1F967F08B4281FB159B26E8609B963A1BF84B84F544236CA7E5B6ACDF7CE405C700
                                                                Function 00007FFDFF25CB40 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 650 7ffdff25cb40-7ffdff25cb43 651 7ffdff25cb49-7ffdff25cb6a call 7ffdff241325 650->651 652 7ffdff25cec5 650->652 655 7ffdff25cec0-7ffdff25cec4 651->655 656 7ffdff25cb70-7ffdff25cbdd call 7ffdff2bc745 CRYPTO_free * 2 651->656 655->652 659 7ffdff25cbdf-7ffdff25cbe4 call 7ffdff241d9d 656->659 660 7ffdff25cbe9-7ffdff25cc3d CRYPTO_free_ex_data OPENSSL_LH_free X509_STORE_free CTLOG_STORE_free OPENSSL_sk_free * 3 call 7ffdff2411db 656->660 659->660 663 7ffdff25cc42-7ffdff25cd29 OPENSSL_sk_pop_free * 3 OPENSSL_sk_free call 7ffdff241811 call 7ffdff241032 CRYPTO_free * 4 CRYPTO_secure_free 660->663 668 7ffdff25cd40-7ffdff25cd4a 663->668 669 7ffdff25cd2b-7ffdff25cd36 EVP_MD_get0_provider 663->669 671 7ffdff25cd61-7ffdff25cd6e 668->671 672 7ffdff25cd4c-7ffdff25cd57 EVP_MD_get0_provider 668->672 669->668 670 7ffdff25cd38-7ffdff25cd3b EVP_MD_free 669->670 670->668 674 7ffdff25cd70-7ffdff25cd76 671->674 672->671 673 7ffdff25cd59-7ffdff25cd5c EVP_MD_free 672->673 673->671 675 7ffdff25cd8d-7ffdff25cd95 674->675 676 7ffdff25cd78-7ffdff25cd83 EVP_CIPHER_get0_provider 674->676 675->674 678 7ffdff25cd97-7ffdff25cd9e 675->678 676->675 677 7ffdff25cd85-7ffdff25cd88 EVP_CIPHER_free 676->677 677->675 679 7ffdff25cda4-7ffdff25cdaa 678->679 680 7ffdff25cdc1-7ffdff25cdc9 679->680 681 7ffdff25cdac-7ffdff25cdb7 EVP_MD_get0_provider 679->681 680->679 683 7ffdff25cdcb-7ffdff25cddc 680->683 681->680 682 7ffdff25cdb9-7ffdff25cdbc EVP_MD_free 681->682 682->680 684 7ffdff25cdde 683->684 685 7ffdff25ce4a-7ffdff25cebb CRYPTO_free * 2 CRYPTO_THREAD_lock_free CRYPTO_free * 2 683->685 686 7ffdff25cde1-7ffdff25ce48 CRYPTO_free * 3 684->686 685->655 686->685 686->686
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                • API String ID: 234229340-1080266419
                                                                • Opcode ID: a85317bcf1e3dd943ddaaa58e8500dd1fdc06cb60adce51610fef9f1495ee99f
                                                                • Instruction ID: e58c47e17ade09b15b6a4b9a1d61092181155607639665455a963ca16b7f54bd
                                                                • Opcode Fuzzy Hash: a85317bcf1e3dd943ddaaa58e8500dd1fdc06cb60adce51610fef9f1495ee99f
                                                                • Instruction Fuzzy Hash: 43915461B5964394EB41AF69C5A1AB82321EF85F88F485232DF3DCB6DEDF6DE1018310
                                                                Function 00007FF704C25F90 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1395 7ff704c25f90-7ff704c25fcb call 7ff704c25918 call 7ff704c25920 call 7ff704c25988 1402 7ff704c25fd1-7ff704c25fdc call 7ff704c25928 1395->1402 1403 7ff704c261f5-7ff704c26241 call 7ff704c1a954 call 7ff704c25918 call 7ff704c25920 call 7ff704c25988 1395->1403 1402->1403 1408 7ff704c25fe2-7ff704c25fec 1402->1408 1430 7ff704c26247-7ff704c26252 call 7ff704c25928 1403->1430 1431 7ff704c2637f-7ff704c263ed call 7ff704c1a954 call 7ff704c21908 1403->1431 1410 7ff704c2600e-7ff704c26012 1408->1410 1411 7ff704c25fee-7ff704c25ff1 1408->1411 1414 7ff704c26015-7ff704c2601d 1410->1414 1413 7ff704c25ff4-7ff704c25fff 1411->1413 1416 7ff704c2600a-7ff704c2600c 1413->1416 1417 7ff704c26001-7ff704c26008 1413->1417 1414->1414 1418 7ff704c2601f-7ff704c26032 call 7ff704c1d8d4 1414->1418 1416->1410 1420 7ff704c2603b-7ff704c26049 1416->1420 1417->1413 1417->1416 1425 7ff704c2604a-7ff704c26056 call 7ff704c1a574 1418->1425 1426 7ff704c26034-7ff704c26036 call 7ff704c1a574 1418->1426 1437 7ff704c2605d-7ff704c26065 1425->1437 1426->1420 1430->1431 1438 7ff704c26258-7ff704c26263 call 7ff704c25958 1430->1438 1448 7ff704c263fb-7ff704c263fe 1431->1448 1449 7ff704c263ef-7ff704c263f6 1431->1449 1437->1437 1440 7ff704c26067-7ff704c26078 call 7ff704c20804 1437->1440 1438->1431 1447 7ff704c26269-7ff704c2628c call 7ff704c1a574 GetTimeZoneInformation 1438->1447 1440->1403 1450 7ff704c2607e-7ff704c260d4 call 7ff704c2a860 * 4 call 7ff704c25eac 1440->1450 1463 7ff704c26292-7ff704c262b3 1447->1463 1464 7ff704c26354-7ff704c2637e call 7ff704c25910 call 7ff704c25900 call 7ff704c25908 1447->1464 1451 7ff704c26400 1448->1451 1452 7ff704c26435-7ff704c26448 call 7ff704c1d8d4 1448->1452 1454 7ff704c2648b-7ff704c2648e 1449->1454 1508 7ff704c260d6-7ff704c260da 1450->1508 1456 7ff704c26403 1451->1456 1474 7ff704c2644a 1452->1474 1475 7ff704c26453-7ff704c2646e call 7ff704c21908 1452->1475 1454->1456 1460 7ff704c26494-7ff704c2649c call 7ff704c25f90 1454->1460 1461 7ff704c26408-7ff704c26434 call 7ff704c1a574 call 7ff704c0ac60 1456->1461 1462 7ff704c26403 call 7ff704c2620c 1456->1462 1460->1461 1462->1461 1469 7ff704c262be-7ff704c262c5 1463->1469 1470 7ff704c262b5-7ff704c262bb 1463->1470 1477 7ff704c262c7-7ff704c262cf 1469->1477 1478 7ff704c262d9 1469->1478 1470->1469 1482 7ff704c2644c-7ff704c26451 call 7ff704c1a574 1474->1482 1491 7ff704c26470-7ff704c26473 1475->1491 1492 7ff704c26475-7ff704c26487 call 7ff704c1a574 1475->1492 1477->1478 1484 7ff704c262d1-7ff704c262d7 1477->1484 1488 7ff704c262db-7ff704c2634f call 7ff704c2a860 * 4 call 7ff704c22eec call 7ff704c264a4 * 2 1478->1488 1482->1451 1484->1488 1488->1464 1491->1482 1492->1454 1510 7ff704c260dc 1508->1510 1511 7ff704c260e0-7ff704c260e4 1508->1511 1510->1511 1511->1508 1513 7ff704c260e6-7ff704c2610b call 7ff704c16c28 1511->1513 1519 7ff704c2610e-7ff704c26112 1513->1519 1521 7ff704c26121-7ff704c26125 1519->1521 1522 7ff704c26114-7ff704c2611f 1519->1522 1521->1519 1522->1521 1524 7ff704c26127-7ff704c2612b 1522->1524 1526 7ff704c261ac-7ff704c261b0 1524->1526 1527 7ff704c2612d-7ff704c26155 call 7ff704c16c28 1524->1527 1528 7ff704c261b7-7ff704c261c4 1526->1528 1529 7ff704c261b2-7ff704c261b4 1526->1529 1534 7ff704c26157 1527->1534 1535 7ff704c26173-7ff704c26177 1527->1535 1531 7ff704c261df-7ff704c261ee call 7ff704c25910 call 7ff704c25900 1528->1531 1532 7ff704c261c6-7ff704c261dc call 7ff704c25eac 1528->1532 1529->1528 1531->1403 1532->1531 1538 7ff704c2615a-7ff704c26161 1534->1538 1535->1526 1540 7ff704c26179-7ff704c26197 call 7ff704c16c28 1535->1540 1538->1535 1542 7ff704c26163-7ff704c26171 1538->1542 1547 7ff704c261a3-7ff704c261aa 1540->1547 1542->1535 1542->1538 1547->1526 1548 7ff704c26199-7ff704c2619d 1547->1548 1548->1526 1549 7ff704c2619f 1548->1549 1549->1547
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF704C25FD5
                                                                  • Part of subcall function 00007FF704C25928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2593C
                                                                  • Part of subcall function 00007FF704C1A574: HeapFree.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                  • Part of subcall function 00007FF704C1A954: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF704C1A933,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1A95D
                                                                  • Part of subcall function 00007FF704C1A954: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF704C1A933,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1A982
                                                                • _get_daylight.LIBCMT ref: 00007FF704C25FC4
                                                                  • Part of subcall function 00007FF704C25988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2599C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2623A
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2624B
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2625C
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF704C2649C), ref: 00007FF704C26283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 4070488512-239921721
                                                                • Opcode ID: 9283cef0635022cc07389bf1168982caad64e3fafe3433b06e29da1bda549ea4
                                                                • Instruction ID: 65af95a1366c700a9e708e71c6e02f54ce418ef745a7001a2b88b31cf2711f07
                                                                • Opcode Fuzzy Hash: 9283cef0635022cc07389bf1168982caad64e3fafe3433b06e29da1bda549ea4
                                                                • Instruction Fuzzy Hash: D7D1A036B0825266EB20BF27DEC01BBA661EF85B94FC44137EA4D47696DF7CE4418360
                                                                Function 00007FF704C26CF4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction ID: 31a0e1646a91cee4dbd6c6ba70daa49343d73c5be5c976afeb45ee01ca236230
                                                                • Opcode Fuzzy Hash: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction Fuzzy Hash: 40C1D232B28A4195EB10EFAAC9C16AE7771FB49B98F800236DB1E57394CF78D451C320
                                                                Function 00007FF704C2620C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2623A
                                                                  • Part of subcall function 00007FF704C25988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2599C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2624B
                                                                  • Part of subcall function 00007FF704C25928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2593C
                                                                • _get_daylight.LIBCMT ref: 00007FF704C2625C
                                                                  • Part of subcall function 00007FF704C25958: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C2596C
                                                                  • Part of subcall function 00007FF704C1A574: HeapFree.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF704C2649C), ref: 00007FF704C26283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 3458911817-239921721
                                                                • Opcode ID: c4d5097cd75f94c8fd8ae5c0a6db21b68cc710d0165bcf2bafe064b9ca7a5653
                                                                • Instruction ID: 785f695de49388f913efb0bc78b5f83631968ce7676923c21df1bc28d47e3279
                                                                • Opcode Fuzzy Hash: c4d5097cd75f94c8fd8ae5c0a6db21b68cc710d0165bcf2bafe064b9ca7a5653
                                                                • Instruction Fuzzy Hash: 80513D32B18652A6E720FF23DEC01BBA661BF88794F844137EA4D43695DF7CE4418760
                                                                Function 00007FF704C07990 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction ID: f675d72df6830113387fc1b3234c6aea036cfccb402dab855e03f476c7b4d48e
                                                                • Opcode Fuzzy Hash: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction Fuzzy Hash: C6F0A422A1964586F7609F65B8C936BA350BF84324F800336EAAD426D4CF3CE0098A00
                                                                Function 00007FF704C01000 Relevance: 40.6, APIs: 1, Strings: 22, Instructions: 364COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 687 7ff704c01000-7ff704c026f6 call 7ff704c0af60 call 7ff704c151b0 call 7ff704c154d0 call 7ff704c025a0 697 7ff704c02704-7ff704c02726 call 7ff704c018d0 687->697 698 7ff704c026f8-7ff704c026ff 687->698 704 7ff704c02836-7ff704c0284c call 7ff704c031c0 697->704 705 7ff704c0272c-7ff704c02743 call 7ff704c01bd0 697->705 699 7ff704c02a5e-7ff704c02a79 call 7ff704c0ac60 698->699 710 7ff704c02885-7ff704c0289a call 7ff704c01df0 704->710 711 7ff704c0284e-7ff704c0287b call 7ff704c06920 704->711 709 7ff704c02748-7ff704c0278c 705->709 712 7ff704c02792-7ff704c0279a 709->712 713 7ff704c02981-7ff704c02992 709->713 732 7ff704c02a56 710->732 728 7ff704c0289f-7ff704c028be call 7ff704c01bd0 711->728 729 7ff704c0287d-7ff704c02880 call 7ff704c0e6f4 711->729 718 7ff704c027a0-7ff704c027a4 712->718 715 7ff704c02994-7ff704c02999 call 7ff704c076e0 713->715 716 7ff704c0299b-7ff704c0299d 713->716 723 7ff704c029a4-7ff704c029b6 call 7ff704c070f0 715->723 716->723 724 7ff704c0299f call 7ff704c07850 716->724 719 7ff704c0295e-7ff704c02973 call 7ff704c018c0 718->719 720 7ff704c027aa-7ff704c027c2 call 7ff704c15450 718->720 719->718 739 7ff704c02979 719->739 740 7ff704c027c4-7ff704c027c8 720->740 741 7ff704c027cf-7ff704c027e7 call 7ff704c15450 720->741 743 7ff704c029dd-7ff704c029ec 723->743 744 7ff704c029b8-7ff704c029be 723->744 724->723 748 7ff704c028c1-7ff704c028ca 728->748 729->710 732->699 739->713 740->741 758 7ff704c027f4-7ff704c0280c call 7ff704c15450 741->758 759 7ff704c027e9-7ff704c027ed 741->759 745 7ff704c02ab3-7ff704c02ad2 call 7ff704c030e0 743->745 746 7ff704c029f2-7ff704c02a10 call 7ff704c070f0 call 7ff704c07260 743->746 749 7ff704c029c0-7ff704c029c8 744->749 750 7ff704c029ca-7ff704c029d8 call 7ff704c14ecc 744->750 762 7ff704c02ad4-7ff704c02ade call 7ff704c03230 745->762 763 7ff704c02ae0-7ff704c02af1 call 7ff704c01bd0 745->763 774 7ff704c02a84-7ff704c02a93 call 7ff704c07730 746->774 775 7ff704c02a12-7ff704c02a15 746->775 748->748 754 7ff704c028cc-7ff704c028e9 call 7ff704c018d0 748->754 749->750 750->743 754->709 766 7ff704c028ef-7ff704c02900 call 7ff704c01df0 754->766 758->719 776 7ff704c02812-7ff704c02824 call 7ff704c15510 758->776 759->758 773 7ff704c02af6-7ff704c02b10 call 7ff704c07aa0 762->773 763->773 766->732 786 7ff704c02b12-7ff704c02b19 773->786 787 7ff704c02b1e-7ff704c02b30 SetDllDirectoryW 773->787 788 7ff704c02a95-7ff704c02a9c 774->788 789 7ff704c02a9e-7ff704c02aa8 call 7ff704c06f20 774->789 775->774 780 7ff704c02a17-7ff704c02a3e call 7ff704c01bd0 775->780 791 7ff704c02905-7ff704c02917 call 7ff704c15510 776->791 792 7ff704c0282a-7ff704c02831 776->792 798 7ff704c02a40 780->798 799 7ff704c02a7a-7ff704c02a82 call 7ff704c14ecc 780->799 794 7ff704c02a47 call 7ff704c01df0 786->794 795 7ff704c02b32-7ff704c02b39 787->795 796 7ff704c02b3f-7ff704c02b5b call 7ff704c057e0 call 7ff704c05d80 787->796 788->794 789->773 811 7ff704c02aaa-7ff704c02ab1 789->811 807 7ff704c02922-7ff704c02934 call 7ff704c15510 791->807 808 7ff704c02919-7ff704c02920 791->808 792->719 812 7ff704c02a4c-7ff704c02a4e 794->812 795->796 802 7ff704c02cad-7ff704c02cb6 795->802 824 7ff704c02bb6-7ff704c02bb9 call 7ff704c05790 796->824 825 7ff704c02b5d-7ff704c02b63 796->825 798->794 799->773 809 7ff704c02cbf-7ff704c02cc1 802->809 810 7ff704c02cb8-7ff704c02cbd call 7ff704c076e0 802->810 827 7ff704c02936-7ff704c0293d 807->827 828 7ff704c0293f-7ff704c02958 call 7ff704c15510 807->828 808->719 814 7ff704c02cc3 call 7ff704c07850 809->814 815 7ff704c02cc8-7ff704c02cdd call 7ff704c02590 call 7ff704c02240 call 7ff704c02560 809->815 810->815 811->794 812->732 814->815 847 7ff704c02ce2-7ff704c02cfa call 7ff704c05a00 call 7ff704c05790 815->847 835 7ff704c02bbe-7ff704c02bc5 824->835 829 7ff704c02b65-7ff704c02b72 call 7ff704c05820 825->829 830 7ff704c02b7d-7ff704c02b87 call 7ff704c05bf0 825->830 827->719 828->719 829->830 843 7ff704c02b74-7ff704c02b7b 829->843 845 7ff704c02b92-7ff704c02ba0 call 7ff704c05f50 830->845 846 7ff704c02b89-7ff704c02b90 830->846 835->802 840 7ff704c02bcb-7ff704c02bd5 call 7ff704c022a0 835->840 840->812 852 7ff704c02bdb-7ff704c02bf0 call 7ff704c076c0 840->852 848 7ff704c02ba9-7ff704c02bb1 call 7ff704c01df0 call 7ff704c05a00 843->848 845->835 859 7ff704c02ba2 845->859 846->848 848->824 863 7ff704c02bf2-7ff704c02bf7 call 7ff704c076e0 852->863 864 7ff704c02bf9-7ff704c02bfb 852->864 859->848 866 7ff704c02c02-7ff704c02c45 call 7ff704c07200 call 7ff704c072a0 call 7ff704c05a00 call 7ff704c05790 call 7ff704c071a0 863->866 864->866 867 7ff704c02bfd call 7ff704c07850 864->867 880 7ff704c02c9a-7ff704c02ca8 call 7ff704c01880 866->880 881 7ff704c02c47-7ff704c02c5d call 7ff704c074d0 call 7ff704c071a0 866->881 867->866 880->812 881->880 888 7ff704c02c5f-7ff704c02c6d 881->888 889 7ff704c02c6f-7ff704c02c89 call 7ff704c01df0 call 7ff704c01880 888->889 890 7ff704c02c8e-7ff704c02c95 call 7ff704c01df0 888->890 889->812 890->880
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-560148345
                                                                • Opcode ID: 5b9f2159181f1a082f2b4a06aaaaad3f846118e4fc8bd23205721ca5f8ba40d2
                                                                • Instruction ID: 6d7140bd124989d4c9f00c0aa9b61005717467e968c8d020ff08a1754148462b
                                                                • Opcode Fuzzy Hash: 5b9f2159181f1a082f2b4a06aaaaad3f846118e4fc8bd23205721ca5f8ba40d2
                                                                • Instruction Fuzzy Hash: CE024921A08682B1EA25FF26DDDC2BBA355AF54784FC40073DA4D862D6EF6CE945C370
                                                                Function 00007FFDFF2414BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 896 7ffdff2414bf-7ffdff29e734 call 7ffdff241325 * 2 903 7ffdff29ea8a-7ffdff29eaa4 896->903 904 7ffdff29e73a-7ffdff29e751 ERR_clear_error SetLastError 896->904 905 7ffdff29e761-7ffdff29e768 904->905 906 7ffdff29e753-7ffdff29e75a 904->906 907 7ffdff29e776-7ffdff29e780 905->907 908 7ffdff29e76a-7ffdff29e76e 905->908 906->905 909 7ffdff29e792-7ffdff29e797 907->909 910 7ffdff29e782-7ffdff29e78c call 7ffdff24192e 907->910 908->909 911 7ffdff29e770-7ffdff29e774 908->911 913 7ffdff29e799-7ffdff29e79c 909->913 914 7ffdff29e7a3 909->914 910->903 910->909 911->907 911->909 916 7ffdff29e7a7-7ffdff29e7ae 913->916 917 7ffdff29e79e 913->917 914->916 918 7ffdff29e7b0-7ffdff29e7b7 916->918 919 7ffdff29e7f1-7ffdff29e806 916->919 920 7ffdff29e993 917->920 921 7ffdff29e7b9-7ffdff29e7c0 918->921 922 7ffdff29e7e3-7ffdff29e7eb 918->922 924 7ffdff29e855-7ffdff29e85f 919->924 925 7ffdff29e808-7ffdff29e812 919->925 923 7ffdff29e997-7ffdff29e99a 920->923 921->922 928 7ffdff29e7c2-7ffdff29e7d1 921->928 922->919 929 7ffdff29e9b9-7ffdff29e9bc 923->929 930 7ffdff29e99c-7ffdff29e99f call 7ffdff29e240 923->930 926 7ffdff29e86d-7ffdff29e883 call 7ffdff2420c7 924->926 927 7ffdff29e861-7ffdff29e86b ERR_new 924->927 925->926 931 7ffdff29e814-7ffdff29e817 925->931 949 7ffdff29e885-7ffdff29e88f ERR_new 926->949 950 7ffdff29e891-7ffdff29e898 926->950 932 7ffdff29e82a-7ffdff29e850 ERR_set_debug call 7ffdff241d89 927->932 928->922 934 7ffdff29e7d3-7ffdff29e7da 928->934 936 7ffdff29e9f5-7ffdff29e9f9 929->936 937 7ffdff29e9be-7ffdff29e9c1 call 7ffdff29ec70 929->937 946 7ffdff29e9a4-7ffdff29e9a7 930->946 938 7ffdff29e819-7ffdff29e81e 931->938 939 7ffdff29e820-7ffdff29e825 ERR_new 931->939 957 7ffdff29ea63-7ffdff29ea71 BUF_MEM_free 932->957 934->922 945 7ffdff29e7dc-7ffdff29e7e1 934->945 943 7ffdff29e9fb-7ffdff29e9fe 936->943 944 7ffdff29ea00-7ffdff29ea2d ERR_new ERR_set_debug call 7ffdff241d89 936->944 947 7ffdff29e9c6-7ffdff29e9c9 937->947 938->926 938->939 939->932 943->944 951 7ffdff29ea32-7ffdff29ea5b ERR_new ERR_set_debug ERR_set_error 943->951 944->951 945->919 945->922 953 7ffdff29e9ad-7ffdff29e9b7 946->953 954 7ffdff29ea60 946->954 955 7ffdff29e9d8-7ffdff29e9db 947->955 956 7ffdff29e9cb-7ffdff29e9d6 947->956 949->932 958 7ffdff29e89a-7ffdff29e8a5 call 7ffdff2bcc43 950->958 959 7ffdff29e8de-7ffdff29e8e8 call 7ffdff242077 950->959 951->954 960 7ffdff29e9e8-7ffdff29e9ee 953->960 954->957 955->954 962 7ffdff29e9e1 955->962 956->960 957->903 961 7ffdff29ea73-7ffdff29ea81 957->961 972 7ffdff29e8b6-7ffdff29e8c6 call 7ffdff2bc175 958->972 973 7ffdff29e8a7-7ffdff29e8b1 ERR_new 958->973 970 7ffdff29e8ea-7ffdff29e8ef ERR_new 959->970 971 7ffdff29e91f-7ffdff29e937 call 7ffdff241ff0 959->971 960->923 965 7ffdff29e9f0-7ffdff29e9f3 960->965 966 7ffdff29ea88 961->966 967 7ffdff29ea83 961->967 962->960 965->954 966->903 967->966 975 7ffdff29e8f4-7ffdff29e91a ERR_set_debug call 7ffdff241d89 970->975 983 7ffdff29e945-7ffdff29e949 971->983 984 7ffdff29e939-7ffdff29e943 ERR_new 971->984 980 7ffdff29e8c8-7ffdff29e8d2 ERR_new 972->980 981 7ffdff29e8d7 972->981 973->932 975->954 980->932 981->959 985 7ffdff29e94b-7ffdff29e94f 983->985 986 7ffdff29e951-7ffdff29e958 983->986 984->975 985->986 987 7ffdff29e95a-7ffdff29e967 call 7ffdff24186b 985->987 986->987 988 7ffdff29e986-7ffdff29e98e 986->988 987->957 991 7ffdff29e96d-7ffdff29e974 987->991 988->920 992 7ffdff29e976-7ffdff29e97d 991->992 993 7ffdff29e97f 991->993 992->988 992->993 993->988
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                • API String ID: 1370845099-1722249466
                                                                • Opcode ID: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                • Instruction ID: ec64abce0b5ec4b9e9c7b2a4e6245847d03c5d5a791b8a19296fb9017bc2abed
                                                                • Opcode Fuzzy Hash: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                • Instruction Fuzzy Hash: B1A18D71B08A4285F7B49B25C4A1BBC2395EF41B48F544635DA3DC76EECE3CE8819362
                                                                Function 00007FFDFF1A2470 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 124threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 994 7ffdff1a2470-7ffdff1a249a _PyArg_ParseTuple_SizeT 995 7ffdff1a2660-7ffdff1a2673 call 7ffdff1e80d0 994->995 996 7ffdff1a24a0-7ffdff1a24b2 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 994->996 996->995 997 7ffdff1a24b8-7ffdff1a24f6 PyEval_SaveThread GetActiveObject PyEval_RestoreThread 996->997 999 7ffdff1a24fc-7ffdff1a2501 997->999 1000 7ffdff1a264e-7ffdff1a265e call 7ffdff194c20 997->1000 999->1000 1002 7ffdff1a2507-7ffdff1a2549 PyEval_SaveThread PyEval_RestoreThread 999->1002 1006 7ffdff1a261b-7ffdff1a263b call 7ffdff1e80d0 1000->1006 1010 7ffdff1a263c-7ffdff1a264c call 7ffdff194c20 1002->1010 1011 7ffdff1a254f-7ffdff1a2557 1002->1011 1017 7ffdff1a2616 1010->1017 1011->1010 1013 7ffdff1a255d-7ffdff1a2570 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1011->1013 1015 7ffdff1a25b6-7ffdff1a25d1 PyEval_SaveThread PyEval_RestoreThread 1013->1015 1016 7ffdff1a2572-7ffdff1a2589 PyDict_GetItem 1013->1016 1024 7ffdff1a2613 1015->1024 1018 7ffdff1a258b-7ffdff1a258e _Py_Dealloc 1016->1018 1019 7ffdff1a2594-7ffdff1a2597 1016->1019 1017->1006 1018->1019 1020 7ffdff1a2599-7ffdff1a259f PyErr_Clear 1019->1020 1021 7ffdff1a25d3-7ffdff1a25e5 PyObject_IsSubclass 1019->1021 1023 7ffdff1a25a6-7ffdff1a25b0 PyErr_SetString 1020->1023 1025 7ffdff1a25e7-7ffdff1a25ee 1021->1025 1026 7ffdff1a25f0-7ffdff1a25fa 1021->1026 1023->1015 1024->1017 1025->1023 1027 7ffdff1a2605-7ffdff1a260d 1026->1027 1028 7ffdff1a25fc-7ffdff1a2603 1026->1028 1027->1024 1030 7ffdff1a260f 1027->1030 1028->1023 1030->1024
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Object_RestoreSave$D@@@Err_U_object@@$ActiveArg_ClearDeallocDict_FromItemObjectParseSizeStringSubclassTuple_
                                                                • String ID: O:Connect$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 410269690-685158464
                                                                • Opcode ID: 1581abbdc9368cb53ca9b8155d00578985b163e8240f86c18158bb9178c51a77
                                                                • Instruction ID: 32819cfd4b74df52de298eeecec2b435952f7a91be596bdec748c39140193c87
                                                                • Opcode Fuzzy Hash: 1581abbdc9368cb53ca9b8155d00578985b163e8240f86c18158bb9178c51a77
                                                                • Instruction Fuzzy Hash: BA512B63F09B8682EB149F16E82096963A1FF88B84F445236DA7E477ACDF7CE505C700
                                                                Function 00007FFDFF19BC20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 127threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemObject_ParseSizeTuple_U_object@@
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|ii:GetTypeInfo
                                                                • API String ID: 325624285-1333789200
                                                                • Opcode ID: f79160b0f154616c7bfcad535e3b9de0c0f10090d1133959e3e16eeb956b5fc5
                                                                • Instruction ID: 537a32c17c9fdc3e43f1b9d8fb6d249eb5073ac7da01fe8dd161fd71225c2a8c
                                                                • Opcode Fuzzy Hash: f79160b0f154616c7bfcad535e3b9de0c0f10090d1133959e3e16eeb956b5fc5
                                                                • Instruction Fuzzy Hash: 7E513B67F08A4682EB649F16F9609A963A0BB84B84F444236DE7E077ACDF3CE545C740
                                                                Function 00007FFDFF241C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                • API String ID: 2779586248-3767186838
                                                                • Opcode ID: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                • Instruction ID: 7c793b55bafed5d2d524144eb779d0a2ce88ce00706d122bacfccf3b73aed570
                                                                • Opcode Fuzzy Hash: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                • Instruction Fuzzy Hash: B1519E62B1964286E750DB29D461BBD23A0EB85F84F544231EE3DCB7DECF2CE9818700
                                                                Function 00007FFDFF2414F1 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 211COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1102 7ffdff2414f1-7ffdff287714 call 7ffdff241325 1106 7ffdff2877d3 1102->1106 1107 7ffdff28771a-7ffdff287722 1102->1107 1108 7ffdff2877d5-7ffdff2877f1 1106->1108 1109 7ffdff287724-7ffdff28772b call 7ffdff241852 1107->1109 1110 7ffdff287731-7ffdff287754 1107->1110 1109->1110 1122 7ffdff28786d-7ffdff287872 1109->1122 1112 7ffdff28777a-7ffdff28778f 1110->1112 1113 7ffdff287756-7ffdff287759 1110->1113 1114 7ffdff287791-7ffdff287796 1112->1114 1115 7ffdff2877b6-7ffdff2877c7 1112->1115 1117 7ffdff287762-7ffdff287773 1113->1117 1118 7ffdff28775b 1113->1118 1114->1115 1119 7ffdff287798-7ffdff2877af memmove 1114->1119 1120 7ffdff2877fc-7ffdff2877ff 1115->1120 1121 7ffdff2877c9-7ffdff2877cc 1115->1121 1117->1112 1118->1117 1119->1115 1125 7ffdff287801-7ffdff287826 1120->1125 1126 7ffdff287828-7ffdff287839 1120->1126 1123 7ffdff2877f2-7ffdff2877f5 1121->1123 1124 7ffdff2877ce-7ffdff2877d1 1121->1124 1122->1108 1123->1125 1127 7ffdff2877f7-7ffdff2877fa 1123->1127 1124->1106 1124->1120 1125->1108 1128 7ffdff28783b-7ffdff287868 ERR_new ERR_set_debug call 7ffdff241d89 1126->1128 1129 7ffdff287877-7ffdff28787e 1126->1129 1127->1125 1128->1122 1130 7ffdff287880-7ffdff287882 1129->1130 1131 7ffdff287889-7ffdff28788c 1129->1131 1130->1131 1133 7ffdff287884-7ffdff287887 1130->1133 1134 7ffdff287893-7ffdff28789a 1131->1134 1135 7ffdff28788e-7ffdff287891 1131->1135 1136 7ffdff2878a0-7ffdff2878af SetLastError 1133->1136 1134->1136 1135->1136 1137 7ffdff2879c0-7ffdff2879f2 ERR_new ERR_set_debug call 7ffdff241d89 1136->1137 1138 7ffdff2878b5-7ffdff2878e1 BIO_read 1136->1138 1148 7ffdff2879f7-7ffdff287a05 1137->1148 1139 7ffdff2878e3-7ffdff2878f1 BIO_test_flags 1138->1139 1140 7ffdff287911-7ffdff287923 1138->1140 1142 7ffdff2878f3-7ffdff287907 BIO_ctrl 1139->1142 1143 7ffdff287909-7ffdff28790b 1139->1143 1145 7ffdff28792a-7ffdff28792d 1140->1145 1146 7ffdff287925-7ffdff287928 1140->1146 1142->1143 1147 7ffdff287935-7ffdff28793c 1142->1147 1143->1140 1143->1148 1145->1136 1150 7ffdff287933 1145->1150 1146->1145 1149 7ffdff28798c 1146->1149 1151 7ffdff28793e-7ffdff287953 call 7ffdff241c49 1147->1151 1152 7ffdff287958-7ffdff28798a ERR_new ERR_set_debug call 7ffdff241d89 1147->1152 1154 7ffdff287a29-7ffdff287a2b 1148->1154 1155 7ffdff287a07-7ffdff287a16 1148->1155 1153 7ffdff28798f-7ffdff2879bb 1149->1153 1150->1153 1151->1148 1152->1148 1153->1108 1154->1108 1155->1154 1158 7ffdff287a18-7ffdff287a1f 1155->1158 1158->1154 1161 7ffdff287a21-7ffdff287a24 call 7ffdff241988 1158->1161 1161->1154
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flagsmemmove
                                                                • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                • API String ID: 3874383451-4226281315
                                                                • Opcode ID: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                • Instruction ID: d9d1d481deac0ca252c77ea4d5c378eda9d082bcc75a03d9a94a1752e60e6736
                                                                • Opcode Fuzzy Hash: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                • Instruction Fuzzy Hash: D5917C22B5968282FB519F29D464BBD2790EB44B98F548632DE7CC7ACDDF38E445C301
                                                                Function 00007FF704C018D0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1163 7ff704c018d0-7ff704c0190b call 7ff704c031c0 1166 7ff704c01ba1-7ff704c01bc5 call 7ff704c0ac60 1163->1166 1167 7ff704c01911-7ff704c01951 call 7ff704c06920 1163->1167 1172 7ff704c01b8e-7ff704c01b91 call 7ff704c0e6f4 1167->1172 1173 7ff704c01957-7ff704c01967 call 7ff704c0ed7c 1167->1173 1177 7ff704c01b96-7ff704c01b9e 1172->1177 1178 7ff704c01981-7ff704c0199d call 7ff704c0ea44 1173->1178 1179 7ff704c01969-7ff704c0197c call 7ff704c01db0 1173->1179 1177->1166 1184 7ff704c0199f-7ff704c019b2 call 7ff704c01db0 1178->1184 1185 7ff704c019b7-7ff704c019cc call 7ff704c14ec4 1178->1185 1179->1172 1184->1172 1190 7ff704c019e6-7ff704c01a67 call 7ff704c01bd0 * 2 call 7ff704c0ed7c 1185->1190 1191 7ff704c019ce-7ff704c019e1 call 7ff704c01db0 1185->1191 1199 7ff704c01a6c-7ff704c01a7f call 7ff704c14ee0 1190->1199 1191->1172 1202 7ff704c01a81-7ff704c01a94 call 7ff704c01db0 1199->1202 1203 7ff704c01a99-7ff704c01ab2 call 7ff704c0ea44 1199->1203 1202->1172 1208 7ff704c01ab4-7ff704c01ac7 call 7ff704c01db0 1203->1208 1209 7ff704c01acc-7ff704c01ae8 call 7ff704c0e7b8 1203->1209 1208->1172 1214 7ff704c01afb-7ff704c01b09 1209->1214 1215 7ff704c01aea-7ff704c01af6 call 7ff704c01df0 1209->1215 1214->1172 1216 7ff704c01b0f-7ff704c01b1e 1214->1216 1215->1172 1218 7ff704c01b20-7ff704c01b26 1216->1218 1220 7ff704c01b40-7ff704c01b4f 1218->1220 1221 7ff704c01b28-7ff704c01b35 1218->1221 1220->1220 1222 7ff704c01b51-7ff704c01b5a 1220->1222 1221->1222 1223 7ff704c01b6f 1222->1223 1224 7ff704c01b5c-7ff704c01b5f 1222->1224 1226 7ff704c01b71-7ff704c01b8c 1223->1226 1224->1223 1225 7ff704c01b61-7ff704c01b64 1224->1225 1225->1223 1227 7ff704c01b66-7ff704c01b69 1225->1227 1226->1172 1226->1218 1227->1223 1228 7ff704c01b6b-7ff704c01b6d 1227->1228 1228->1226
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 840049012-3497178890
                                                                • Opcode ID: 7cb393bcd3f604cbe177e27fb7169ce782aa35a6575844f65ba791aff1f36e39
                                                                • Instruction ID: a49764e2f35fab0d6dc1021aa1567f43391db36971256e7cb91da49aa1e9d990
                                                                • Opcode Fuzzy Hash: 7cb393bcd3f604cbe177e27fb7169ce782aa35a6575844f65ba791aff1f36e39
                                                                • Instruction Fuzzy Hash: A171B971A08682A5EB50FF16D9D43BBE351EF44780F884037E54D87755EF6DE1448760
                                                                Function 00007FFDFF29E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1229 7ffdff29e240-7ffdff29e271 call 7ffdff241325 1232 7ffdff29e281-7ffdff29e2d9 1229->1232 1233 7ffdff29e273-7ffdff29e27a 1229->1233 1234 7ffdff29e2e8-7ffdff29e2ec 1232->1234 1235 7ffdff29e2db-7ffdff29e2e5 1232->1235 1233->1232 1236 7ffdff29e2f0-7ffdff29e2f5 1234->1236 1235->1234 1237 7ffdff29e2f7-7ffdff29e2fa 1236->1237 1238 7ffdff29e334-7ffdff29e34a 1236->1238 1241 7ffdff29e300-7ffdff29e303 1237->1241 1242 7ffdff29e414-7ffdff29e42a 1237->1242 1239 7ffdff29e34c-7ffdff29e351 call 7ffdff2426a3 1238->1239 1240 7ffdff29e353 call 7ffdff24224d 1238->1240 1250 7ffdff29e358-7ffdff29e35a 1239->1250 1240->1250 1247 7ffdff29e309-7ffdff29e30f call 7ffdff241c62 1241->1247 1248 7ffdff29e500-7ffdff29e505 ERR_new 1241->1248 1245 7ffdff29e42c-7ffdff29e431 call 7ffdff2415e1 1242->1245 1246 7ffdff29e433 call 7ffdff2411c7 1242->1246 1259 7ffdff29e438-7ffdff29e43a 1245->1259 1246->1259 1258 7ffdff29e312-7ffdff29e318 1247->1258 1251 7ffdff29e50a-7ffdff29e528 ERR_set_debug 1248->1251 1254 7ffdff29e360-7ffdff29e363 1250->1254 1255 7ffdff29e5d1 1250->1255 1256 7ffdff29e5c6-7ffdff29e5cc call 7ffdff241d89 1251->1256 1262 7ffdff29e365-7ffdff29e377 1254->1262 1263 7ffdff29e381-7ffdff29e38d 1254->1263 1261 7ffdff29e5d3-7ffdff29e5ea 1255->1261 1256->1255 1258->1234 1264 7ffdff29e31a-7ffdff29e32a 1258->1264 1259->1255 1265 7ffdff29e440-7ffdff29e458 1259->1265 1268 7ffdff29e379 1262->1268 1269 7ffdff29e37e 1262->1269 1263->1255 1272 7ffdff29e393-7ffdff29e3a3 1263->1272 1264->1238 1266 7ffdff29e45e-7ffdff29e484 1265->1266 1267 7ffdff29e591-7ffdff29e59b ERR_new 1265->1267 1273 7ffdff29e576-7ffdff29e57a 1266->1273 1274 7ffdff29e48a-7ffdff29e48d 1266->1274 1267->1251 1268->1269 1269->1263 1281 7ffdff29e3a9-7ffdff29e3b7 1272->1281 1282 7ffdff29e5a0-7ffdff29e5c2 ERR_new ERR_set_debug 1272->1282 1275 7ffdff29e57c-7ffdff29e580 1273->1275 1276 7ffdff29e582-7ffdff29e58c ERR_set_debug ERR_new 1273->1276 1278 7ffdff29e557-7ffdff29e565 1274->1278 1279 7ffdff29e493-7ffdff29e496 1274->1279 1275->1255 1275->1276 1276->1256 1285 7ffdff29e567-7ffdff29e56a call 7ffdff24253b 1278->1285 1286 7ffdff29e56f-7ffdff29e574 1278->1286 1283 7ffdff29e498-7ffdff29e49b 1279->1283 1284 7ffdff29e4a0-7ffdff29e4ae 1279->1284 1287 7ffdff29e405-7ffdff29e40d 1281->1287 1288 7ffdff29e3b9-7ffdff29e3bc 1281->1288 1282->1256 1283->1236 1284->1236 1285->1286 1286->1261 1287->1242 1288->1287 1290 7ffdff29e3be-7ffdff29e3df BUF_MEM_grow_clean 1288->1290 1291 7ffdff29e3e5-7ffdff29e3e8 1290->1291 1292 7ffdff29e52d-7ffdff29e555 ERR_new ERR_set_debug 1290->1292 1291->1292 1293 7ffdff29e3ee-7ffdff29e403 1291->1293 1292->1256 1293->1287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                • API String ID: 0-3323778802
                                                                • Opcode ID: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                • Instruction ID: a5eb00fc288d5f6fc837925b0bbd012cd1efba25c0ea9f076f9cdcb378ff1147
                                                                • Opcode Fuzzy Hash: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                • Instruction Fuzzy Hash: 1F919B72B08A4686EB209B24D4B0BB92390EF41B48F944236DA3DC76DEDF7DE546D310
                                                                Function 00007FFDFF29EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1295 7ffdff29ec70-7ffdff29ec9c call 7ffdff241325 1298 7ffdff29ecac-7ffdff29ecfc 1295->1298 1299 7ffdff29ec9e-7ffdff29eca5 1295->1299 1300 7ffdff29ed00-7ffdff29ed05 1298->1300 1299->1298 1301 7ffdff29ed0b-7ffdff29ed0e 1300->1301 1302 7ffdff29ef14-7ffdff29ef17 1300->1302 1305 7ffdff29ed4a-7ffdff29ed59 1301->1305 1306 7ffdff29ed10-7ffdff29ed13 1301->1306 1303 7ffdff29ef19-7ffdff29ef2b 1302->1303 1304 7ffdff29ef34-7ffdff29ef3d 1302->1304 1307 7ffdff29ef2d 1303->1307 1308 7ffdff29ef32 1303->1308 1317 7ffdff29f005-7ffdff29f009 1304->1317 1318 7ffdff29ef43-7ffdff29ef46 1304->1318 1323 7ffdff29ed5b-7ffdff29ed65 1305->1323 1324 7ffdff29ed71-7ffdff29ed8e 1305->1324 1309 7ffdff29ed19-7ffdff29ed1c 1306->1309 1310 7ffdff29ee6b-7ffdff29ee7a 1306->1310 1307->1308 1308->1304 1312 7ffdff29eee5-7ffdff29eeeb call 7ffdff2a0672 1309->1312 1313 7ffdff29ed22-7ffdff29ed45 ERR_new ERR_set_debug 1309->1313 1314 7ffdff29ee8a-7ffdff29ee90 1310->1314 1315 7ffdff29ee7c-7ffdff29ee80 1310->1315 1333 7ffdff29eeed-7ffdff29eef3 1312->1333 1319 7ffdff29f034-7ffdff29f03e call 7ffdff241d89 1313->1319 1321 7ffdff29eeaa-7ffdff29eec1 1314->1321 1322 7ffdff29ee92-7ffdff29ee95 1314->1322 1315->1314 1320 7ffdff29ee82-7ffdff29ee85 call 7ffdff241cf8 1315->1320 1331 7ffdff29f00b-7ffdff29f00f 1317->1331 1332 7ffdff29f011-7ffdff29f016 ERR_new 1317->1332 1329 7ffdff29ef58-7ffdff29ef66 1318->1329 1330 7ffdff29ef48-7ffdff29ef4b 1318->1330 1337 7ffdff29f043 1319->1337 1320->1314 1326 7ffdff29eeca call 7ffdff241528 1321->1326 1327 7ffdff29eec3-7ffdff29eec8 call 7ffdff241294 1321->1327 1322->1321 1325 7ffdff29ee97-7ffdff29eea8 1322->1325 1323->1324 1324->1337 1343 7ffdff29ed94-7ffdff29ed9c 1324->1343 1346 7ffdff29eecf-7ffdff29eed1 1325->1346 1326->1346 1327->1346 1329->1300 1330->1300 1339 7ffdff29ef51-7ffdff29ef53 1330->1339 1331->1332 1331->1337 1340 7ffdff29f01b-7ffdff29f02e ERR_set_debug 1332->1340 1333->1300 1341 7ffdff29eef9-7ffdff29ef03 1333->1341 1345 7ffdff29f045-7ffdff29f05d 1337->1345 1339->1345 1340->1319 1341->1302 1347 7ffdff29ed9e-7ffdff29edac 1343->1347 1348 7ffdff29edb1-7ffdff29edc4 call 7ffdff241389 1343->1348 1346->1337 1349 7ffdff29eed7-7ffdff29eede 1346->1349 1347->1300 1352 7ffdff29edca-7ffdff29edeb 1348->1352 1353 7ffdff29efec-7ffdff29effb call 7ffdff241b9a ERR_new 1348->1353 1349->1312 1352->1353 1357 7ffdff29edf1-7ffdff29edfc 1352->1357 1353->1317 1358 7ffdff29edfe-7ffdff29ee0a 1357->1358 1359 7ffdff29ee32-7ffdff29ee53 1357->1359 1362 7ffdff29ef8a-7ffdff29ef98 call 7ffdff241b9a 1358->1362 1363 7ffdff29ee10-7ffdff29ee13 1358->1363 1364 7ffdff29ee59-7ffdff29ee65 call 7ffdff241140 1359->1364 1365 7ffdff29efd3-7ffdff29efe2 call 7ffdff241b9a ERR_new 1359->1365 1375 7ffdff29ef9a-7ffdff29ef9e 1362->1375 1376 7ffdff29efa4-7ffdff29efae ERR_new 1362->1376 1363->1359 1366 7ffdff29ee15-7ffdff29ee2d call 7ffdff241b9a 1363->1366 1364->1310 1364->1365 1365->1353 1366->1300 1375->1337 1375->1376 1376->1340
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug
                                                                • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                • API String ID: 193678381-552286378
                                                                • Opcode ID: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                • Instruction ID: 5a8824e1aad259ad8538751891bcf360be7b8c7ef7e271261de63df6e61260fa
                                                                • Opcode Fuzzy Hash: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                • Instruction Fuzzy Hash: 7BA1AC32B08A4281EB619B25D4A4BB933A4FB40B48F444236CA7DC36DDDF7CEA45D710
                                                                Function 00007FFDFF1B3800 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54libraryloaderthreadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: GlobalLock@@Win_$AcquireAddressCurrentHandleModuleProcReleaseThread
                                                                • String ID: CoInitializeEx$CoInitializeEx failed (0x%08lx)$ole32.dll
                                                                • API String ID: 2699693448-4213856137
                                                                • Opcode ID: bc4a16d0b63474283f8c068f30b5c81a526fc02ab831e417f010c921f8889efb
                                                                • Instruction ID: 033b6cb56e0ec92df3bee0617ce3c2c80c9d04be61bc20941fd6103538f645f4
                                                                • Opcode Fuzzy Hash: bc4a16d0b63474283f8c068f30b5c81a526fc02ab831e417f010c921f8889efb
                                                                • Instruction Fuzzy Hash: 69215122F0D703C5FB549B66A8B4A3923916F04744F944335C63DD52E8EF7EB498C606
                                                                Function 00007FF704C01420 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: 7bad9d630a6791fd8136233bddc4ab7b90314107382c6a2c795c6689d240ecac
                                                                • Instruction ID: b5b40b1fec520bf9e030a314648f306c239ae69f2ea333fbb89e5bd28f346293
                                                                • Opcode Fuzzy Hash: 7bad9d630a6791fd8136233bddc4ab7b90314107382c6a2c795c6689d240ecac
                                                                • Instruction Fuzzy Hash: 28419121A08642A2EA24BF57ED841BBE3A0EF04B90FC84033DE4E47A95EF7DE5418710
                                                                Function 00007FF704C011D0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2050909247-2813020118
                                                                • Opcode ID: c0e8d667666856315656cad8798b67ead8ce5e68d30eed28dd7e4a4019a64699
                                                                • Instruction ID: 5fc32fee21507786c731fad709839d9b97307365c505fe1fb88fbbf422512c72
                                                                • Opcode Fuzzy Hash: c0e8d667666856315656cad8798b67ead8ce5e68d30eed28dd7e4a4019a64699
                                                                • Instruction Fuzzy Hash: BD51C162A08642A1EA60BF17ECC43BBE291BF84794F884136ED4D87BD5EF3DE5058710
                                                                Function 00007FF704C1BB60 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: f4d4eaa9f9719d9b01c1f0ada3a05cdcadf9cc5c0cd80aa5858acc27961052ac
                                                                • Instruction ID: 8c568419ea73f87d2157057752a46312b9bc6113f20ad45a1f6ccb21f99ff268
                                                                • Opcode Fuzzy Hash: f4d4eaa9f9719d9b01c1f0ada3a05cdcadf9cc5c0cd80aa5858acc27961052ac
                                                                • Instruction Fuzzy Hash: 0CC18722A0868661E6506F1798C02BFB771EF82780FD54136DA4E077A5EF7CFC558B20
                                                                Function 00007FFDFF2B0710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug
                                                                • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                • API String ID: 193678381-2714770296
                                                                • Opcode ID: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                • Instruction ID: 213071664139d40cf487b89fcdc929cf263c06e2103b7a209abedd580a53f0ac
                                                                • Opcode Fuzzy Hash: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                • Instruction Fuzzy Hash: A8616E32B0878289EB61CF25D460BA937A0FB45B48F088236DFADC6799DF38D555C710
                                                                Function 00007FFDFF25FAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                • API String ID: 2134390360-2964568172
                                                                • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                • Instruction ID: 9f3809ca8a24eb8a9661e30e73da66aca8250d1556308f4cd2b4e82d4df1550b
                                                                • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                • Instruction Fuzzy Hash: 08218122B1874682E7409B35E461AAD6361EF89784F584331EE7DD66CEDF2CE6518600
                                                                Function 00007FF704C025A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF704C026F4), ref: 00007FF704C025D1
                                                                  • Part of subcall function 00007FF704C01ED0: GetLastError.KERNEL32 ref: 00007FF704C01EEC
                                                                  • Part of subcall function 00007FF704C01ED0: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF704C025EE,?,00007FF704C026F4), ref: 00007FF704C01F56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFormatLastMessageModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 1234058594-2863816727
                                                                • Opcode ID: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction ID: 0bbb8e0ea05ac53d1108619ea8cedddd94a14a24f23dd8972d41b65212c4d2b8
                                                                • Opcode Fuzzy Hash: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction Fuzzy Hash: 32215361B18642A1FA20BF26DC9D3BBA251BF58394FC00237E55EC65E5EF6CE5048720
                                                                Function 00007FF704C1D070 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C1D05B), ref: 00007FF704C1D18C
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C1D05B), ref: 00007FF704C1D217
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction ID: 101c98756ce4233f92a89d0adcdbc4b5eb5e7b7c4e3dab7bafdf8d37bf60ce1d
                                                                • Opcode Fuzzy Hash: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction Fuzzy Hash: 5791A572A18651A5F750AF6698C027EABB0AF46788F94413ADE0F577A4CF7CE442C720
                                                                Function 00007FF704C1FD1C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_isindst
                                                                • String ID:
                                                                • API String ID: 4170891091-0
                                                                • Opcode ID: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction ID: e5dbe38f9afca3335b35fccf10a12fe86afc1411b6bdbd4bec67c38100005161
                                                                • Opcode Fuzzy Hash: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction Fuzzy Hash: 9C51E772F0411256EB14EF25DDD56BEA7B16F46358F90013BDD1E52BE5DB38E402C610
                                                                Function 00007FF704C15848 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                • String ID:
                                                                • API String ID: 2780335769-0
                                                                • Opcode ID: 1fe8b629e13490cc55bf597282d2ffe94226c1235e63fb07a40727d64ec3cf1e
                                                                • Instruction ID: d01b7a9188c51f135ce3e6a32799ae025f9cbf4a5fe74b76cd2b1bb83e03bb2f
                                                                • Opcode Fuzzy Hash: 1fe8b629e13490cc55bf597282d2ffe94226c1235e63fb07a40727d64ec3cf1e
                                                                • Instruction Fuzzy Hash: 7F51C022E04641AAF710EF72D8803BEA3B1AF89B58F904136DE0D57798DF7CD4428761
                                                                Function 00007FF704C156F4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction ID: f4b8549006c391c617fc85526d8cf131762757549ab1cb9223d732d341b43865
                                                                • Opcode Fuzzy Hash: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction Fuzzy Hash: 4A41A622D18742A3E250AF22D98137AA370FF967A4F508336E65D03BE5DF6CA4A08750
                                                                Function 00007FFDFF241DF2 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732736471.00007FFDFF241000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFDFF240000, based on PE: true
                                                                • Associated: 00000002.00000002.1732706587.00007FFDFF240000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732736471.00007FFDFF2C2000.00000020.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732821099.00007FFDFF2C4000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732859485.00007FFDFF2EC000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F1000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2F7000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732886059.00007FFDFF2FF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff240000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastM_freeR_clear_error
                                                                • String ID:
                                                                • API String ID: 1231514297-0
                                                                • Opcode ID: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                • Instruction ID: 16d2ff9907c4eebe1c2efc5c0ed3d466cfe15de647ec3d02152a93853aade48e
                                                                • Opcode Fuzzy Hash: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                • Instruction Fuzzy Hash: FB316132B08A4289F7749E25D4A097D2791EF45B48F184631DE3DC76CDCE3CE8819762
                                                                Function 00007FF704C19A80 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction ID: c33b39266387cf41b40824c09f3807b4aa297e2565afac7891ff4856891a1b2f
                                                                • Opcode Fuzzy Hash: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction Fuzzy Hash: 84D09254B0860662EB58BF739DE50BE92625F5AB01F90153BC90F163B3DF7DA84D8321
                                                                Function 00007FF704C01DF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32(?,?,00000000,00007FF704C01AF6), ref: 00007FF704C01E09
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: [%d]
                                                                • API String ID: 2050909247-1705522918
                                                                • Opcode ID: ead01824c7e7486366443ac561305e8d1d4137b69cafcd72cadbd49c7fb0f5c3
                                                                • Instruction ID: c8736a74a0d6fec619de4a5910172cccb56dba50b1e944e3bcf6d126a25b72e7
                                                                • Opcode Fuzzy Hash: ead01824c7e7486366443ac561305e8d1d4137b69cafcd72cadbd49c7fb0f5c3
                                                                • Instruction Fuzzy Hash: 22E06D62A1C745A1E610FF62F8C506BB265FF94380F805036F68D47766DF6CC1A08BA0
                                                                Function 00007FF704C0E7E4 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction ID: ee5fde864736b1734e366c5529e5db56bf7eb43e44d3e2a8b6478772d5086be2
                                                                • Opcode Fuzzy Hash: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction Fuzzy Hash: B6510A61B0924165F678BE279C8467BE691BF44BA4F848B36DE6D837D5CF3CE401C620
                                                                Function 00007FF704C0B34C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 1236291503-0
                                                                • Opcode ID: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction ID: 656f590481e95b6775b73a56e5f5ac11cd14004f55f08e57c8394f894ca1809c
                                                                • Opcode Fuzzy Hash: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction Fuzzy Hash: 39310C11E0C50261EA14FFA79D993BB9251AF45784FC40436EA0D873E7EF6CB905C671
                                                                Function 00007FF704C1CB28 Relevance: 3.1, APIs: 2, Instructions: 74fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID:
                                                                • API String ID: 442123175-0
                                                                • Opcode ID: 83b607202d9a0b12fc8e434497799e2c1b1c81123a37f4e98be93d119a9c90fb
                                                                • Instruction ID: 066c03aa81e3a6110709b5f5951abd470ce4df81cb21204e640df99fdd56db32
                                                                • Opcode Fuzzy Hash: 83b607202d9a0b12fc8e434497799e2c1b1c81123a37f4e98be93d119a9c90fb
                                                                • Instruction Fuzzy Hash: 8C31C332A18B81AAD710AF1AE9846AAB7A0FF59780F944033EB8D87764DF3CD455C710
                                                                Function 00007FF704C1C51C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction ID: dd54671275da25a760c62ff259a25583691ee2426f19b952bd2368622be7625f
                                                                • Opcode Fuzzy Hash: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction Fuzzy Hash: 7331A822A58B45A1D7249F1689D0179A760FF46BB0BA41336E76F073F0CF38E461D311
                                                                Function 00007FF704C1AB70 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF704C1A9ED,?,?,00000000,00007FF704C1AAA2), ref: 00007FF704C1ABDE
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C1A9ED,?,?,00000000,00007FF704C1AAA2), ref: 00007FF704C1ABE8
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                • String ID:
                                                                • API String ID: 1687624791-0
                                                                • Opcode ID: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction ID: 790c92996213d95ea078342722beb94fdd5ad8452e84b93ab7ca021b0a24e6e3
                                                                • Opcode Fuzzy Hash: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction Fuzzy Hash: F521D460B0D68221FE507F139DD027F92A29F86BA0F844237EA1E473E6CF7DA4458320
                                                                Function 00007FF704C1C238 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF704C1C224,?,?,?,00000000,?,00007FF704C1C32D), ref: 00007FF704C1C284
                                                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF704C1C224,?,?,?,00000000,?,00007FF704C1C32D), ref: 00007FF704C1C28E
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction ID: 71748c94c7920780a101bd45549ec9c61ebfa4901274a2d135164c497f21a3e5
                                                                • Opcode Fuzzy Hash: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction Fuzzy Hash: 27110461708B8292DA10AF66E98007AA361AF46BF0F944332EE7E077F8CF7CD4548740
                                                                Function 00007FF704C159F0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C15905), ref: 00007FF704C15A23
                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF704C15905), ref: 00007FF704C15A39
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Time$System$FileLocalSpecific
                                                                • String ID:
                                                                • API String ID: 1707611234-0
                                                                • Opcode ID: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction ID: 3732ed0feae7114ead87cadde3fb982fa3b0960e412beeedbc254d1d45433e2c
                                                                • Opcode Fuzzy Hash: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction Fuzzy Hash: 0E11823260C642A5EA54AF56E8C113BF770EF82761F900237E69D81AE4EF6DD014CB10
                                                                Function 00007FF704C1BFB0 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 62b3acb993a7c1c574d0af31b9abf31a9f6c1339b930cab784fdccb8202edaf5
                                                                • Instruction ID: 493fb3ef3cca74e88825958646e419f56769b8ac1a9a00c7e3b4253306bc91de
                                                                • Opcode Fuzzy Hash: 62b3acb993a7c1c574d0af31b9abf31a9f6c1339b930cab784fdccb8202edaf5
                                                                • Instruction Fuzzy Hash: 8D41C53290920157EA24AF16E98027AF3B0EF57B90F901136E69E477E1DF2DF402CB61
                                                                Function 00007FF704C06920 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: bb2f7890339b15aa9eb5a186ad8d6cbfd75b1243c92fa81cda41f662b14cdac8
                                                                • Instruction ID: 01c2be1e501d80dab0b2ed7784c5c50caf0b2911be41d625144db670bd28445f
                                                                • Opcode Fuzzy Hash: bb2f7890339b15aa9eb5a186ad8d6cbfd75b1243c92fa81cda41f662b14cdac8
                                                                • Instruction Fuzzy Hash: 4A219321B1869266EA10BF13AD883BBD691BF49BD4FC85432EE4D47786DF7DE061C210
                                                                Function 00007FF704C1BA40 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction ID: 88645ab0c7471adb6b74a5221b23d053ef86774e0eceb6d5c2d9e02ee0ea7ce5
                                                                • Opcode Fuzzy Hash: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction Fuzzy Hash: 9D313E21A18512A6E6517F168C8137EA660AF46B90FC10137E91A437E2EF7CF8418B31
                                                                Function 00007FF704C199B1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                • String ID:
                                                                • API String ID: 3947729631-0
                                                                • Opcode ID: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction ID: c31f4f8f0cbba0105f4d567bb5ccdd8b7b0c9ce8d6a33c1b3e09f6d564f03a48
                                                                • Opcode Fuzzy Hash: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction Fuzzy Hash: C521BC72E146429AEB24AF65C8902FD37B0EB05718F841637D61D06BE5DF38E548CB61
                                                                Function 00007FF704C16064 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction ID: 8197f2ab550c3dd7efb5b2fdb241c3e487c894472e069955f205d73e1ca78765
                                                                • Opcode Fuzzy Hash: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction Fuzzy Hash: 26115121A0D641A6EA61BF53988017FE274AFC6B80FD44433EB4D57BA6DF7DE8408724
                                                                Function 00007FF704C266E4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction ID: 4b4ade7ccad2b452f751f3b5fdc73f60b4679e33abacd7a1a98d502f20f7e375
                                                                • Opcode Fuzzy Hash: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction Fuzzy Hash: 6C21A732718A8297EB61AF19E9C037AB6A0FF84B54F944236E75E476D5DF7CD4008B20
                                                                Function 00007FF704C0EA64 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction ID: 4067dce0f1c8ff2df203918aa0b0ed1de9b80dc63ffc4f3ba9ece2541553e828
                                                                • Opcode Fuzzy Hash: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction Fuzzy Hash: 4B01C821A0874151E904FF539D4007AEAA1BF8AFE0F888632DE6C57BD6DF3CD4018710
                                                                Function 00007FF704C1F014 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF704C1B33A,?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2), ref: 00007FF704C1F069
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction ID: da5d1a8ce36005b156e9889956a054d024ab8e03f7f5ff6cba2709791fa96635
                                                                • Opcode Fuzzy Hash: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction Fuzzy Hash: DFF04F54B0920761FE547F639DD02B792A11F9A780F88853A8A0E467B1EF5CE4814230
                                                                Function 00007FF704C1D8D4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF704C1D83D,?,?,?,00007FF704C1130F), ref: 00007FF704C1D912
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction ID: 33cf6c2fdc85e9d82d1747197c0a264db6fc5e873120406fc731886949d0dee7
                                                                • Opcode Fuzzy Hash: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction Fuzzy Hash: A7F03A02A0C20661FE543EA39D8037792A05F577B0F884632DD2F463E1DF6CF4408230
                                                                Function 00007FF704C0B52C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF704C0B540
                                                                  • Part of subcall function 00007FF704C0BF68: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF704C0BF70
                                                                  • Part of subcall function 00007FF704C0BF68: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF704C0BF75
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                • String ID:
                                                                • API String ID: 1208906642-0
                                                                • Opcode ID: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction ID: f36c0b34015f6a60cd2ce46790dbb18d41c816dc893120ffe91898af015c638a
                                                                • Opcode Fuzzy Hash: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction Fuzzy Hash: 7DE07E54D0D243B1FD58BEA31DDA2BB82441F22304EC010BBD90D821D3AF4EB8462531
                                                                Function 00007FF704C07480 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF704C07AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF704C031F4,00000000,00007FF704C01905), ref: 00007FF704C07AD9
                                                                • LoadLibraryW.KERNEL32(?,00007FF704C04E86,?,00007FF704C0224E), ref: 00007FF704C074A2
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                • String ID:
                                                                • API String ID: 2592636585-0
                                                                • Opcode ID: 306e0b7f68d1bf48911d9a5e828091665b68987f1fa19b16ae1329a1af92c6f2
                                                                • Instruction ID: 184066cea1f2479af5362fb0687e6af4a8f95eff4f30e819ae79ec63fe539ed3
                                                                • Opcode Fuzzy Hash: 306e0b7f68d1bf48911d9a5e828091665b68987f1fa19b16ae1329a1af92c6f2
                                                                • Instruction Fuzzy Hash: A2D0C211F2424251EE48BB6BBE8653AE1519FC9BC0F88D036EE0D43B56DE3CD0900B04

                                                                Non-executed Functions

                                                                Function 00007FFDFF1A2F40 Relevance: 66.7, APIs: 32, Strings: 6, Instructions: 239threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Object_$Eval_Thread$Err_$RestoreSave$DeallocFreeStringU_object@@$ClearD@@@Dict_FromItemParseSizeSubclass$Arg_BindBuildCreateDisplayFormatInstanceNameTuple_Value_
                                                                • String ID: NiN$O|O:MkParseDisplayName$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                • API String ID: 3532411319-838830991
                                                                • Opcode ID: 1df4f06ed72079ac48bff10cae8e7b75590f2cc4d17675c667a360e714ee0fa7
                                                                • Instruction ID: 60418a7a479b5a738c58282fe459afeefb160102fb74877643087caaa744c3f4
                                                                • Opcode Fuzzy Hash: 1df4f06ed72079ac48bff10cae8e7b75590f2cc4d17675c667a360e714ee0fa7
                                                                • Instruction Fuzzy Hash: 78B1F567F08A5681EB159B66E864AB823A0BF48B84F445236DD3E5B7ECDF3DE405C300
                                                                Function 00007FFDFF1D0E00 Relevance: 52.7, APIs: 23, Strings: 7, Instructions: 208COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: None is not a valid interface object in this context$Oi:Save$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 1450464846-2959502821
                                                                • Opcode ID: 97bfe7891bd77c0c784a65b3d0609b7cae60fa65309b4220ee959ec09e08340e
                                                                • Instruction ID: 1929d24f616c131202b1da3909c8284d9efaf0878a12a639b793ee417d05eced
                                                                • Opcode Fuzzy Hash: 97bfe7891bd77c0c784a65b3d0609b7cae60fa65309b4220ee959ec09e08340e
                                                                • Instruction Fuzzy Hash: 1891F567F08B4381FB549B66E96497923A1BF88B94B444236CA3E572ECDF7DE449C300
                                                                Function 00007FFDFF1BBE10 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 202threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Err_$String$Object_$Instance$AttrClearErrorFormatInfoOccurred
                                                                • String ID: None is not a valid interface object in this context$OkO:SetProperty$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 24844179-2279418479
                                                                • Opcode ID: 5593ae3436d196541c521857866ac9ca2eb8e35581d91484d684e72c843c2ecb
                                                                • Instruction ID: 87c1fc2e4f0378ae0df36b9c6fee744636948708477be3319bafb27e111a26fa
                                                                • Opcode Fuzzy Hash: 5593ae3436d196541c521857866ac9ca2eb8e35581d91484d684e72c843c2ecb
                                                                • Instruction Fuzzy Hash: A4A1F767F08A47C1EB549B56E9A097923A0BF88B85B404236DA3E876ECDF7DE405D340
                                                                Function 00007FFDFF1BCCC0 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 198threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$Object_$Eval_InstanceThread$Arg_AttrClearFormatFromLongLong_OccurredParseRestoreSaveSizeTuple_
                                                                • String ID: O:AddRefTypeInfo$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 445090835-864360029
                                                                • Opcode ID: bc97746e5819cf51c88631e5d80e7cefa76773136ce5f9b4708350c82f98484a
                                                                • Instruction ID: d637028ab6cfda4ca2b2e8992f62930c82bc947aa2b0a93dc6372856b4e09826
                                                                • Opcode Fuzzy Hash: bc97746e5819cf51c88631e5d80e7cefa76773136ce5f9b4708350c82f98484a
                                                                • Instruction Fuzzy Hash: 9B913E67F08A43C1EB149F56E9A497963A0BF84B95B444236CA3D476E8DF7CE449C340
                                                                Function 00007FFDFF1A7F40 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 179threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _PyArg_ParseTuple_SizeT.PYTHON312 ref: 00007FFDFF1A7F82
                                                                • PyEval_SaveThread.PYTHON312 ref: 00007FFDFF1A81CF
                                                                • PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF1A81E8
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194C65
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194CA8
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194CB6
                                                                  • Part of subcall function 00007FFDFF194C20: GetErrorInfo.OLEAUT32 ref: 00007FFDFF194CC6
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194CD1
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194CF4
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194D11
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194D42
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194D5F
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194D91
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194DAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Arg_ErrorInfoParseSizeTuple_
                                                                • String ID: O:CoSetCancelObject$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 1860538329-3744512049
                                                                • Opcode ID: 6d4b78b0bcb5d6724cb0e3d45a174feb03a245aacb1fe5612c6951844b959696
                                                                • Instruction ID: 76334eaeeb828c02e12b4c96508d1bf820ae9fe30a88eefa958520c6dd85e9ef
                                                                • Opcode Fuzzy Hash: 6d4b78b0bcb5d6724cb0e3d45a174feb03a245aacb1fe5612c6951844b959696
                                                                • Instruction Fuzzy Hash: D6810A67F08B4385EB549B66E96497963A1BF88B94F444236CA3E476ECDF6CF418C300
                                                                Function 00007FF704C06C30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                • String ID: %s\*
                                                                • API String ID: 1057558799-766152087
                                                                • Opcode ID: e088e27d8d0f46029279e9722d1243d0cd41ffb9859322922a4bee3f591104c6
                                                                • Instruction ID: 059998305c601e89ec7c3ca3a151aa56b5ec017a518e681fd70582175b77bc45
                                                                • Opcode Fuzzy Hash: e088e27d8d0f46029279e9722d1243d0cd41ffb9859322922a4bee3f591104c6
                                                                • Instruction Fuzzy Hash: 30415221B0CA42A1EA20AF26E9C81BBA360FF94754FD10233D65D87694DF7CD659C760
                                                                Function 00007FF704C0B84C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction ID: 04fd11b5b04037535e5ac0f0ae9ccfb3250ae668ee39d7ef1dd7e691ac1aaaed
                                                                • Opcode Fuzzy Hash: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction Fuzzy Hash: 67315C76608B8196EB60EF61E8803EEB360FB84744F84403ADB4E57B94EF78D548C720
                                                                Function 00007FF704C1A668 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction ID: df62f31e96d9237e218bff1011e02530c757f8f5f7845cc948e51a558d245bd5
                                                                • Opcode Fuzzy Hash: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction Fuzzy Hash: 80316F36608B8196EB60DF26EC802AEB3A4FF89754F940136EA8D43B64DF3DD555CB10
                                                                Function 00007FF704C21C04 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 2227656907-0
                                                                • Opcode ID: 728210f36c20b369758be20500c460df1f077525fb744896d226502d8994a634
                                                                • Instruction ID: 67e0f90ff3a0a1ea5bb89e3d2372f416db2923a210336b40afe76ee38ca877f0
                                                                • Opcode Fuzzy Hash: 728210f36c20b369758be20500c460df1f077525fb744896d226502d8994a634
                                                                • Instruction Fuzzy Hash: 33B1C422B1868291EA61EF23DE841BBE261FF45BD4F884133EA5D07B95DFBCE4418310
                                                                Function 00007FF704C04300 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04310
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04351
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04376
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C0439B
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C043C3
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C043EB
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04413
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C0443B
                                                                • GetProcAddress.KERNEL32(?,00007FF704C04ED7,?,00007FF704C0224E), ref: 00007FF704C04463
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                • API String ID: 190572456-2007157414
                                                                • Opcode ID: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction ID: 4dfb4c80bdef450cf07dd298adfea795612ed5d14c42e0238f85f59baba1cfdb
                                                                • Opcode Fuzzy Hash: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction Fuzzy Hash: BA126AA4A09F03B0FA59FF06EED42B7A361AF54745FD41437C90E52250EFBCB5488264
                                                                Function 00007FF704C06120 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                • API String ID: 190572456-3427451314
                                                                • Opcode ID: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction ID: 7fe959f6accf095bce8f2e6a75cd15345956e423c089aedc6d32909a892ac0d0
                                                                • Opcode Fuzzy Hash: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction Fuzzy Hash: 31E1A664A09B03B0FA19EF46EED46B6E2A5AF48745FD41437C80E62365EFBCB5148270
                                                                Function 00007FFDFF1CCF40 Relevance: 77.3, APIs: 34, Strings: 10, Instructions: 304threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSave$Object_String$Instance$ClearD@@@DeallocFormatU_object@@$Arg_AttrDict_ErrorFromInfoItemOccurredParseSizeSubclassTuple_
                                                                • String ID: None is not a valid interface object in this context$OOO:BindToObject$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 1715831850-2179531859
                                                                • Opcode ID: af663720a58c98a240cebcc4071d7f99d55ed0bcfed916df104e18b6f6d7e288
                                                                • Instruction ID: 883a970c9b6b65b918a68b71195f7fca3d18a8142ebbd899db4f8b449f914c7e
                                                                • Opcode Fuzzy Hash: af663720a58c98a240cebcc4071d7f99d55ed0bcfed916df104e18b6f6d7e288
                                                                • Instruction Fuzzy Hash: EFE1C867F08A4681EB149B66E864DB963A2BF48B84B445236CD3E576ECEF7CE445C300
                                                                Function 00007FFDFF1CDC90 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 273threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_Thread$Object_String$RestoreSave$Instance$Arg_ClearD@@@DeallocDict_FormatFromItemOccurredParseSizeSubclassTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$Oi:ComposeWith$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 4135355709-237793070
                                                                • Opcode ID: 4d1f3e5924bc984bc6ca2b0c45b39755f9588f463966440b0391dabfac4807c8
                                                                • Instruction ID: eb2a725a793d56b434420a09c7014ea7fb9320ed5c48de613484dae28230d9b5
                                                                • Opcode Fuzzy Hash: 4d1f3e5924bc984bc6ca2b0c45b39755f9588f463966440b0391dabfac4807c8
                                                                • Instruction Fuzzy Hash: C3C10867F08A4681EB159B56E8609B923A1BF88B95B444236CE3E477ECEF7CF445C340
                                                                Function 00007FFDFF1D7050 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 271threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_Thread$Object_String$RestoreSave$Instance$Arg_ClearD@@@DeallocDict_FormatFromItemOccurredParseSizeSubclassTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$O:GetObject$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 4135355709-3498757485
                                                                • Opcode ID: 835c03ae308c35f57c3759b45dff3022244cfc95d1c3815079bae86516b774d9
                                                                • Instruction ID: b4d771cb495992ef999c1f122560650d32a3b456a240e60d959e8c1d9dcefe8b
                                                                • Opcode Fuzzy Hash: 835c03ae308c35f57c3759b45dff3022244cfc95d1c3815079bae86516b774d9
                                                                • Instruction Fuzzy Hash: 67C10767F08B4281EB159B56E8609B963A0BF88B84B444636DE3E477ECDF7CE449C300
                                                                Function 00007FFDFF1DED90 Relevance: 59.7, APIs: 28, Strings: 6, Instructions: 207threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: String$Bstr@@Eval_FreeObject_ThreadU_object@@$Arg_Err_ParseRestoreSaveSizeTuple_
                                                                • String ID: None is not a valid interface object in this context$OO|O:RegisterTypeLib$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 1565861866-329016545
                                                                • Opcode ID: c38fdd5393a7f71dba27ec6632f5a1de3e5656cb3673b5e7599f99d4ce320376
                                                                • Instruction ID: de16b92a13ca6653cee6c44f9d73c07eeaf16ebe4437e88e6b9e94dc9fd07783
                                                                • Opcode Fuzzy Hash: c38fdd5393a7f71dba27ec6632f5a1de3e5656cb3673b5e7599f99d4ce320376
                                                                • Instruction Fuzzy Hash: 2AA10627F08B8281EB549B16E860AB963A1FF84B84F444236D97E476E8DF7DE508C340
                                                                Function 00007FFDFF1CB030 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 194threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Object_String$Eval_InstanceSizeThread$Arg_BuildD@@@FormatOccurredParseRestoreSaveTuple_U_object@@Value_
                                                                • String ID: OO:RegisterInterfaceInGlobal$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The Python object is invalid$_oleobj_$argument is not a COM object (got type=%s)
                                                                • API String ID: 3105385283-3764999445
                                                                • Opcode ID: 53e7fbdff86ada19acec419cf4332a1b5d97eaba95525b9bd220fabc68a0381b
                                                                • Instruction ID: eedd3521b16b5076354c5b1206ef56ea4e6acfb789f2b21c84b89acf52d0fe7b
                                                                • Opcode Fuzzy Hash: 53e7fbdff86ada19acec419cf4332a1b5d97eaba95525b9bd220fabc68a0381b
                                                                • Instruction Fuzzy Hash: E8910667F08A5681EB64DB62E8649B963A1BF84B84F444236D97E876ECDF3CF405C340
                                                                Function 00007FFDFF19AD70 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 243threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_LongLong_RestoreSave$Clear$ErrorFormatInfoObject_OccurredSizeStringVariant
                                                                • String ID: The Python object is invalid$not enough arguments (at least 4 needed)
                                                                • API String ID: 3932892490-3105778763
                                                                • Opcode ID: e45f26f084caf1487aa97dac7c2440311778856f7d158d44e8e0450c1589cb22
                                                                • Instruction ID: ca90adead646fd363f20d87f6f44138a0134d7cbf3fb3b46ce9252cfda382712
                                                                • Opcode Fuzzy Hash: e45f26f084caf1487aa97dac7c2440311778856f7d158d44e8e0450c1589cb22
                                                                • Instruction Fuzzy Hash: 23B10B67F08B4686EB149F66D9649AC33B1FB48B88B104235DE3E57B98DF38E549C340
                                                                Function 00007FFDFF1A4F30 Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 171threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Thread$Arg_D@@@Object_OccurredParseRestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$OOOk|k:CoMarshalInterface$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 2429651732-47281345
                                                                • Opcode ID: 18618960033e3e589b122eefe9736a068c53710cfdc0e86c956d8a2ee03aa9a5
                                                                • Instruction ID: acf9c465458fe6fbdfb392219fd1d4aaa002161d7465077f94c0b1fd3f4c0f18
                                                                • Opcode Fuzzy Hash: 18618960033e3e589b122eefe9736a068c53710cfdc0e86c956d8a2ee03aa9a5
                                                                • Instruction Fuzzy Hash: 2E91E767F0CB4281EB159B16E964A7963A1BF85F84F544236CA7E476ACDF3DE408C340
                                                                Function 00007FFDFF199E60 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 170threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$Object_$RestoreSave$D@@@StringU_object@@$Arg_ClearDeallocDict_FormatFromInstanceItemOccurredParseSizeSubclassTuple_
                                                                • String ID: OO:CreateInstance$The Python IID map is invalid - the value is not an interface type object$The Python object is NULL and no error occurred$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a COM object (got type=%s)
                                                                • API String ID: 2983913881-3322948639
                                                                • Opcode ID: 9fa40a63a0a64a6cd1f7e6cb35cbbf5f89c3148ae90f0c2e49d0164a26d02500
                                                                • Instruction ID: 4e17d427d18152c1c227098d11c0635a40ac3ad303fb85e82f35ac60f674d4a7
                                                                • Opcode Fuzzy Hash: 9fa40a63a0a64a6cd1f7e6cb35cbbf5f89c3148ae90f0c2e49d0164a26d02500
                                                                • Instruction Fuzzy Hash: 8281F867F08A4681EB649F16E86497963A0BF48B88B444236DD7E477ECDF3DE405D380
                                                                Function 00007FFDFF197DE0 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ClearErr_$DeallocFromState_Tuple_$DoubleEnsureItemLong_Object_ReleaseU_object@@
                                                                • String ID: _GetIDsOfNames_
                                                                • API String ID: 3766188944-521210149
                                                                • Opcode ID: c844c70a0d75fd58b28ef62468fd781017157d74b463f8f1b6202d4eb108006a
                                                                • Instruction ID: 2e107c876ded6ef935fd48d43a96746b1ae1b3fe018c1487d6ea4815bd489fb1
                                                                • Opcode Fuzzy Hash: c844c70a0d75fd58b28ef62468fd781017157d74b463f8f1b6202d4eb108006a
                                                                • Instruction Fuzzy Hash: 7A51FB23F09B4386EB289F26A96493963A1BF45B99F044235D97E167D8DF3CF849C340
                                                                Function 00007FFDFF1E2F80 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_Object_$ArrayFromObjectSafeU_object@@$BufferDataView@@$AccessClearElementItemSequence_SizeStringU_object@@_UnaccessVariantmemcpy
                                                                • String ID: All dimensions must be a sequence of the same size$Could not set the SAFEARRAY element$Internal error - the buffer length is not the sequence length!$Internal error - unexpected argument - only simple VARIANTTYPE expected
                                                                • API String ID: 2035938186-1356164553
                                                                • Opcode ID: a2364fd23a1eec3651b85f60ea98743fff9aa7f1731e44afec1b36492cc08332
                                                                • Instruction ID: 7dd5db2d21a1d7f3f73c6c7f1d112df0d276381174a9791cfd702438388d5d80
                                                                • Opcode Fuzzy Hash: a2364fd23a1eec3651b85f60ea98743fff9aa7f1731e44afec1b36492cc08332
                                                                • Instruction Fuzzy Hash: B8912A33F08A4285EB14DB25E864AB967A1BB88B84F441239DE3E6769CDF3DF445C740
                                                                Function 00007FFDFF1E5F70 Relevance: 42.1, APIs: 18, Strings: 6, Instructions: 143threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Err_Object_$D@@@StringU_object@@$Arg_Capsule_ClearDeallocDict_FromItemParseSizeSubclassTuple_Valid
                                                                • String ID: OO|O:CreateTearOff$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$argument is not a CObject/vtable$win32com universal gateway
                                                                • API String ID: 1996181731-1804849320
                                                                • Opcode ID: 9da11d1d288c343e45078d1e647b73be36ab1e69a9ac6590df5caec5380c9375
                                                                • Instruction ID: a046c30df85cec49544c23fea858f6dd95d9fabacd941130c63c360cc923f944
                                                                • Opcode Fuzzy Hash: 9da11d1d288c343e45078d1e647b73be36ab1e69a9ac6590df5caec5380c9375
                                                                • Instruction Fuzzy Hash: D5610677F19A4281EB159B16E864A7963A0FF88B84F845236DA7E47798DF3DF844C300
                                                                Function 00007FFDFF1A5F40 Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 169threadcomCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_Thread$Save$RestoreString$FormatInstanceObject_Occurred$Arg_ParseSizeStreamTuple_
                                                                • String ID: None is not a valid interface object in this context$OO:OleSaveToStream$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 179402570-2248625336
                                                                • Opcode ID: b7bd34ca1b711a698eb0020c1668824713292f330613c31e4bc97a921366db31
                                                                • Instruction ID: 33cd06b353f9a5e35c3244de8fbf711dce41ae7f5c03f90d40bc88cfec79c4bb
                                                                • Opcode Fuzzy Hash: b7bd34ca1b711a698eb0020c1668824713292f330613c31e4bc97a921366db31
                                                                • Instruction Fuzzy Hash: 24810A67F08A4281EB459F26E96497963A1FF88F94B444636DA3E476ECDF3CE458C300
                                                                Function 00007FFDFF1B3DE0 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 211COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$Memorymalloc
                                                                • String ID: ELEMDESCArray must be a sequence of ELEMDESCs$FUNCDESC$SCODE array must be a sequence of integers!$The object is not a PyFUNCDESC
                                                                • API String ID: 329545144-3413657444
                                                                • Opcode ID: c37b749459224dc7ab5f1c6bbe983c584368e7bee74fc74d0c4bbeac2a9e54e7
                                                                • Instruction ID: 55ddf774f7225d1838cbadb485e5dbcd8d25f7ac7362cc1c839ca69ba344b7e3
                                                                • Opcode Fuzzy Hash: c37b749459224dc7ab5f1c6bbe983c584368e7bee74fc74d0c4bbeac2a9e54e7
                                                                • Instruction Fuzzy Hash: 07915967F19B8282EB14DF25E86097863A0FB48B95B099235DE7E47798EF3CE451C700
                                                                Function 00007FFDFF1D8F40 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 153COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: OOi|i:OpenStream$The 'reserved' parameter (param 2) must be None$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 1450464846-2618051897
                                                                • Opcode ID: 83334fd1d826a93688f9d9f5f2b042fc621d3abb845043530d06aee008f150b7
                                                                • Instruction ID: dc39cc4dec071817e57e7c066bf63d93c34c80a9501b8edc00321786d4afa1b8
                                                                • Opcode Fuzzy Hash: 83334fd1d826a93688f9d9f5f2b042fc621d3abb845043530d06aee008f150b7
                                                                • Instruction Fuzzy Hash: 03611B27F08B8281EB649F15E864A7963A4FB88B94F844236DA7E477DCDF2CE445C700
                                                                Function 00007FFDFF1C4E90 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 170threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dealloc$ErrorEval_ExceptionInfoOccurredRestoreSequence_SizeState_Thread$Arg_CheckClearCreateEnsureFetchGivenItemMatchesNormalizeObject_ParseReleaseSaveStringTuple_
                                                                • String ID: <unknown>$Next$Unexpected exception in gateway method '%hs'$result must be a tuple of (PyIUnknown, dwCookie)
                                                                • API String ID: 1959370712-1562171100
                                                                • Opcode ID: 6614c440dad18ac30f9e804648a0e65d0a5c0b6e509d0914107184b029e380d7
                                                                • Instruction ID: 4e9ec1e440304d5752874d1c0ceca36c1b7a81ecb251481e54cb045fddc2d06a
                                                                • Opcode Fuzzy Hash: 6614c440dad18ac30f9e804648a0e65d0a5c0b6e509d0914107184b029e380d7
                                                                • Instruction Fuzzy Hash: 42714E27F08A4682EB109F29E8649A963A1FF84F95F455235DA3E877E8DF3DE405C340
                                                                Function 00007FFDFF1B9040 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 148threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Object_$Size$Arg_DeallocErr_Eval_ParseSequence_StringThreadTuple_U_object@@$CheckD@@@FreeItemRestoreSavewcsncpy
                                                                • String ID: Argument must be a list of CATEGORYINFO tuples$Category infos must be CATID, lcid, description$O:RegisterCategories$OlO$The Python object is invalid
                                                                • API String ID: 1025210904-1076235190
                                                                • Opcode ID: 5fac8cf1d3f9f988c9af9cd567c28009034e441b9a21927cf3179b8f73d7cbf6
                                                                • Instruction ID: fd356cc0fc399dde7021da9e83400efb932b91d46c81eb6d794419c58e8789df
                                                                • Opcode Fuzzy Hash: 5fac8cf1d3f9f988c9af9cd567c28009034e441b9a21927cf3179b8f73d7cbf6
                                                                • Instruction Fuzzy Hash: 9E51FD67F09A4281EB519F16E964AB963A0BF84B94F444236DE7E477E8DF3CE446C300
                                                                Function 00007FFDFF1C2F20 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 147COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_State_$BuildEnsureLongLong_Object_OccurredReleaseSizeStringSubclassValue_
                                                                • String ID: Drop$OlOl$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 1074411449-3116030788
                                                                • Opcode ID: 54e095e76a67c8a7cf77ea615b02f31fcb1c21aa40e12c6bf2ec34f09e8b50c8
                                                                • Instruction ID: 2515a4a56b921a31723d07742a1fb55b5c51437e31e0f21dad5a407d9df4531c
                                                                • Opcode Fuzzy Hash: 54e095e76a67c8a7cf77ea615b02f31fcb1c21aa40e12c6bf2ec34f09e8b50c8
                                                                • Instruction Fuzzy Hash: A4512727F09A4281EB559F26A864EB963A1BF88B94F454235DE3E473D8DF3DE415C300
                                                                Function 00007FFDFF1CCC70 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 132threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Arg_D@@@Err_FromObject_ParseSizeStringTuple_U_object@@
                                                                • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 607227609-175512089
                                                                • Opcode ID: aab7d7df32904f7b4df90156bc8fcbde5a2aee5c8c25e03c45d75fa34585df99
                                                                • Instruction ID: 81cc6028760f5356523434321ed3986897cfdbc07d789e18ce59bd744e2533d7
                                                                • Opcode Fuzzy Hash: aab7d7df32904f7b4df90156bc8fcbde5a2aee5c8c25e03c45d75fa34585df99
                                                                • Instruction Fuzzy Hash: 2051FE27F08A8281EB549B1AF9609B96361FF48BC4B485136DE7E477ACDF2CE845C340
                                                                Function 00007FFDFF1C4040 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 121threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Arg_D@@@Err_FromObject_ParseSizeStringTuple_U_object@@
                                                                • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 607227609-175512089
                                                                • Opcode ID: e31fab3f487716b6e4aa2895c6a873f6845a63c14e17859bf72ce3d574535798
                                                                • Instruction ID: 7abf1c72a548243544e49a6fd436585d292670e6b1d79ada3be098096b515d64
                                                                • Opcode Fuzzy Hash: e31fab3f487716b6e4aa2895c6a873f6845a63c14e17859bf72ce3d574535798
                                                                • Instruction Fuzzy Hash: 59513B66F1CA4281EB459B16FAA49B923A1BF88FC4B445235CE7E477ACDF2CE4548300
                                                                Function 00007FFDFF1C8EE0 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 121threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Arg_D@@@Err_FromObject_ParseSizeStringTuple_U_object@@
                                                                • String ID: :Clone$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 607227609-175512089
                                                                • Opcode ID: d0563f397d1f51aa13f9ffd9a77b63cef8ea76789afeda18edb7bb8eb69edba2
                                                                • Instruction ID: cf605bc49ac1ad9b4adfa19d0661325141776fa5545ea5c475350947cfd7e772
                                                                • Opcode Fuzzy Hash: d0563f397d1f51aa13f9ffd9a77b63cef8ea76789afeda18edb7bb8eb69edba2
                                                                • Instruction Fuzzy Hash: 99514D62F18A4281EB599B16F96497963A2FF88BD0B845235DE3E477ECDF2CE454C300
                                                                Function 00007FFDFF1D7E90 Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: AuthnLevel$AuthnSvc$AuthzSvc$Capabilities$ClientName$ImpLevel$ServerPrincipalName$The Python object is invalid${s:k, s:k, s:N, s:k, s:k, s:N, s:k}$|k:QueryBlanket
                                                                • API String ID: 1450464846-3683017349
                                                                • Opcode ID: 6fddb795cc4d0650ddbb269f277a193b32dc84913310c891a24b028edd11d070
                                                                • Instruction ID: 632fe074a01445a6faeeb0fc90241f85da7167ba20233cda592e244af9d7757f
                                                                • Opcode Fuzzy Hash: 6fddb795cc4d0650ddbb269f277a193b32dc84913310c891a24b028edd11d070
                                                                • Instruction Fuzzy Hash: 8951BB76B08B8695DB60DB51F8607AA7364FB88750F404236DABD43B98EF3CE149CB40
                                                                Function 00007FFDFF193C70 Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_GivenExceptionMatches.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193C9E
                                                                • PyErr_Format.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193CC1
                                                                • PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193D0F
                                                                • PyLong_AsLong.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193D20
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193D32
                                                                • PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193D42
                                                                • _PyArg_ParseTuple_SizeT.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193D96
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193DA9
                                                                • PyErr_Clear.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193DAF
                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193DC6
                                                                • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00007FFDFF1937F7), ref: 00007FFDFF193E94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$String$AttrDeallocObject_$Arg_ClearExceptionFormatGivenLongLong_MatchesParseSizeTuple_
                                                                • String ID: Must be a COM exception object (not '%s')$The inner excepinfo tuple must be of format 'izzzii'$excepinfo$hresult$iOOOii:ExceptionInfo$invalid arg to PyCom_ExcepInfoFromPyObject
                                                                • API String ID: 4233896423-1242069304
                                                                • Opcode ID: 635d993150ec35b56f9e2fe84c000c54f88e6f56ab0cef02df8b9afd4f4063a3
                                                                • Instruction ID: 83499f5ddfc442fec1b9143f39a1bbf463b354bd61b8b50dbbd456cb0544a070
                                                                • Opcode Fuzzy Hash: 635d993150ec35b56f9e2fe84c000c54f88e6f56ab0cef02df8b9afd4f4063a3
                                                                • Instruction Fuzzy Hash: 53510667F08B4281EB208F21E96497963A4FB88B98F445232DE7D52798EF3CE495C740
                                                                Function 00007FFDFF1D9E60 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|izi:EnumElements
                                                                • API String ID: 1450464846-3979406166
                                                                • Opcode ID: e7f32d745b15cd9ee10ac700c2c706cc4fbfc95c14fe931a76b2037d0706d9ac
                                                                • Instruction ID: cb598788c3dfc660ab2f806fd76ba99a2839fd6affb62922b2ee47bb9cb8edf9
                                                                • Opcode Fuzzy Hash: e7f32d745b15cd9ee10ac700c2c706cc4fbfc95c14fe931a76b2037d0706d9ac
                                                                • Instruction Fuzzy Hash: C9510C67F08B4685EB55AF16F86096D63A0BB84B80B844236DE7E477ACDF3CE445C700
                                                                Function 00007FFDFF1BAF20 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 119threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Thread$String$RestoreSave$Arg_ClearD@@@DeallocDict_FromItemObject_ParseSizeTuple_U_object@@
                                                                • String ID: :GetConnectionPointContainer$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 3450175354-444689646
                                                                • Opcode ID: 777bc4070acbf7ccc4d0198bc177fa427624677af3f6667dbb51620fcb311dd8
                                                                • Instruction ID: 7bceffb29adeda318e6bfdbb423282f65f8b8e4937d32b39bcc7f0a3aefa7c83
                                                                • Opcode Fuzzy Hash: 777bc4070acbf7ccc4d0198bc177fa427624677af3f6667dbb51620fcb311dd8
                                                                • Instruction Fuzzy Hash: 10511666F08A42C1EB659B26E96497963A0BF48BC4B445236DE7E47BECDF2CE445C300
                                                                Function 00007FFDFF1D1DC0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 117threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_Object_$D@@@RestoreSaveStringU_object@@$Arg_ClearDeallocDict_FromItemParseSizeSubclassTuple_
                                                                • String ID: O|l:Open$The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 3820758855-340330434
                                                                • Opcode ID: 2e50afba623a692501b14851eab44d59dd812dc040f61171e60088fe41d0e284
                                                                • Instruction ID: d16f43b2cfdf80b20a448b19631cc950dde6c502f69f8d790f18798d3453c429
                                                                • Opcode Fuzzy Hash: 2e50afba623a692501b14851eab44d59dd812dc040f61171e60088fe41d0e284
                                                                • Instruction Fuzzy Hash: 17510766F08B4382FB159B16E96497D63A1BF88B80B444236D97E577ECDF2CE504C700
                                                                Function 00007FFDFF1A3F00 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 114threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ObjectParseRestoreRunningSaveSizeTableTuple_
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|l:GetRunningObjectTable
                                                                • API String ID: 2724345335-3252069639
                                                                • Opcode ID: 3d4ced0acd433a28b3fc67ddddbdf6e651f15d218335b3b247a5381410306117
                                                                • Instruction ID: 7b58af00b20403c83f30be70d9e2856f550f5a27e664ebc68890bde122678fed
                                                                • Opcode Fuzzy Hash: 3d4ced0acd433a28b3fc67ddddbdf6e651f15d218335b3b247a5381410306117
                                                                • Instruction Fuzzy Hash: 1241FD67F08B4281EB149B16F96096963A1FF88B84B484235DE7D077ACDF3DE555C700
                                                                Function 00007FFDFF19DE90 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 131COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FromSize$D@@@Object_StringU_object@@$Arg_BuildBytes_DeallocDictDict_ImportImport_ItemModuleModule_ParseTuple_Value_
                                                                • String ID: :reduce$GetRecordFromGuids$O(NHHiNN)$pythoncom$pythoncom.GetRecordFromGuids() can't be located!
                                                                • API String ID: 2022490691-1699533125
                                                                • Opcode ID: 154b07aa29aabc4b63b00443c628a8ebd0efe33b81f072c520a83476bd333e23
                                                                • Instruction ID: 4f18757d856548273f6a3a048044f43b1b64faa9c4ce6df3fb0907cacfee4459
                                                                • Opcode Fuzzy Hash: 154b07aa29aabc4b63b00443c628a8ebd0efe33b81f072c520a83476bd333e23
                                                                • Instruction Fuzzy Hash: D0511F27F09B4282EB148F16E8A0A2A67A0FF84F84F544535DA7D477A8DF3EE449C750
                                                                Function 00007FFDFF196FD0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 130COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: CPyFactory::CreateInstance failed to create instance. (%lx)$CPyFactory::CreateInstance failed to get gateway to returned object$None is not a valid interface object in this context$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 0-3937774660
                                                                • Opcode ID: da106cd27bbf2c883af425b36548e718ce1367ebb56edd04b9eda90e97c68ba9
                                                                • Instruction ID: 14ccdfeb35ee94ab9bc922a9f8ad8b71198975972f7c470ff5ad11841a51f6bd
                                                                • Opcode Fuzzy Hash: da106cd27bbf2c883af425b36548e718ce1367ebb56edd04b9eda90e97c68ba9
                                                                • Instruction Fuzzy Hash: 0B512F67F08A4282EB249F65A960D7963A0BF45BD4F444236DD3D876E8DF3DE448C380
                                                                Function 00007FFDFF1A1C90 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 106threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_ClassD@@@FormatFromInstanceLongLong_ObjectOccurredParseRegisterSizeStringTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$OOii:CoRegisterClassObject$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 2184610904-3063170963
                                                                • Opcode ID: 7806ee235579b6e3f2697f1215b5b7c88d3a55961d53b93a60facc736010979e
                                                                • Instruction ID: 5be6be42a07417b9b1ad276a8b882af498f42709964007d9bb26a1edde9bc2d9
                                                                • Opcode Fuzzy Hash: 7806ee235579b6e3f2697f1215b5b7c88d3a55961d53b93a60facc736010979e
                                                                • Instruction Fuzzy Hash: A451FB37F08A4281EB44DF16E8649B963A1FF88B84B544236DA7E5B6E8DF3CE445C700
                                                                Function 00007FFDFF1DFE40 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Sequence_$DeallocItem$CheckErr_LongLong_SizeString
                                                                • String ID: If the TYPEDESC is of type VT_USERDEFINED, the object must be an integer$SAFEARRAY descriptions are not yet supported$The first sequence item must be an integer$The object is not an TYPEDESC
                                                                • API String ID: 3972667259-4167263409
                                                                • Opcode ID: 83310a41317ed4b86ad67f0db0c5c731689438af81b49cd03eacc7a65c3c8a19
                                                                • Instruction ID: e6003a6557b0519a1b540ac3ba430080923adea1a952d982f219ce0c9411edd6
                                                                • Opcode Fuzzy Hash: 83310a41317ed4b86ad67f0db0c5c731689438af81b49cd03eacc7a65c3c8a19
                                                                • Instruction Fuzzy Hash: 26410B23F08B4281EB589B26E964A7963B0EF85B84F185235DA7E466EDDF2CE544C300
                                                                Function 00007FFDFF1DAFB0 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocObject_$D@@@Err_FromState_U_object@@$ClearDict_EnsureItemReleaseStringSubclass
                                                                • String ID: CopyTo$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$iOzO
                                                                • API String ID: 2765662280-1985235689
                                                                • Opcode ID: 6b79d59dc2aba2368e7d40dbec2f95358bdd6984ba623203858f739133efba61
                                                                • Instruction ID: a7ffef66140fd1409b136bee39d8d1f3ca215bda13045e314fe56e3aaa7ebe1f
                                                                • Opcode Fuzzy Hash: 6b79d59dc2aba2368e7d40dbec2f95358bdd6984ba623203858f739133efba61
                                                                • Instruction Fuzzy Hash: 5841E422F08B4681EB65DB16A864A6963B4BF49B94F444236DE7E477A8DF3DE404C700
                                                                Function 00007FFDFF1D3F50 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 202COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: OO|l:WriteMultiple$The Python object is invalid$The parameters must be sequences of the same size
                                                                • API String ID: 1450464846-1693612115
                                                                • Opcode ID: 058d0fae57a1fac61832771fd5daa39ad3cca7b42815fa12eac4ed4969069b3a
                                                                • Instruction ID: 90a0daae0aa2ab1596c2dad4ce57ed8c827ff2a741b18dfdd0389072d906a705
                                                                • Opcode Fuzzy Hash: 058d0fae57a1fac61832771fd5daa39ad3cca7b42815fa12eac4ed4969069b3a
                                                                • Instruction Fuzzy Hash: F8816D33F08B8686EB209B15A860ABA63A0FB84B94F544235DE7E477D9DF3CE455C700
                                                                Function 00007FFDFF1DDF70 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 98threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$String$DeallocFreeFromObject_U_object@@$BuildErr_ErrorInfoSizeValue_
                                                                • String ID: (OOiO)$The Python object is invalid
                                                                • API String ID: 729624849-2415557319
                                                                • Opcode ID: a22c8474ba4c7ab960ee332990c09766132ae31f3a8e06d4592c613be00be521
                                                                • Instruction ID: 7f205065d9c99da66f55572998ac408dd99896b8bf566837d790fc0dec3945ce
                                                                • Opcode Fuzzy Hash: a22c8474ba4c7ab960ee332990c09766132ae31f3a8e06d4592c613be00be521
                                                                • Instruction Fuzzy Hash: 13412937F09B4682EB149B15F96486E63A0FB84B91B484232DE7E43BA8DF3DE445C740
                                                                Function 00007FFDFF1A6F70 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 97threadregistryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_DragDropFormatInstanceOccurredParseRegisterSizeStringTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$OO:RegisterDragDrop$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 954019493-3968654099
                                                                • Opcode ID: df99915f5a122e5b3d53fd55d83de75f30804f1991ac0f22aaa903ad046a677c
                                                                • Instruction ID: a7f620005d2dc8072a92da88246061216b7b96eb9f7ce7d305e73785be03198e
                                                                • Opcode Fuzzy Hash: df99915f5a122e5b3d53fd55d83de75f30804f1991ac0f22aaa903ad046a677c
                                                                • Instruction Fuzzy Hash: 3B412A67F08A4681EB449F26E96097963A0FF88FD4B444636CA3D876ACDF3CE459C300
                                                                Function 00007FFDFF19EFC0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 97threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_ClassD@@@FormatInstanceOccurredParseSizeStringTuple_U_object@@Write
                                                                • String ID: None is not a valid interface object in this context$OO:WriteClassStg$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 1358413149-429450871
                                                                • Opcode ID: 96611871dbb8fd3adfae23bf34802649f87d43ba9b6e37e115041618b3983378
                                                                • Instruction ID: bdaf2073691b268123275f3cfd82ddcf699ce7b2a07d2d4e5c60c8de2f8cb5f0
                                                                • Opcode Fuzzy Hash: 96611871dbb8fd3adfae23bf34802649f87d43ba9b6e37e115041618b3983378
                                                                • Instruction Fuzzy Hash: 06410963F08A4691EB149F16E860D7923A6FF88B88B584236D97E476ECDF3DE445C340
                                                                Function 00007FFDFF19EE40 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 90threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$Object_RestoreSave$Arg_ClassD@@@FormatFromInstanceOccurredParseReadSizeStringTuple_U_object@@
                                                                • String ID: None is not a valid interface object in this context$O:ReadClassStg$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 72067920-3344628465
                                                                • Opcode ID: 7c146989267ff4c8fe2ec01142228f7555b636d68ad2c7e00920c60eecfa9c72
                                                                • Instruction ID: d9c835b3d89b62ca5324da1fc2d9a1f0f094c4f3ce7266222d6b41477a0d5fa6
                                                                • Opcode Fuzzy Hash: 7c146989267ff4c8fe2ec01142228f7555b636d68ad2c7e00920c60eecfa9c72
                                                                • Instruction Fuzzy Hash: 3B411027F08A4791EB249F16E86497963A1BF88B88B544236D93E472ECDF7CE404D350
                                                                Function 00007FFDFF1E3C90 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetLBound.OLEAUT32 ref: 00007FFDFF1E3CB3
                                                                • SafeArrayGetUBound.OLEAUT32 ref: 00007FFDFF1E3CE7
                                                                • SafeArrayAccessData.OLEAUT32 ref: 00007FFDFF1E3D13
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194C65
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194CA8
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194CB6
                                                                  • Part of subcall function 00007FFDFF194C20: GetErrorInfo.OLEAUT32 ref: 00007FFDFF194CC6
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194CD1
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194CF4
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194D11
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194D42
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194D5F
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_SaveThread.PYTHON312 ref: 00007FFDFF194D91
                                                                  • Part of subcall function 00007FFDFF194C20: PyEval_RestoreThread.PYTHON312 ref: 00007FFDFF194DAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$ArraySafe$Bound$AccessDataErrorInfo
                                                                • String ID: buffer size is not what we created!
                                                                • API String ID: 1152450045-976286230
                                                                • Opcode ID: 5ed4c2d8706cc8575e86e4b28ee271731a827c08e9f00ef72904949240f7da80
                                                                • Instruction ID: 98aba4972b6657a581f6a270b7d962772bdf2e8e62da19d00b804d08db2d9750
                                                                • Opcode Fuzzy Hash: 5ed4c2d8706cc8575e86e4b28ee271731a827c08e9f00ef72904949240f7da80
                                                                • Instruction Fuzzy Hash: 14516B23F0DA8286EB648B25E964B7967A0FB84B84F444235DA7E53A9CDF3CF445C700
                                                                Function 00007FFDFF196DD4 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 129COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$Err_Object_Release$ClearDealloc$CallD@@@EnsureFromInstanceLongLong_Method_SizeStringU_object@@
                                                                • String ID: _QueryInterface_
                                                                • API String ID: 3152460007-3493039714
                                                                • Opcode ID: 18e0d48de7e9e1586452ce2b75a65a43188d7690c40fb246e10b4b3fd53813e6
                                                                • Instruction ID: aa1a66945a388fdeeb10ccb6bdafcf52da3061489b384e75d2e1a38cd31613e7
                                                                • Opcode Fuzzy Hash: 18e0d48de7e9e1586452ce2b75a65a43188d7690c40fb246e10b4b3fd53813e6
                                                                • Instruction Fuzzy Hash: 5051D827F08A4681EB649F26E964A6963A0FF44BD8F044635CE7D477A8DF3CE459C340
                                                                Function 00007FFDFF1D4EE0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 114COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$OccurredState_$EnsureFromLongLong_ReleaseSequence_StringTuple@@Tuple_U_object@@Unsigned
                                                                • String ID: (O)$ReadMultiple$Sequence not of required length$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 593918470-667573635
                                                                • Opcode ID: c23708580db3e7f1500e10a279324836e03f1bd41f02ce9fa93a9a4f940ceb8c
                                                                • Instruction ID: 1b7292ce5c158d227bde66d42a824773aac5ff368c9e5445fcdbb234d1ef6c29
                                                                • Opcode Fuzzy Hash: c23708580db3e7f1500e10a279324836e03f1bd41f02ce9fa93a9a4f940ceb8c
                                                                • Instruction Fuzzy Hash: 84412823F19B4281EB149B25A8749BD63A0BF85B94F455231ED3E472E8DF3DE445C380
                                                                Function 00007FFDFF1CC020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: BufferDeallocErr_State_View@@$EnsureFromObject_OccurredR@@@ReleaseStringU_object@@U_object@@_
                                                                • String ID: PyGLockBytes::ReadAt: returned data longer than requested$Read$ReadAt$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 1961306747-118216524
                                                                • Opcode ID: 4503fe2b7a35d6ee2f5c1669e78ad8efa709640129a4bda7ab34b6cdae722426
                                                                • Instruction ID: 7467c66ada470f8c56f662e1fe96d8add0371787492b9df2b04b4b0fb5dd47a5
                                                                • Opcode Fuzzy Hash: 4503fe2b7a35d6ee2f5c1669e78ad8efa709640129a4bda7ab34b6cdae722426
                                                                • Instruction Fuzzy Hash: 34414E77F18B8281EB608F15E864BAA63A1FB85B94F444235DA7E476D8DF3CE445C700
                                                                Function 00007FFDFF194F40 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FFDFF1953D0: FormatMessageW.KERNEL32 ref: 00007FFDFF195405
                                                                • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES312 ref: 00007FFDFF194F80
                                                                • PyLong_FromLong.PYTHON312 ref: 00007FFDFF194F90
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195158
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195167
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195176
                                                                  • Part of subcall function 00007FFDFF195100: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951A2
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951BA
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951CE
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951E2
                                                                • _Py_BuildValue_SizeT.PYTHON312 ref: 00007FFDFF194FBE
                                                                • _Py_BuildValue_SizeT.PYTHON312 ref: 00007FFDFF194FF8
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF19500A
                                                                • SysFreeString.OLEAUT32 ref: 00007FFDFF195025
                                                                • SysFreeString.OLEAUT32 ref: 00007FFDFF19503C
                                                                • SysFreeString.OLEAUT32 ref: 00007FFDFF195053
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF195072
                                                                • PyErr_SetObject.PYTHON312 ref: 00007FFDFF195085
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF1950A1
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF1950BE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$From$Object_U_object@@$Bstr@@BuildFreeSizeStringValue_$Err_FormatLongLong_MessageObject
                                                                • String ID: iOOO$iOzO
                                                                • API String ID: 1545846577-2418243828
                                                                • Opcode ID: 0053d52bd796dab70f18e53c474a80e80f286fe785d68c0eaec1d6a48ba77859
                                                                • Instruction ID: 08228b373888fb3ac21df8282dd510cea134bda7dce43104ab7346cadfd56a12
                                                                • Opcode Fuzzy Hash: 0053d52bd796dab70f18e53c474a80e80f286fe785d68c0eaec1d6a48ba77859
                                                                • Instruction Fuzzy Hash: FB410A22F19A4281EB649F21E864B7963A0BF84F98F085635CA7E577D8DF3DE505C380
                                                                Function 00007FFDFF1A6D80 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 90threadcomclipboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_$RestoreSave$Arg_ClipboardCurrentFormatInstanceObject_OccurredParseSizeStringTuple_
                                                                • String ID: None is not a valid interface object in this context$O:OleIsCurrentClipboard$The Python object is NULL and no error occurred$argument is not a COM object (got type=%s)
                                                                • API String ID: 676878508-2712744048
                                                                • Opcode ID: ef1cb5496d4b8ff92e4bafdc149b0b33f98326475d5192c23cac93d9e25db3be
                                                                • Instruction ID: 7d58067bca23ddd48053d057a1eac01d58311cdbf6dffd6ee755359f4d726ee1
                                                                • Opcode Fuzzy Hash: ef1cb5496d4b8ff92e4bafdc149b0b33f98326475d5192c23cac93d9e25db3be
                                                                • Instruction Fuzzy Hash: 2A41FF67F08A4281EB44DB26E9649B963A1FF88FC4B545236DA7D876ACDF3CE454C300
                                                                Function 00007FF704C015A0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                • API String ID: 2050909247-1550345328
                                                                • Opcode ID: 902a43a9e08bc8406cfdc622bbc3b82be2e72510b6312350adb95ebc870ef9ed
                                                                • Instruction ID: e4750d3b416986f0cb22e2014ac99d66f33c22ec2828447e67fe7b6aad1e6899
                                                                • Opcode Fuzzy Hash: 902a43a9e08bc8406cfdc622bbc3b82be2e72510b6312350adb95ebc870ef9ed
                                                                • Instruction Fuzzy Hash: 8E517B61B08642A2EA10BF16ED841BBE360BF45B94FC84133EE1D87696EF7DE5548360
                                                                Function 00007FF704C06A50 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF704C07AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF704C031F4,00000000,00007FF704C01905), ref: 00007FF704C07AD9
                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF704C06F77,?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06AAC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                • API String ID: 2001182103-930877121
                                                                • Opcode ID: 8c239dbefb98de1cddf91b082b346a8911d232c60a34181fbcee084c31fe23d2
                                                                • Instruction ID: 950869fd5b502cea6a94961ff40d80729c3b9fac2bd92ffecfcbf20fb55f48f3
                                                                • Opcode Fuzzy Hash: 8c239dbefb98de1cddf91b082b346a8911d232c60a34181fbcee084c31fe23d2
                                                                • Instruction Fuzzy Hash: C641A120B28642A1FA60FF26DDD92BBE251EF84780FC40433E64EC2695EF7CE5148720
                                                                Function 00007FFDFF1C9DD0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 105threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Dealloc$ErrorInfoRestoreSaveState_$CreateEnsureInstanceObject_Release
                                                                • String ID: Clone
                                                                • API String ID: 1840915814-766296796
                                                                • Opcode ID: 678d4ad9f145e7256d3009b7b3e59eb79e93e2eb6ac68a786d176c823a4d00f9
                                                                • Instruction ID: 94f7242c0822d191d14d7103c7a270a67104756e35d75f5a083eb29c25671c01
                                                                • Opcode Fuzzy Hash: 678d4ad9f145e7256d3009b7b3e59eb79e93e2eb6ac68a786d176c823a4d00f9
                                                                • Instruction Fuzzy Hash: 8E410C37F08A4682EB049F6AD8649A96761FF88F95B554131DA3E437A8DF3DE849C300
                                                                Function 00007FFDFF1ABF90 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                • String ID: Save$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 643398647-2418897439
                                                                • Opcode ID: c442516484c434d765099763e56866a87bb8349600a8dfa77c4a13082f8bd9f7
                                                                • Instruction ID: 0a68f10fe84529d5f1dd36e7e9316908c09dff03a22f78a1ea7e9daa05b1dd07
                                                                • Opcode Fuzzy Hash: c442516484c434d765099763e56866a87bb8349600a8dfa77c4a13082f8bd9f7
                                                                • Instruction Fuzzy Hash: 1F414A62F18A8281EB549B26E864A39A3A1BF44F95F444235DA7E477DDEF3CE409C300
                                                                Function 00007FFDFF1ABF80 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_Object_State_$ClearD@@@Dict_EnsureFromItemReleaseStringSubclassU_object@@
                                                                • String ID: Load$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 643398647-1545106082
                                                                • Opcode ID: 550536779595514fdc56126a7e8f1009526ebd6ed78e9b21cad0909464cbaf1c
                                                                • Instruction ID: f25ebcea3dc0a9074f1ae387d052e01a6b8d98ce5ff45e7485642a6b54c873d0
                                                                • Opcode Fuzzy Hash: 550536779595514fdc56126a7e8f1009526ebd6ed78e9b21cad0909464cbaf1c
                                                                • Instruction Fuzzy Hash: C9412A63F08A8681EB549B25E868A7923A1FF44F94F844235DA7E477DDEF2CE409C700
                                                                Function 00007FFDFF1E4F30 Relevance: 22.7, APIs: 15, Instructions: 225COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Tuple_$Dealloc$ItemSize$BuildCallClearDict_Err_Eval_KeywordsObjectValue_With
                                                                • String ID:
                                                                • API String ID: 2998962722-0
                                                                • Opcode ID: e5857b9d1bd95a8daedcca510288875efb72c2b8f592b07c6e562301b4b36457
                                                                • Instruction ID: 49c8a954a7b41d2a2a75ef7aebc7b07ac5483eb040ec4026d18886999be0a37b
                                                                • Opcode Fuzzy Hash: e5857b9d1bd95a8daedcca510288875efb72c2b8f592b07c6e562301b4b36457
                                                                • Instruction Fuzzy Hash: 98915677F09B4282EB148B15A964AAA63A5BB88BD0F459235DA7E437DCDF3CF404C300
                                                                Function 00007FFDFF1C8020 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 126threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_SizeThreadTuple_$Arg_BuildDeallocErr_FreeFromObject_ParseRestoreSaveStringTaskU_object@@Value_
                                                                • String ID: NkH$The Python object is invalid$|l:Next
                                                                • API String ID: 4021253185-1653399008
                                                                • Opcode ID: 2881c833240ca2c4631d1c7f9509af4d6c51d7ce2905822a6c527f0e0616f272
                                                                • Instruction ID: 887c0d2b3a42974827a7ae03ae14981d6c06d401258b4a64d89ab5125bfaa99c
                                                                • Opcode Fuzzy Hash: 2881c833240ca2c4631d1c7f9509af4d6c51d7ce2905822a6c527f0e0616f272
                                                                • Instruction Fuzzy Hash: 7D517973F08A4686EB109B12A964AB963A2FF84BA4F454235DE7D077D8DF3CE145C704
                                                                Function 00007FFDFF1B1FE0 Relevance: 21.1, APIs: 14, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • PyDict_New.PYTHON312(?,?,00000000,00007FFDFF1B25B4,?,?,?,?,00007FFDFF1B371B,?,?,?,?,00000000,00007FFDFF19CB4A), ref: 00007FFDFF1B201C
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dict_
                                                                • String ID:
                                                                • API String ID: 3613996275-0
                                                                • Opcode ID: fe69019f4b5138d295ab5a68352a58bfc867bfc086152cfcc091e6f572a5ffa9
                                                                • Instruction ID: 04c5359704364d97be58766876619dbfd5339bb3bb30771b74cc17cd14986817
                                                                • Opcode Fuzzy Hash: fe69019f4b5138d295ab5a68352a58bfc867bfc086152cfcc091e6f572a5ffa9
                                                                • Instruction Fuzzy Hash: 85412C22F0AA8281EF558B16A974B3963A0AF49BD0F445234DE3E867DCEF2DE445C700
                                                                Function 00007FFDFF1BFE20 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 99threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_Eval_ParseSizeStringThreadTuple_$DeallocReferenceRestoreSave
                                                                • String ID: HOiii:FORMATETC$O:GetData$The Python object is invalid$td must be None
                                                                • API String ID: 3569473890-4090492480
                                                                • Opcode ID: c5090ae219da982ebfdc0bafd626d42449b0b028cd63e71cdb9cfea1beb6708e
                                                                • Instruction ID: 079c55a4409cc02a3f3419e7dd6bf876ce2ab73c2a9d9d57b9527217339ad17d
                                                                • Opcode Fuzzy Hash: c5090ae219da982ebfdc0bafd626d42449b0b028cd63e71cdb9cfea1beb6708e
                                                                • Instruction Fuzzy Hash: 20416023F08B8691EB119B65E960AB963A4FB84B94F444236CA7D437D8EF3CE495C340
                                                                Function 00007FFDFF1BFFB0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 95threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Arg_Err_Eval_ParseSizeStringThreadTuple_$DeallocReferenceRestoreSavemalloc
                                                                • String ID: HOiii:FORMATETC$O:GetDataHere$The Python object is invalid$td must be None
                                                                • API String ID: 582056281-977131618
                                                                • Opcode ID: c16103300f1bc4d1cd2ea91183173eabfecc9fa975f82f00714f5506fd789338
                                                                • Instruction ID: fbca75cd0b7f7ca8b055e85565e125e11528054b265380b21f756557216dfb1f
                                                                • Opcode Fuzzy Hash: c16103300f1bc4d1cd2ea91183173eabfecc9fa975f82f00714f5506fd789338
                                                                • Instruction Fuzzy Hash: 9E414433F08B8681EB50CB55E850AAA63A5FB84B80F544236DABD43BACDF3CE545C740
                                                                Function 00007FFDFF19BFA0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Bstr@@$AutoFreeWin_$Arg_Bstr@Err_Object_ParseSizeStringTuple_U_object@@
                                                                • String ID: Ol:GetDispId$The Python object is invalid
                                                                • API String ID: 1902340684-3783935646
                                                                • Opcode ID: 7adcad730601ae9e4de90ec5832621739d05758b2e1adbf24dd11ac884dfd83e
                                                                • Instruction ID: aabf0c0e65f9a8c0530dc434e1706e6af89099a625504cc351c18b06fade6319
                                                                • Opcode Fuzzy Hash: 7adcad730601ae9e4de90ec5832621739d05758b2e1adbf24dd11ac884dfd83e
                                                                • Instruction Fuzzy Hash: 26312627F08A4692EB20DF16E8609696361FB84BC4F484636DABE477ACDF2CE545C740
                                                                Function 00007FFDFF198020 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Tuple_$ClearErr_Item$Dealloc$DoubleFromLong_
                                                                • String ID: Failed to setup call into Python gateway
                                                                • API String ID: 2185770650-960706223
                                                                • Opcode ID: 32f00a581bb9d2b2baccb0ef246efad7a4e36932abbfcebcfcef3755ac39d7fd
                                                                • Instruction ID: 24397f3cfc413b78fb78a28299479c91653cea6f9406869304008e81ca6364a9
                                                                • Opcode Fuzzy Hash: 32f00a581bb9d2b2baccb0ef246efad7a4e36932abbfcebcfcef3755ac39d7fd
                                                                • Instruction Fuzzy Hash: 6E517E23F08A0686EB248F25A8649796391FB84B68F950335DA7E533D8DF3DE446C344
                                                                Function 00007FFDFF1C5E60 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_SizeThread$Arg_BuildDeallocErr_List_ParseRestoreSaveStringTuple_Value_memset
                                                                • String ID: Hziii$The Python object is invalid$|l:Next
                                                                • API String ID: 3095678360-1002550370
                                                                • Opcode ID: b64d42153928d964b6902570e769103863026afa126e11832244f4da66f4e658
                                                                • Instruction ID: 1056600949ac310c33c7e69ce085eb3fc02940ed6ff7c051feffedfeaa40216f
                                                                • Opcode Fuzzy Hash: b64d42153928d964b6902570e769103863026afa126e11832244f4da66f4e658
                                                                • Instruction Fuzzy Hash: 68414E76F0878282EB549B25A5649B9A3A2AF84FD0F440235EA7E47BDCDF3CE440C740
                                                                Function 00007FFDFF1C0E10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$BuildEnsureErr_OccurredReleaseSizeValue_
                                                                • String ID: (O)$GetData$Hziii$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 3440850012-735367811
                                                                • Opcode ID: 2b904bd259fc4c2772f441bcba5386f0dc1b9ec7aa9e4d7afb3a568509240ce0
                                                                • Instruction ID: 25ae83900dc26ee72f0ab6d3025617930a3d9f8d2fa2e43d07ca54afd6b93c9e
                                                                • Opcode Fuzzy Hash: 2b904bd259fc4c2772f441bcba5386f0dc1b9ec7aa9e4d7afb3a568509240ce0
                                                                • Instruction Fuzzy Hash: DA416323F08B4286EB148F65E8649B963A1FB49B84F444235EA7E877D8DF3CE544C740
                                                                Function 00007FFDFF1C0FB0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_OccurredState_$BuildEnsureReleaseSizeValue_
                                                                • String ID: (O)$GetDataHere$Hziii$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 550266369-215289106
                                                                • Opcode ID: 344525860a8efdee3a6b5236a9cf78e77d2f3824cee062aad269b054e0bb97e6
                                                                • Instruction ID: 820e5a4eb6cb711cc5873a9d2fc7c2f723b10db12ce4e3fa51daf7d80d2fc521
                                                                • Opcode Fuzzy Hash: 344525860a8efdee3a6b5236a9cf78e77d2f3824cee062aad269b054e0bb97e6
                                                                • Instruction Fuzzy Hash: C2416023F08B4281FB108F65E8609B963A0FF89B88B455235EA7E57398EF3CE544C340
                                                                Function 00007FFDFF1B9FE0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 109threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_Object_StringThread$Arg_FreeParseRestoreSaveSizeTuple_U_object@@
                                                                • String ID: AuthInfo is not yet supported$OkkOkkOk:SetBlanket$The Python object is invalid
                                                                • API String ID: 883594773-389163502
                                                                • Opcode ID: 59ae22d1a949c2def6ced4da163c90e10ea84dc5262639da2de64cc37d63748e
                                                                • Instruction ID: 98fe5a56c1f122968980775c66966f04f63480fa454aac4516c8e7369733b388
                                                                • Opcode Fuzzy Hash: 59ae22d1a949c2def6ced4da163c90e10ea84dc5262639da2de64cc37d63748e
                                                                • Instruction Fuzzy Hash: C151DB76B08B8681DB60CB55F560B6A73A1FB84794F404236DABD43BA8DF3CE549CB00
                                                                Function 00007FFDFF1C2D90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocState_$BuildEnsureErr_LongLong_OccurredReleaseSizeValue_
                                                                • String ID: DragOver$Unexpected exception in gateway method '%hs'$lOl
                                                                • API String ID: 912051648-1809170965
                                                                • Opcode ID: 05a748f80d474e03116386117d2cb14ee0bfb7bc17e63ec019895afe36e413e8
                                                                • Instruction ID: fa0f41b144337789fd172bde817a5ed4030b31b841af388eaff5473ed1ec7ace
                                                                • Opcode Fuzzy Hash: 05a748f80d474e03116386117d2cb14ee0bfb7bc17e63ec019895afe36e413e8
                                                                • Instruction Fuzzy Hash: 47317037F0978286EB109F16A864AA963A0FB49B94F444239DE7D437D8EF7CE449C700
                                                                Function 00007FFDFF1DDE40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 77threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$BuildD@@@DeallocErr_ErrorFromInfoObject_SizeStringU_object@@Value_
                                                                • String ID: Oiiiii$The Python object is invalid
                                                                • API String ID: 2432357615-2154538676
                                                                • Opcode ID: 61e9d7fe68099b65099f7bcf6628007266a0a512cb8bc64397bc840ad2f25c4f
                                                                • Instruction ID: 54f6ff9fca74264ba230fb59cf2df33ffd96052dfeeb18496b803d0cdfe84e28
                                                                • Opcode Fuzzy Hash: 61e9d7fe68099b65099f7bcf6628007266a0a512cb8bc64397bc840ad2f25c4f
                                                                • Instruction Fuzzy Hash: 6D313B76F09B4A82DB549F12E924869B3A1FB44BC0B444236DE7E13B98DF7CE445C700
                                                                Function 00007FFDFF1CBED0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python object is invalid$i:Stat
                                                                • API String ID: 1450464846-3320208998
                                                                • Opcode ID: 98bf498854c997b4b816059b26036fcf2db6e44359658e2718f88e87d9bc8bc7
                                                                • Instruction ID: 72d0cdc35a81f7e745e6ba282a2ba95c698a6c7082af7f1f10a88221b5e86b36
                                                                • Opcode Fuzzy Hash: 98bf498854c997b4b816059b26036fcf2db6e44359658e2718f88e87d9bc8bc7
                                                                • Instruction Fuzzy Hash: 42311E26F09A9281EB64DB25E934BB963A1BF44B80F444632D97E877ECDF2CE505C700
                                                                Function 00007FFDFF1E2CCF Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • The type does not declare a PyCom constructor, xrefs: 00007FFDFF1E2D55
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1E2D23
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1E2D40
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ClearErr_Object_$D@@@DeallocDict_FromItemStringSubclassU_object@@Variant
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 592232323-49823770
                                                                • Opcode ID: cdda7d173e3e8aebcbefa94798602c3c27f3f45f6b823e39a1e567718177ecdf
                                                                • Instruction ID: d94c090bf61b56f6c9e5248a40ff122428019bfaded3bc47c158c4201649b783
                                                                • Opcode Fuzzy Hash: cdda7d173e3e8aebcbefa94798602c3c27f3f45f6b823e39a1e567718177ecdf
                                                                • Instruction Fuzzy Hash: A321F427F09A9681EB259B16E874A7823A0BF48B94F484235CA7E477ECDF6CF545D300
                                                                Function 00007FFDFF1E2DAA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • The type does not declare a PyCom constructor, xrefs: 00007FFDFF1E2D55
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1E2D23
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1E2D40
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Object_$ClearD@@@DeallocDict_Err_FromItemStringSubclassU_object@@Variant
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 4055360134-49823770
                                                                • Opcode ID: 5ba1b7daed0b95a0f2ba8a80e6d7a1391fc012038c9f3dd57f8ad92bdfdb6d6e
                                                                • Instruction ID: dd73c82f6656f1c402a2d089fac8594f8ec2ce1f5df7fbcff23c8a9ffa53c929
                                                                • Opcode Fuzzy Hash: 5ba1b7daed0b95a0f2ba8a80e6d7a1391fc012038c9f3dd57f8ad92bdfdb6d6e
                                                                • Instruction Fuzzy Hash: A5210527F08A8680EB249B16E874AB82361BB48B84F444236C93E476ECDF6CF544D300
                                                                Function 00007FFDFF1D3D90 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 117threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadTuple_$Arg_ClearErr_FreeObject_ParsePropRestoreSaveSizeStringVariantfree
                                                                • String ID: O:ReadMultiple$The Python object is invalid
                                                                • API String ID: 1616768150-3093747771
                                                                • Opcode ID: b0ee19f04cd1c61e94cb3e43d8d1f0ae5c32fb5ea8cb7e2416148fe3033be0fa
                                                                • Instruction ID: 78326049f7db546a62567adc3838625e8b52c372638f7cff328c1846206978a8
                                                                • Opcode Fuzzy Hash: b0ee19f04cd1c61e94cb3e43d8d1f0ae5c32fb5ea8cb7e2416148fe3033be0fa
                                                                • Instruction Fuzzy Hash: 73514B33F18B8282EB54DB56A86096EA3A1FB84B90F444235DA7E53BD8DF7CE445C740
                                                                Function 00007FFDFF1DCF90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 109threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Err_RestoreSaveString
                                                                • String ID: The Python object is invalid
                                                                • API String ID: 695671107-2445808733
                                                                • Opcode ID: e2d23a2bb8df7f0501f46bb530293294ee2ca301a478d6e18951f6bc9075d349
                                                                • Instruction ID: 78dbfeb0af22df47495928d5efcc096b9b5f5104db86a2781861afe236712247
                                                                • Opcode Fuzzy Hash: e2d23a2bb8df7f0501f46bb530293294ee2ca301a478d6e18951f6bc9075d349
                                                                • Instruction Fuzzy Hash: E5510777B09A5186D794CF26E55096C73B0FB48B84B145236DB6D83B98EF3CE4A1C700
                                                                Function 00007FFDFF1B6F40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 90COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$Arg_EnsureErr_OccurredParse_ReleaseSize
                                                                • String ID: <unknown>$Clone$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 2532563894-160319612
                                                                • Opcode ID: 554862d6207c9de2c1b9be3f4edb8a0bc1a89008d35489e176d625ccdeaaef36
                                                                • Instruction ID: d792c86d69030a3e21c2b518534bd0db3dde2af2cd26586ec7ab451275638d4d
                                                                • Opcode Fuzzy Hash: 554862d6207c9de2c1b9be3f4edb8a0bc1a89008d35489e176d625ccdeaaef36
                                                                • Instruction Fuzzy Hash: A6313222F08B4781EB509B15E970AB96360BF49B94F444236DA7D476EDDF2DE509C340
                                                                Function 00007FFDFF1B6DF0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_OccurredState_$Arg_DeallocEnsureParse_ReleaseSize
                                                                • String ID: <unknown>$Stat$Unexpected exception in gateway method '%hs'
                                                                • API String ID: 1017089864-2095743813
                                                                • Opcode ID: e4078aae8f472a8fa1b29253f2d12f036ea12510ac0d87220ecbf4cc0fa9fbda
                                                                • Instruction ID: 4eb704d2fc4f39b82d4b2f95310cbe07e48aa80089db38a49ac38e2f5a819d3a
                                                                • Opcode Fuzzy Hash: e4078aae8f472a8fa1b29253f2d12f036ea12510ac0d87220ecbf4cc0fa9fbda
                                                                • Instruction Fuzzy Hash: C5316D23F08A4781EB549F26A8749B963A0BF49B94F444235EE7E876D8EF3CE005C340
                                                                Function 00007FFDFF1BCFC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Threadfree$Arg_ClearErr_ParseRestoreSaveSizeStringTuple_Variant
                                                                • String ID: The Python object is invalid$iO:AddFuncDesc
                                                                • API String ID: 2802101502-3613198281
                                                                • Opcode ID: 3da3523aabc99fd82de6d2b3fabb5ee55850a86d0eb88de3155a13ec74a15e26
                                                                • Instruction ID: 4d48a22fe35deebb93c1a6e78178cf84c2bdee466ed0949ce24003d98534dfe7
                                                                • Opcode Fuzzy Hash: 3da3523aabc99fd82de6d2b3fabb5ee55850a86d0eb88de3155a13ec74a15e26
                                                                • Instruction Fuzzy Hash: B7311867B08B46C1EB589F16E9609A97360FB84BC0F484236DA7E47798DF3DE442C740
                                                                Function 00007FFDFF1C6EA0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_State_$D@@@DeallocEnsureFormatObject_OccurredReleaseSequence_TupleU_object@@memset
                                                                • String ID: Next$Received %d items , but only %d items requested
                                                                • API String ID: 1415205953-38368155
                                                                • Opcode ID: 5e8090abda9d99de8eba38d6d7ca097b2406a66d93f1e10f4803d8754a3b30c4
                                                                • Instruction ID: ae2c0991cd206d814626ce1036ef6a7cfe47100ff8183855c4dae45bd6231538
                                                                • Opcode Fuzzy Hash: 5e8090abda9d99de8eba38d6d7ca097b2406a66d93f1e10f4803d8754a3b30c4
                                                                • Instruction Fuzzy Hash: B9316237F18A1682EB14DF26A8649A967A1FB84B84F414631DE7D836D8EF3CF405C740
                                                                Function 00007FFDFF1DA040 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: O:DestroyElement$The Python object is invalid
                                                                • API String ID: 1450464846-3564787880
                                                                • Opcode ID: 86f7623ad80d1b70ec385cc675e6b10fdc1c4e465418957eef957e95e50e9caa
                                                                • Instruction ID: 3c362018531da9299933cc3a4dce826e8fdbc965bc4d842fdbeba0ca90052025
                                                                • Opcode Fuzzy Hash: 86f7623ad80d1b70ec385cc675e6b10fdc1c4e465418957eef957e95e50e9caa
                                                                • Instruction Fuzzy Hash: B5312C67F08B8681EB50DB56F96096A63A0FB88BD4B444232DE7E437ADDF6CE444C740
                                                                Function 00007FFDFF1D2E9C Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • The type does not declare a PyCom constructor, xrefs: 00007FFDFF1D2F49
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1D2F00
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1D2F34
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$ClearD@@@DeallocDict_FromItemObject_StringU_object@@
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 1220624143-49823770
                                                                • Opcode ID: 86653811a31f9f751365bed8a44e6793217512adf8bbc58a8682d1af57e14bea
                                                                • Instruction ID: caf4193d648ddc7787ff9328b1726e27bc309dab800e59c51c356c12a329aa07
                                                                • Opcode Fuzzy Hash: 86653811a31f9f751365bed8a44e6793217512adf8bbc58a8682d1af57e14bea
                                                                • Instruction Fuzzy Hash: F621C722F09B8681EB599B16E960A7C63A1BF49B84B944636CA3E477DCDF6CF405C300
                                                                Function 00007FFDFF1E0E41 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • The type does not declare a PyCom constructor, xrefs: 00007FFDFF1E0F37
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1E0F0F
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1E0EA2
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Object_$D@@@DeallocDict_Err_FromItemStringSubclassU_object@@
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                • API String ID: 3263611697-49823770
                                                                • Opcode ID: 32271dc9f013cd54dfcdd218572c74e4d65443e9a3685624f022af108e227be9
                                                                • Instruction ID: 8bbb61353908cc5ff9fbac9a08038250bbc98e09f53881d4543b893aebfe6958
                                                                • Opcode Fuzzy Hash: 32271dc9f013cd54dfcdd218572c74e4d65443e9a3685624f022af108e227be9
                                                                • Instruction Fuzzy Hash: C021A566F0DA4686EB589B16E9709B863A1BF44B84B484231DE3E477ECEF2CF515C300
                                                                Function 00007FF704C16360 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: -$:$f$p$p
                                                                • API String ID: 3215553584-2013873522
                                                                • Opcode ID: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction ID: ba2a6b3555b91f7e4e1b0cde7098d7f34a186c03e62ded7e6196f2b102ebd06e
                                                                • Opcode Fuzzy Hash: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction Fuzzy Hash: 8F128262B08143A7FB24BE16D99427BE6B1EF42754FC48137D68A477E4DB3CE4908B60
                                                                Function 00007FF704C0F6F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$f$p$p$f
                                                                • API String ID: 3215553584-1325933183
                                                                • Opcode ID: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction ID: 8f3fc297be36ef49c9d3e0fc28976a99b29e7285c48c433dab136f28c5acb5aa
                                                                • Opcode Fuzzy Hash: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction Fuzzy Hash: 33125222A0C157A5FB707E1698986BBF251EF40754FD8413BE689876C4DFBCE5C18B20
                                                                Function 00007FF704C06F20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathW.KERNEL32(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06FC4
                                                                • GetCurrentProcessId.KERNEL32(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C06FCA
                                                                • CreateDirectoryW.KERNEL32(?,00000000,FFFFFFFF,00007FF704C02AA6), ref: 00007FF704C0700C
                                                                  • Part of subcall function 00007FF704C070F0: GetEnvironmentVariableW.KERNEL32(00007FF704C029B0), ref: 00007FF704C07127
                                                                  • Part of subcall function 00007FF704C070F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF704C07149
                                                                  • Part of subcall function 00007FF704C18284: _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C1829D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                • API String ID: 365913792-1339014028
                                                                • Opcode ID: a5410a9a33c0738165309a09f3843d88f4e29e7ae59a9d7489423f02aa7b0406
                                                                • Instruction ID: c46e468be82cd273c4595729e213b6dcaca37e72374b50ee1d79b9e62b1af8a9
                                                                • Opcode Fuzzy Hash: a5410a9a33c0738165309a09f3843d88f4e29e7ae59a9d7489423f02aa7b0406
                                                                • Instruction Fuzzy Hash: 6741A021B1964361EA64FF679DD82BBD251AF45784FC41133ED0D877A6EF3CE5008220
                                                                Function 00007FF704C01030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: 8781d6170cad2be08d3ddb48edaec2f1bc49bd4b17824aef8fdd88576ec4b60b
                                                                • Instruction ID: b03151d47f271da098da31fb97b2a640287b43982f595b15711d9251ec18f260
                                                                • Opcode Fuzzy Hash: 8781d6170cad2be08d3ddb48edaec2f1bc49bd4b17824aef8fdd88576ec4b60b
                                                                • Instruction Fuzzy Hash: 09418F25A08642A2EA18BF13AD842BBE3A1BF05BC4FC84433ED4D87792DF7DE1048350
                                                                Function 00007FF704C072A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                • String ID: CreateProcessW$Failed to create child process!
                                                                • API String ID: 2895956056-699529898
                                                                • Opcode ID: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction ID: 23d45222ab4f2b0813a48f1ab98516d4fd553f76951033210846fa97759b2722
                                                                • Opcode Fuzzy Hash: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction Fuzzy Hash: 76413331A0878291EA20AF65E8852AFF3A0FF89364F900736E6AD477D5DF7CD0448B50
                                                                Function 00007FFDFF1DCE60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$StringTuple_$Err_ErrorFreeFromInfoItemObject_U_object@@
                                                                • String ID: The Python object is invalid
                                                                • API String ID: 2733690662-2445808733
                                                                • Opcode ID: bb0a81fa1142c79ee449644e618744eec2743a922824860cc741655456d5e8d6
                                                                • Instruction ID: 6fc32e021f361a3aa32bb15760e782c5fc7ecad702b87be63fbb945e57802508
                                                                • Opcode Fuzzy Hash: bb0a81fa1142c79ee449644e618744eec2743a922824860cc741655456d5e8d6
                                                                • Instruction Fuzzy Hash: 54313023F18B4686E764AB11E864A6973A0FB84B81F444636DABE5379CDF3CE506C740
                                                                Function 00007FFDFF1CBDC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: OOi:UnlockRegion$The Python object is invalid
                                                                • API String ID: 2910315080-3240793423
                                                                • Opcode ID: f6ebb5f1967906c07757bb289af74eee51ff87eed160c8c3c5fcc019a45f8a7a
                                                                • Instruction ID: 2f3bb5c2ee1ec208402148d76d055ca85c40677bc7d2205ed4f3b815b1bc8082
                                                                • Opcode Fuzzy Hash: f6ebb5f1967906c07757bb289af74eee51ff87eed160c8c3c5fcc019a45f8a7a
                                                                • Instruction Fuzzy Hash: 64314F67F08B8682EB15DB16E9609AA6361FF84BC4F444232DE7D877A8DF2CE445C740
                                                                Function 00007FFDFF1CEFF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Arg_Err_ErrorFreeInfoMem_Object_ParseSizeStringTuple_U_object@@
                                                                • String ID: O|l:Load$The Python object is invalid
                                                                • API String ID: 3970834760-285620835
                                                                • Opcode ID: b2fba2d36dcf89f2e5887b5795fdf6289a1960e52d34d847c854d6d15a3002b8
                                                                • Instruction ID: a7c3b2a7b7cc256a67d72e9d325c899f267262ae09c30216600a6f7fa19e82bf
                                                                • Opcode Fuzzy Hash: b2fba2d36dcf89f2e5887b5795fdf6289a1960e52d34d847c854d6d15a3002b8
                                                                • Instruction Fuzzy Hash: C1311A27F08B8681EB109F56E9609AA6362FB48FD4B444236DE7E43798CF7DE414C741
                                                                Function 00007FFDFF1DBF40 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_FromParseRestoreSaveSizeStringTuple_
                                                                • String ID: OO:CopyTo$The Python object is invalid
                                                                • API String ID: 1535466833-3963427383
                                                                • Opcode ID: 88fe824926260227f935698c1073988be75cbe76b4b4f91df1a4218e759eb27f
                                                                • Instruction ID: 0f41128f65a610ae62b11feda53603ae18dbb4ec66db42132fae0d02dc82dfbd
                                                                • Opcode Fuzzy Hash: 88fe824926260227f935698c1073988be75cbe76b4b4f91df1a4218e759eb27f
                                                                • Instruction Fuzzy Hash: DC212D27F08B8281EB55CB12F92496AA361FF84BD0B444232DA7E47BACDF2CE545C740
                                                                Function 00007FFDFF1BAE30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 58threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Eval_StringThread$Arg_D@@@FromObject_ParseRestoreSaveSizeTuple_U_object@@
                                                                • String ID: :GetConnectionInterface$The Python object is invalid
                                                                • API String ID: 1196663937-258588504
                                                                • Opcode ID: 6527d4577d78843e64f0849682c05bcbadebf558d834cd7eacfcabd342854f36
                                                                • Instruction ID: a874bad4f74ca69ab730f8ec2f38f92e540024c50c13f74422deac90ac5f299c
                                                                • Opcode Fuzzy Hash: 6527d4577d78843e64f0849682c05bcbadebf558d834cd7eacfcabd342854f36
                                                                • Instruction Fuzzy Hash: 43212B66F18A46C2EB549B16E86497923A1BF48B80B444336DE7E877ECDF2CE404D340
                                                                Function 00007FFDFF1B6C70 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromObject_R@@@State_U_object@@$EnsureRelease
                                                                • String ID: LockRegion$OOi
                                                                • API String ID: 3423895773-417432063
                                                                • Opcode ID: 09b414c2b2f3f0c82c46a5bccad4b47ac643fb128a4c1483ed87ad62fdb08f3d
                                                                • Instruction ID: c61a6ba95b25ed5c5c6badce478b02806559545181c4e293a0f9e4eca9888686
                                                                • Opcode Fuzzy Hash: 09b414c2b2f3f0c82c46a5bccad4b47ac643fb128a4c1483ed87ad62fdb08f3d
                                                                • Instruction Fuzzy Hash: 35111A37F08B52C6E7109F25B86886A73A4FB94B94F044231EEAD02B98DF3CE545C700
                                                                Function 00007FFDFF1D2F74 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1D2F00
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1D2F34
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Object_$D@@@DeallocDict_Err_FromItemStringSubclassU_object@@
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$There is no interface object registered that supports this IID
                                                                • API String ID: 3263611697-2203674046
                                                                • Opcode ID: 5afe13642a5d6dbe387d514d0ca1c68f0ed66cf58900d515816d777b132c53cf
                                                                • Instruction ID: 9ae09e0fd331997d778387b47db596a8be4c640514266ec02ce8164b220af33f
                                                                • Opcode Fuzzy Hash: 5afe13642a5d6dbe387d514d0ca1c68f0ed66cf58900d515816d777b132c53cf
                                                                • Instruction Fuzzy Hash: 1811E427F09A8681EB199B16E96093963B0BF48B84B944636C93E477ECDF6CF405C300
                                                                Function 00007FFDFF1E0EAB Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • There is no interface object registered that supports this IID, xrefs: 00007FFDFF1E0F0F
                                                                • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFDFF1E0EA2
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$ClearD@@@DeallocDict_FromItemObject_StringU_object@@
                                                                • String ID: The Python IID map is invalid - the value is not an interface type object$There is no interface object registered that supports this IID
                                                                • API String ID: 1220624143-2203674046
                                                                • Opcode ID: a51b97966d41a5db99c193137284ff8c9a800c182477b1ca6fb283ba1c6b0638
                                                                • Instruction ID: e1775de3869108120d1f56f7df7081d5e44af4ecb5d179b347c5aee3c6a84c20
                                                                • Opcode Fuzzy Hash: a51b97966d41a5db99c193137284ff8c9a800c182477b1ca6fb283ba1c6b0638
                                                                • Instruction Fuzzy Hash: CB11D266F0DA4682EB589B16E97097823A0BF44B84B484631DE3E477ECDF2CF425C300
                                                                Function 00007FF704C0D0E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction ID: 2f8d337642832ab6c23e1f91b4dcdb213b7081249f6f7ff85865fc8736b72bbe
                                                                • Opcode Fuzzy Hash: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction Fuzzy Hash: F2D1937290874196EB20AFA6D8843AEB7A0FF45798F900236EE4E97755CF38E541C710
                                                                Function 00007FF704C1F08C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF704C1F426,?,?,-00000018,00007FF704C1AD6B,?,?,?,00007FF704C1AC62,?,?,?,00007FF704C1600E), ref: 00007FF704C1F208
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF704C1F426,?,?,-00000018,00007FF704C1AD6B,?,?,?,00007FF704C1AC62,?,?,?,00007FF704C1600E), ref: 00007FF704C1F214
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction ID: c8e47f19d168c663580162f85360d46a456005f81528bb5989edc6203cfd0b43
                                                                • Opcode Fuzzy Hash: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction Fuzzy Hash: 8241F321B18A0262FA15AF17DD80277A3A1BF46B94FD9413BDD0D977A5EF3CE4458320
                                                                Function 00007FFDFF1D4DC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: :Stat$The Python object is invalid
                                                                • API String ID: 1450464846-132720185
                                                                • Opcode ID: 53858d3169bd8625a67cb72817dee668728464b6f5da239828c0a730aaf94101
                                                                • Instruction ID: 6a579ac213355999980be5e9e1ef2178a1835bb5c6315f5f3267b19afc003006
                                                                • Opcode Fuzzy Hash: 53858d3169bd8625a67cb72817dee668728464b6f5da239828c0a730aaf94101
                                                                • Instruction Fuzzy Hash: 09212167F08A8282EB50DB25F56566D63A0BF88B84F800636C97D876DDDF2CE1518600
                                                                Function 00007FFDFF1D1FA0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: O:Delete$The Python object is invalid
                                                                • API String ID: 365812762-1497512779
                                                                • Opcode ID: 9ec5919dfb9126501d44b9e5afbc9c00381cc1ff3ac3004d15a873642eb76432
                                                                • Instruction ID: 9fa5b86b1492a7cb1b9914309275935fd76f8f27f6b6e9839374ca1f043670f2
                                                                • Opcode Fuzzy Hash: 9ec5919dfb9126501d44b9e5afbc9c00381cc1ff3ac3004d15a873642eb76432
                                                                • Instruction Fuzzy Hash: 6D212763F08B4281FB549B16E96096A63A0BB88BD0B840236E97E477ECDF2CE545C640
                                                                Function 00007FFDFF1BDF30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python object is invalid$il:SetVarHelpContext
                                                                • API String ID: 1450464846-517178784
                                                                • Opcode ID: da998391c2ecd0df53a7bb7ed8cc9a2383c6c983efd0f164af3d8b2e47d2973c
                                                                • Instruction ID: 16d7502e727751ccfaee64f4a240a5b547862ffcc0fa4151b1f6f541a62d7ce7
                                                                • Opcode Fuzzy Hash: da998391c2ecd0df53a7bb7ed8cc9a2383c6c983efd0f164af3d8b2e47d2973c
                                                                • Instruction Fuzzy Hash: 6B215E27F08A4681EB589B16F96096963A0FB84BC4B841236DE3D477ACDF2CE482C740
                                                                Function 00007FFDFF1BDE40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python object is invalid$il:SetFuncHelpContext
                                                                • API String ID: 1450464846-1720986224
                                                                • Opcode ID: a97127f08717cb3f5e72e3ecf37b767c08e6a6cf71776958fc8e5587be3c30ed
                                                                • Instruction ID: ed1cde75a76d72db4d35d93558e7d63e1fef8a2e3b471b31ea5f0e597f50df28
                                                                • Opcode Fuzzy Hash: a97127f08717cb3f5e72e3ecf37b767c08e6a6cf71776958fc8e5587be3c30ed
                                                                • Instruction Fuzzy Hash: DB213027F08A4681EB599B56F96096973A0FB48BC0B441232DE7D477ACDF2CE582C740
                                                                Function 00007FFDFF1D4CC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_D@@@Err_Object_ParseRestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: O:SetClass$The Python object is invalid
                                                                • API String ID: 365812762-2760525490
                                                                • Opcode ID: 4ae6449c8b0090eba2d0b107ba38e28d6ee5006841645a4f4ce9972d706b68b5
                                                                • Instruction ID: c2e0f79c61e82dc9ee6d8d77115167419659fb4882432f2c04ecbfa204321ad7
                                                                • Opcode Fuzzy Hash: 4ae6449c8b0090eba2d0b107ba38e28d6ee5006841645a4f4ce9972d706b68b5
                                                                • Instruction Fuzzy Hash: 59212863F08B4281EB50DB16E9A096A63A0BF88BD0B440236D97E477ECDF2CE555C740
                                                                Function 00007FFDFF1BE020 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Bstr@@Err_Object_ParseRestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: The Python object is invalid$iO:SetMops
                                                                • API String ID: 4081882569-2463906735
                                                                • Opcode ID: fdeb355ad894a8e1f7613b376d98e92b0c2395a975246e3d1370458b8eda9138
                                                                • Instruction ID: 3b8400978f8b26f257cb77da5d163890d7104a665f8ba60b11562440154dbe2a
                                                                • Opcode Fuzzy Hash: fdeb355ad894a8e1f7613b376d98e92b0c2395a975246e3d1370458b8eda9138
                                                                • Instruction Fuzzy Hash: 30214C27F08A82C2EB109B16F96096A6370FB84BD4B440232DE7D477ACDF6DE545C740
                                                                Function 00007FFDFF1C1D90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python object is invalid$l:GiveFeedback
                                                                • API String ID: 1450464846-1070563181
                                                                • Opcode ID: b1719af6f969cff23b023e73da287964c059a1256f1581395e6508acfe489f3c
                                                                • Instruction ID: f2e3381903f484773c97fc49970c1a8e3bc5954dbd07f9fd3d4b7109b713141c
                                                                • Opcode Fuzzy Hash: b1719af6f969cff23b023e73da287964c059a1256f1581395e6508acfe489f3c
                                                                • Instruction Fuzzy Hash: 15215327F08A4282EB559B56FA648B923A1FF44BC4B441232CD3E577ACDF2CE491C740
                                                                Function 00007FFDFF1BEC90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: The Python object is invalid$i:SetLibFlags
                                                                • API String ID: 1450464846-2322495625
                                                                • Opcode ID: 8f6b804399cb08b83c359daac96ddcbe68b94e62c2671b493f7054c343faea5c
                                                                • Instruction ID: 4281d2141677b0012506b50412b044595081aa7f18d5508e7d3711dc48c0cb91
                                                                • Opcode Fuzzy Hash: 8f6b804399cb08b83c359daac96ddcbe68b94e62c2671b493f7054c343faea5c
                                                                • Instruction Fuzzy Hash: 04215367F08A4282EB549B56F96486A23A0FF44BC0B441232DE3D477ECDF2CE491C340
                                                                Function 00007FFDFF194010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60threadmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorEval_InfoStringThread$AllocCreateFreeRestoreSave
                                                                • String ID: Next() did not return a sequence of objects
                                                                • API String ID: 607810321-4290923070
                                                                • Opcode ID: cce794c99121eb738420cdbd4ea51d7e0a0e53eef11bb0d9f23b805481b00248
                                                                • Instruction ID: 3418d4c7dc85e07bd8efc76f61eeeae2f0953d9a91dbb441861b74246a075435
                                                                • Opcode Fuzzy Hash: cce794c99121eb738420cdbd4ea51d7e0a0e53eef11bb0d9f23b805481b00248
                                                                • Instruction Fuzzy Hash: ED21F837B08A42C2DB509F26E86446DA760FB88FD5B148132EE6E47B68DF3DE449C740
                                                                Function 00007FFDFF1DBD70 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Object_R@@@ThreadU_object@@$Arg_Err_FromParseRestoreSaveSizeStringTuple_
                                                                • String ID: The Python object is invalid
                                                                • API String ID: 1535466833-2445808733
                                                                • Opcode ID: 5db0e4322c38025440cf8cbad7bb3cb5142e25b3309d5bf83ac3db1029509074
                                                                • Instruction ID: 0440265c1d6460393f2bd162135ed407ecd3f9dce3dd5d8937379b2719f080d8
                                                                • Opcode Fuzzy Hash: 5db0e4322c38025440cf8cbad7bb3cb5142e25b3309d5bf83ac3db1029509074
                                                                • Instruction Fuzzy Hash: 9121EC27F08A4282EB259B16E92486AA371FF84BD4B444236DE7D47BACDF6CE545C700
                                                                Function 00007FFDFF1A1F60 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: D@@@Eval_Object_ThreadU_object@@$Arg_ClassParseRestoreSaveSizeTreatTuple_
                                                                • String ID: O|O
                                                                • API String ID: 2891899613-3782113556
                                                                • Opcode ID: dcea7bb891022be4c6915714f34e5478c8c9cc577c73540e374bcabb36fb4162
                                                                • Instruction ID: 2b9d798463b99667c0317a6bd92a8bdb1de3d612d502d6008bfaf22725a89f00
                                                                • Opcode Fuzzy Hash: dcea7bb891022be4c6915714f34e5478c8c9cc577c73540e374bcabb36fb4162
                                                                • Instruction Fuzzy Hash: 48214423F08A8682EB14DF15E960A7A63A0FF84784F844235D6BD476ACDF7CE505C700
                                                                Function 00007FFDFF1D9D80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: :Revert$The Python object is invalid
                                                                • API String ID: 1450464846-2634774199
                                                                • Opcode ID: 0021e60d170adb3f1c46c963140d3f71d87c539f5bbe75e3e361a6dac8b7bd8c
                                                                • Instruction ID: cb5ce77ddc01fe5f3f15d7214bdb7391c14087bdbd659399fa854f442e52498f
                                                                • Opcode Fuzzy Hash: 0021e60d170adb3f1c46c963140d3f71d87c539f5bbe75e3e361a6dac8b7bd8c
                                                                • Instruction Fuzzy Hash: 49214F67F18A4281EB549B56F96487923A0FF48BD0B841232CD3E477ECDF2CE4918300
                                                                Function 00007FFDFF1BED70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: :SaveAllChanges$The Python object is invalid
                                                                • API String ID: 1450464846-2045194468
                                                                • Opcode ID: 58eb2c5611b23570cfc44e88a26ac6fa7d57aa0b218db1bb0c259e40aed66d4f
                                                                • Instruction ID: 46149d85e1c5e7177ec5147bbb4192d3bfc5865acd8f382251882f14d3823acd
                                                                • Opcode Fuzzy Hash: 58eb2c5611b23570cfc44e88a26ac6fa7d57aa0b218db1bb0c259e40aed66d4f
                                                                • Instruction Fuzzy Hash: 8E214F27F08A4281EB549B56F96487923A0FB48BD0B445232CE3E877ECDF6CE4818300
                                                                Function 00007FFDFF1CEC90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_D@@@Err_FromObject_ParseRestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: :GetClassID$The Python object is invalid
                                                                • API String ID: 965085020-1385833364
                                                                • Opcode ID: 2aaa385cd0de2d93564136332b1dcd98183d8f8ed9b87c07fdfb7ba94124b29a
                                                                • Instruction ID: ac07b24101ed5b71ef76b01d14d48430103753b707d12b7a82c8d465337d3ec1
                                                                • Opcode Fuzzy Hash: 2aaa385cd0de2d93564136332b1dcd98183d8f8ed9b87c07fdfb7ba94124b29a
                                                                • Instruction Fuzzy Hash: BE213E73F08A4282EB509B12E96497A6361BF48BD0B440236D97E577ECDF2CE505C700
                                                                Function 00007FFDFF1E5EA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Capsule_MemoryPointerStringmalloc
                                                                • String ID: GJS $argument does not contain a vtable$win32com universal gateway
                                                                • API String ID: 1948829242-3190988141
                                                                • Opcode ID: 7c12a4370fc224b5032c5c7525941ffe7f5f053f8cf01148459a3d9daa76de72
                                                                • Instruction ID: eb588d897b205f84c750a3d79f185136ca04d5cf67114d47852e576024c848a9
                                                                • Opcode Fuzzy Hash: 7c12a4370fc224b5032c5c7525941ffe7f5f053f8cf01148459a3d9daa76de72
                                                                • Instruction Fuzzy Hash: 7A114736B09B8186EB158F25F86056973A0FB48F84F885531EA6E8779CEF3CE494C740
                                                                Function 00007FFDFF19BE00 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 52threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_SizeThread$Arg_BuildErr_ParseRestoreSaveStringTuple_Value_
                                                                • String ID: :GetTypeInfoCount$The Python object is invalid
                                                                • API String ID: 114827214-3869267128
                                                                • Opcode ID: 30eeb6ac4a810d07cfa6c3f4cbc3bce36f9d71366457731769f176658f6cd152
                                                                • Instruction ID: 48679b3ae4bd3a79764ca6a44a4199b2537a63c88a9509ebfe63c122cd30a53b
                                                                • Opcode Fuzzy Hash: 30eeb6ac4a810d07cfa6c3f4cbc3bce36f9d71366457731769f176658f6cd152
                                                                • Instruction Fuzzy Hash: ED118E22F08A8282EB50CB12FA648696365FF44BC0B445232DA3E477ECDF2CE5858340
                                                                Function 00007FFDFF1CEF50 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: :IsDirty$The Python object is invalid
                                                                • API String ID: 1450464846-2698278726
                                                                • Opcode ID: 6e8bda87eb63e7c139ecbb2d5ccf198b70b7745c378ebdc26c50e27f5bcfbd9b
                                                                • Instruction ID: 4bd9b3a703e94cdda9b82ece6234d87b680662b80a600ce7328207c03735c6c9
                                                                • Opcode Fuzzy Hash: 6e8bda87eb63e7c139ecbb2d5ccf198b70b7745c378ebdc26c50e27f5bcfbd9b
                                                                • Instruction Fuzzy Hash: B8115E56F08A4682EF189B66E97497913E1FF48B84B481231CD3E877E8DF2CE496C300
                                                                Function 00007FFDFF1E7044 Relevance: 12.1, APIs: 8, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: BufferView@@memcpy$U_object@@_
                                                                • String ID:
                                                                • API String ID: 3560831753-0
                                                                • Opcode ID: 614320b61b6fd2e534d064de399ef0497df5a9ddf274049572f0bacfc4bcd2ac
                                                                • Instruction ID: 49567597d72c5896c4336ee339dbd9aef91193b6c4fbf5acfe9932291f1e0814
                                                                • Opcode Fuzzy Hash: 614320b61b6fd2e534d064de399ef0497df5a9ddf274049572f0bacfc4bcd2ac
                                                                • Instruction Fuzzy Hash: BA31D827F08A8285F7649B25E820ABD23A0AB49B84F544635CE7E57BDDDF28F449C700
                                                                Function 00007FF704C0C3A8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C42D
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C43B
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C465
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C4D3
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF704C0C65A,?,?,?,00007FF704C0C34C,?,?,?,00007FF704C0BF49), ref: 00007FF704C0C4DF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction ID: faf0a1c275bcdfffc1325a8e9e435cd7b8b2b239878da2d67b56225e3054083e
                                                                • Opcode Fuzzy Hash: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction Fuzzy Hash: D031E621A0AA02A1EF15BF43AC8467AA394FF08BA4FC94637DD1D87795DF3CE0408324
                                                                Function 00007FFDFF1B4F00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyGILState_Ensure.PYTHON312 ref: 00007FFDFF1B4F3C
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195158
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195167
                                                                  • Part of subcall function 00007FFDFF195100: ?PyWinObject_FromBstr@@YAPEAU_object@@QEA_WH@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF195176
                                                                  • Part of subcall function 00007FFDFF195100: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951A2
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951BA
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951CE
                                                                  • Part of subcall function 00007FFDFF195100: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFF194FDC), ref: 00007FFDFF1951E2
                                                                • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES312 ref: 00007FFDFF1B4F78
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF1B4FB6
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FFDFF1B4FCA
                                                                • PyGILState_Release.PYTHON312 ref: 00007FFDFF1B4FD3
                                                                  • Part of subcall function 00007FFDFF1941E0: PyErr_Occurred.PYTHON312 ref: 00007FFDFF1941E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromObject_U_object@@$Bstr@@$State_$BuildEnsureErr_OccurredReleaseSizeValue_
                                                                • String ID: AddError
                                                                • API String ID: 2290194165-917986504
                                                                • Opcode ID: da9dc1afc34f703d829830a657bbcc642dbb471a6cb45b0420e720793a3d663f
                                                                • Instruction ID: 4bf24379995f45a3a27afe2b6e8fc5d94d0f36cdf4fe9d7aa25fc2ea3e5af815
                                                                • Opcode Fuzzy Hash: da9dc1afc34f703d829830a657bbcc642dbb471a6cb45b0420e720793a3d663f
                                                                • Instruction Fuzzy Hash: D7218D23F19A4682EB249F15A864979A3A0FF45B95F044235EEBD47B9CEF3CE414C340
                                                                Function 00007FFDFF1DCD60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSave$Err_ErrorInfoString
                                                                • String ID: The Python object is invalid
                                                                • API String ID: 2392350090-2445808733
                                                                • Opcode ID: 44eddbc2b2d48ac032a9010fdeecbdffd41ee139b01ae857db8800571a947cba
                                                                • Instruction ID: ea57b08f41e5e9d4ce4ad16b6657fc84e06d44812d7bd770af70a13dc77e7c08
                                                                • Opcode Fuzzy Hash: 44eddbc2b2d48ac032a9010fdeecbdffd41ee139b01ae857db8800571a947cba
                                                                • Instruction Fuzzy Hash: B5217F27F08B8182DB50DB22A95496A6761FF89FC4B481132DE7E53BA8CF3CE442D740
                                                                Function 00007FF704C06DD0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID:
                                                                • API String ID: 995526605-0
                                                                • Opcode ID: c7671fb5202d01f39c05a73c162c5963abba7d6893b90cd050d4154e3befed82
                                                                • Instruction ID: 9e1930398a997ca537d1ae51d3e84bfad7a1d4b9351e2940d0e0ad8e8d286a43
                                                                • Opcode Fuzzy Hash: c7671fb5202d01f39c05a73c162c5963abba7d6893b90cd050d4154e3befed82
                                                                • Instruction Fuzzy Hash: BC212131B0CB4251EB50AF56E9C462FE3A1EF857A0F900636D66D83AE4DFACE4558720
                                                                Function 00007FF704C1B160 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 2245fb37e835f0222bc3a92d8d43c496d79132c05d1bd3e824809b87f5ed101d
                                                                • Instruction ID: 8fdcef8045af8c86f5474120eb4ccbdbad5e7c69bb9a01b6a1686004ff518105
                                                                • Opcode Fuzzy Hash: 2245fb37e835f0222bc3a92d8d43c496d79132c05d1bd3e824809b87f5ed101d
                                                                • Instruction Fuzzy Hash: 44215E24E0D64261F914BB63AED113FD1625F467E0FD0063AE92E467E6EF2CB8008A20
                                                                Function 00007FFDFF1DBE60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_Object_ParseR@@@RestoreSaveSizeStringTuple_U_object@@
                                                                • String ID: The Python object is invalid
                                                                • API String ID: 2648371125-2445808733
                                                                • Opcode ID: 49f07f9c3ff6efdfd11388ead3f15818c6b5915e32fb0b7fc6785e4817e5914e
                                                                • Instruction ID: bdbcf9c4ae32de0e74fa0e58a5f93052dc82724d33238b72794d4c5edefff928
                                                                • Opcode Fuzzy Hash: 49f07f9c3ff6efdfd11388ead3f15818c6b5915e32fb0b7fc6785e4817e5914e
                                                                • Instruction Fuzzy Hash: 3C214527F08A4281EB549B16FA6086963B0FF84BD0B441232DE7E47BACDF2CE4818340
                                                                Function 00007FFDFF1ABFA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$ClearDeallocEnsureErr_Object_R@@@ReleaseU_object@@
                                                                • String ID: GetSizeMax
                                                                • API String ID: 1322101601-2032451762
                                                                • Opcode ID: 88ec58d0031f6003993fafed71db992f7e60ee3c9c28d79ecdb4728e661cf59e
                                                                • Instruction ID: 818e66c702ecd87d7252158360e87d3d25e93286ea415d3932aa92dbed0e53ab
                                                                • Opcode Fuzzy Hash: 88ec58d0031f6003993fafed71db992f7e60ee3c9c28d79ecdb4728e661cf59e
                                                                • Instruction Fuzzy Hash: A7215077F08B4682EB109B25E964A6A63A1FB88BD4F454231DA6D47798DF2DE504CB00
                                                                Function 00007FFDFF1B6000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$ClearDeallocEnsureErr_Object_R@@@ReleaseU_object@@
                                                                • String ID: GetSizeMax
                                                                • API String ID: 1322101601-2032451762
                                                                • Opcode ID: a1d25f0b5fb3db0a61d4d0756be87e5c851f42ec00f1db220ec2766cf7b34ada
                                                                • Instruction ID: fdbe7a5bef91efc58ee5c28a16f911a577c54311ac8836dcad35a01708f54fcd
                                                                • Opcode Fuzzy Hash: a1d25f0b5fb3db0a61d4d0756be87e5c851f42ec00f1db220ec2766cf7b34ada
                                                                • Instruction Fuzzy Hash: C7213077F08B4682EB109B26E864A6963A1FB89BD8F454231DA6D4779CDF2DE504C700
                                                                Function 00007FFDFF1DC040 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: The Python object is invalid$|l:Commit
                                                                • API String ID: 350333814-2642149698
                                                                • Opcode ID: 5d22df0ccbe5d1d4f8bb3484f66db9876e88d5918f47288ecbd3bfbadf258c60
                                                                • Instruction ID: 82d78f60a93f81bfc6c04a946e152d368c15fc566dae023c1254f67f225dc561
                                                                • Opcode Fuzzy Hash: 5d22df0ccbe5d1d4f8bb3484f66db9876e88d5918f47288ecbd3bfbadf258c60
                                                                • Instruction Fuzzy Hash: 92113E27F08A4182EB459B16FA6496A6371FF44BC0B445232DE7E477ACCF2DE4858740
                                                                Function 00007FFDFF1C6010 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: The Python object is invalid$l:Skip
                                                                • API String ID: 350333814-1306879369
                                                                • Opcode ID: a7df10189117aafa1e547c8dd2db9dc2e540710e0a351528aa92b2c273ba58df
                                                                • Instruction ID: 874e45bbbf853351cca6e5b916d7edb3b13254c008b2541884605e34b9601a0c
                                                                • Opcode Fuzzy Hash: a7df10189117aafa1e547c8dd2db9dc2e540710e0a351528aa92b2c273ba58df
                                                                • Instruction Fuzzy Hash: 0E115E27F08A4282EB559B16FA6487963A1FB48BD0B445232DE7E537ACCF2CE455C700
                                                                Function 00007FFDFF1C3ED0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: The Python object is invalid$l:Skip
                                                                • API String ID: 350333814-1306879369
                                                                • Opcode ID: d8b10eb10940a94e4a81de95155d9add753e187e750bade74c4399c22415b8f0
                                                                • Instruction ID: c1d11031ceefe9babd78377e7ca916e2b652adaae91a019f3bcbe2b222567cd9
                                                                • Opcode Fuzzy Hash: d8b10eb10940a94e4a81de95155d9add753e187e750bade74c4399c22415b8f0
                                                                • Instruction Fuzzy Hash: F3110D27F08A4681EB499B66FA64CA963B2BF88BD0B445236CD3D43798DF2CE4548200
                                                                Function 00007FFDFF1C8D70 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: The Python object is invalid$l:Skip
                                                                • API String ID: 350333814-1306879369
                                                                • Opcode ID: 8e0243c8b702d848df40db2088b130bd274d744bfdda1a56e6438a24b5ecbfa7
                                                                • Instruction ID: 9379421cf870bc89840cc932c1d50222dc741c149934beb08d309fc700216fb0
                                                                • Opcode Fuzzy Hash: 8e0243c8b702d848df40db2088b130bd274d744bfdda1a56e6438a24b5ecbfa7
                                                                • Instruction Fuzzy Hash: 81112127F08A4281EB459B56FAA48B963A2BF88BD0B545236CD3D4379CDF3CE455D300
                                                                Function 00007FF704C280FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction ID: 579f699f6f6b65c6d8b412ff3ada8aacdcdbdd18c6e5db11c986f5f0cd2479e2
                                                                • Opcode Fuzzy Hash: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction Fuzzy Hash: 0D118E21A18A4196E750AF47ED8532AA3A0FF88FE4F844236EA1D977A4CFBCD404C750
                                                                Function 00007FFDFF1C3F90 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: :Reset$The Python object is invalid
                                                                • API String ID: 350333814-3082310266
                                                                • Opcode ID: 21fdcb016917474e64c4cacccdc5f8e623aae561ec8c642ac483e243aaf1bbb2
                                                                • Instruction ID: 55966ebb1bd79981ee7e2207d60774e7e33f0c6ddb56388a2bd95d2fca0bf770
                                                                • Opcode Fuzzy Hash: 21fdcb016917474e64c4cacccdc5f8e623aae561ec8c642ac483e243aaf1bbb2
                                                                • Instruction Fuzzy Hash: 5F111F67F08A4281EB599B16EA64D7963B2BF48BD0B445236C93E477ECDF2CE494C340
                                                                Function 00007FFDFF1C8E30 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_Err_ParseRestoreSaveSizeStringTuple_
                                                                • String ID: :Reset$The Python object is invalid
                                                                • API String ID: 350333814-3082310266
                                                                • Opcode ID: e317eae85bea4dde79a425250e8e52fd2b6cd2c53382faaf9acf094e141183d7
                                                                • Instruction ID: 17ed74e794f2bc350ad1d3d74904a904d510a297c616ddbe3e12613c78956266
                                                                • Opcode Fuzzy Hash: e317eae85bea4dde79a425250e8e52fd2b6cd2c53382faaf9acf094e141183d7
                                                                • Instruction Fuzzy Hash: 8D114F27F08A4281EB159B16EAA4C7923A2BF48BE0B445232C93D477ECDF3CE450D300
                                                                Function 00007FFDFF1A3E30 Relevance: 10.5, APIs: 7, Instructions: 25threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Thread$Eval_GlobalLock@@UninitializeWin_$AcquireCurrentReleaseRestoreSave
                                                                • String ID:
                                                                • API String ID: 1455255957-0
                                                                • Opcode ID: a5be2cb8f26135172e4c983e6e33fdde6c818c44632b65db86923c2671f050ba
                                                                • Instruction ID: 861654aea5cbb930a8ad5b3063a428fedf3034ef52e4141797507323d7664c41
                                                                • Opcode Fuzzy Hash: a5be2cb8f26135172e4c983e6e33fdde6c818c44632b65db86923c2671f050ba
                                                                • Instruction Fuzzy Hash: 9DF09236F09A0786F7156B66ED68E383360BF19B46F440235C93E452F88F3C7488D605
                                                                Function 00007FF704C074D0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF704C02C4F), ref: 00007FF704C074FD
                                                                • K32EnumProcessModules.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C0755A
                                                                  • Part of subcall function 00007FF704C07AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF704C031F4,00000000,00007FF704C01905), ref: 00007FF704C07AD9
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C075E5
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C07644
                                                                • FreeLibrary.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C07655
                                                                • FreeLibrary.KERNEL32(?,00007FF704C02C4F), ref: 00007FF704C0766A
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                • String ID:
                                                                • API String ID: 3462794448-0
                                                                • Opcode ID: 250420c8d4111dd4c2ea8f8f7913314fbedbf9ed5b835d0733a9d435ee6a147a
                                                                • Instruction ID: c6d180518a99418101aff89c4f95b0a97a06288ddbdcc3bea93eaa838c4c6762
                                                                • Opcode Fuzzy Hash: 250420c8d4111dd4c2ea8f8f7913314fbedbf9ed5b835d0733a9d435ee6a147a
                                                                • Instruction Fuzzy Hash: 6541B372A1A68251EA34BF17A9886ABA394FF44BC0F844136DF4D97799DF3CE500C720
                                                                Function 00007FF704C07730 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF704C06DD0: GetCurrentProcess.KERNEL32 ref: 00007FF704C06DF0
                                                                  • Part of subcall function 00007FF704C06DD0: OpenProcessToken.ADVAPI32 ref: 00007FF704C06E03
                                                                  • Part of subcall function 00007FF704C06DD0: GetTokenInformation.ADVAPI32 ref: 00007FF704C06E28
                                                                  • Part of subcall function 00007FF704C06DD0: GetLastError.KERNEL32 ref: 00007FF704C06E32
                                                                  • Part of subcall function 00007FF704C06DD0: GetTokenInformation.ADVAPI32 ref: 00007FF704C06E72
                                                                  • Part of subcall function 00007FF704C06DD0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF704C06E8E
                                                                  • Part of subcall function 00007FF704C06DD0: CloseHandle.KERNEL32 ref: 00007FF704C06EA6
                                                                • LocalFree.KERNEL32(00000000,00007FF704C02A89), ref: 00007FF704C077BC
                                                                • LocalFree.KERNEL32 ref: 00007FF704C077C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                • API String ID: 6828938-1529539262
                                                                • Opcode ID: 2f317deca9a758694f6eaaff4d03df095a692429338bc4776b76e5468a4f223b
                                                                • Instruction ID: a999881e79e10b0be9bb96e9fe191860ff0b0808a06bf65fb7d06026ddf8b8c9
                                                                • Opcode Fuzzy Hash: 2f317deca9a758694f6eaaff4d03df095a692429338bc4776b76e5468a4f223b
                                                                • Instruction Fuzzy Hash: 70214131A08742A1F614BF12ED993EBA261EF94780FC44037EA4D93796DF7DE84587A0
                                                                Function 00007FF704C1B2D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B2E7
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B31D
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B34A
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B35B
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B36C
                                                                • SetLastError.KERNEL32(?,?,?,00007FF704C1B5A1,?,?,?,?,00007FF704C1A4A2,?,?,?,?,00007FF704C171DB), ref: 00007FF704C1B387
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: d23f2dd5728eab5cc1d41594c4df16a15f059af7b4918ff110098b60cc8c0721
                                                                • Instruction ID: 85439d2a1ac166a7e7f7fc9016c79f0fe866e3cfa8cc1a11544f72dfe0fbe88e
                                                                • Opcode Fuzzy Hash: d23f2dd5728eab5cc1d41594c4df16a15f059af7b4918ff110098b60cc8c0721
                                                                • Instruction Fuzzy Hash: 1A115024E0C64262FA14BF239ED113FE1624F467A0FC4073AE92E567E6EF2CF8114620
                                                                Function 00007FFDFF1E3EE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetDim.OLEAUT32 ref: 00007FFDFF1E3F01
                                                                  • Part of subcall function 00007FFDFF1E3C90: SafeArrayGetLBound.OLEAUT32 ref: 00007FFDFF1E3CB3
                                                                • ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES312(?,?,?,?,00000000,00007FFDFF1E2ADE), ref: 00007FFDFF1E3F69
                                                                • PyErr_SetObject.PYTHON312(?,?,?,?,00000000,00007FFDFF1E2ADE), ref: 00007FFDFF1E3F84
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,00000000,00007FFDFF1E2ADE), ref: 00007FFDFF1E3F93
                                                                Strings
                                                                • Internal error - unexpected argument - only simple VARIANTTYPE expected, xrefs: 00007FFDFF1E3F62
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$BoundDeallocErr_FromObjectObject_U_object@@
                                                                • String ID: Internal error - unexpected argument - only simple VARIANTTYPE expected
                                                                • API String ID: 1195713461-2832032402
                                                                • Opcode ID: cf2f8fc04e3f50de310519dba58fe04186003323a256c50c9087cc5952cfabbd
                                                                • Instruction ID: cba205e64608233910b83e2746980c3ad0b029033ef4a15a53827488a5d2cd10
                                                                • Opcode Fuzzy Hash: cf2f8fc04e3f50de310519dba58fe04186003323a256c50c9087cc5952cfabbd
                                                                • Instruction Fuzzy Hash: 0F113022F09A4285EB04DB5AF8245A5A3A0FF89BA0F080735EE7D877D9DF3DE4408744
                                                                Function 00007FFDFF1C1E70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$DeallocEnsureLongLong_Release
                                                                • String ID: QueryContinueDrag
                                                                • API String ID: 1519730240-4062955102
                                                                • Opcode ID: 09cde228953c145f238be189d8deb19004b32f1c26610940397f2bd4854135d7
                                                                • Instruction ID: 0e98fd59c848fb0e81251e6aa69c85e902c807bd9cf474035073092961e257ad
                                                                • Opcode Fuzzy Hash: 09cde228953c145f238be189d8deb19004b32f1c26610940397f2bd4854135d7
                                                                • Instruction Fuzzy Hash: FF112877B08B9282E7108F1AE85496AB3A0FB89B94F444235EFAD93798DF3CD454C700
                                                                Function 00007FFDFF1DFDA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Tuple_$Item$BuildSizeValue_$Dealloc
                                                                • String ID: (ii)
                                                                • API String ID: 1923886433-4115259616
                                                                • Opcode ID: 7d5f075537e1c9fc97a217f728b1185366428d8c4303118ce88bff1660b9677c
                                                                • Instruction ID: e5f5049f3bd7b2e7f6187ea373bd6d924f0a8aa217e31e968dfa8496e8822448
                                                                • Opcode Fuzzy Hash: 7d5f075537e1c9fc97a217f728b1185366428d8c4303118ce88bff1660b9677c
                                                                • Instruction Fuzzy Hash: BA015B22F18B86C6EB048F22E8544B97361FB85FC5B494531EA7A07B99DF3CE552C740
                                                                Function 00007FFDFF1C1F20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$DeallocEnsureLongLong_Release
                                                                • String ID: GiveFeedback
                                                                • API String ID: 1519730240-3077175550
                                                                • Opcode ID: 7408188f744bf23eddb6863d37b7867baaaf56ffeab2c8b5435c4bd53885fd6e
                                                                • Instruction ID: 3649d797d2bb8c9041fcaf38afdbb67ba7c6f6faada9b160d3d9667b2a949343
                                                                • Opcode Fuzzy Hash: 7408188f744bf23eddb6863d37b7867baaaf56ffeab2c8b5435c4bd53885fd6e
                                                                • Instruction Fuzzy Hash: 40010C77B08B5282E7048F15E4649A96361FB89B94F544231EE6D43398DF3DD445C740
                                                                Function 00007FFDFF1A1E50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ClassObjectParseRestoreRevokeSaveSizeTuple_
                                                                • String ID: i:CoRevokeClassObject
                                                                • API String ID: 3621679284-2653048851
                                                                • Opcode ID: c32180ed4bc54d4ab496bcb66ee31fb602f943176b2682bac6a6ddd0538cf19e
                                                                • Instruction ID: bbdb4f25db4eb0200e49919aacd6dd09000cbf96a1a98e10975f3de21b3ae20c
                                                                • Opcode Fuzzy Hash: c32180ed4bc54d4ab496bcb66ee31fb602f943176b2682bac6a6ddd0538cf19e
                                                                • Instruction Fuzzy Hash: C201EC37F08A4282EB18AB16EDA0C6963A1FF88B84F845235DA7D57798DF3CE555C700
                                                                Function 00007FFDFF1ABF00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$DeallocEnsureLongLong_Release
                                                                • String ID: IsDirty
                                                                • API String ID: 1519730240-535502831
                                                                • Opcode ID: 9179b2d7fe3386b9493d1368d43246ce48a92d5c039be173366c99c94799b3c7
                                                                • Instruction ID: 6818a19b713769ef2fa42465d6c720a487ba22cd24e9801479c1aad697f40e50
                                                                • Opcode Fuzzy Hash: 9179b2d7fe3386b9493d1368d43246ce48a92d5c039be173366c99c94799b3c7
                                                                • Instruction Fuzzy Hash: FF014F33F18B5282DB009B76B4A496963A4FB88B94F451131EA6E47698DF3CD889C740
                                                                Function 00007FFDFF1A6EE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34threadcomclipboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ClipboardFlushParseRestoreSaveSizeTuple_
                                                                • String ID: :OleFlushClipboard
                                                                • API String ID: 1083145762-2909607431
                                                                • Opcode ID: 418b624f2556e6f4f0ac3420699483b49654f1a876f15bc72198625c1be6daf0
                                                                • Instruction ID: 02639ca673ce829e79765ea245bc38c980dcc7abf903bc6917427ac2d2e7f758
                                                                • Opcode Fuzzy Hash: 418b624f2556e6f4f0ac3420699483b49654f1a876f15bc72198625c1be6daf0
                                                                • Instruction Fuzzy Hash: AC01FB37F08B4282DB18AB26ADA4C6963A1BF88B84F881235D97D47798DF3CE155C700
                                                                Function 00007FFDFF1D5CC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$D@@@DeallocEnsureFromObject_ReleaseU_object@@
                                                                • String ID: SetClass
                                                                • API String ID: 4196910675-488556127
                                                                • Opcode ID: 0606596fa166e1cda78e20840143be64882c812a319d989ec6b882d2d818d6e1
                                                                • Instruction ID: 567293413fc551458ea437ec1b70405cf17ad37467a8e143e94b715554eeef77
                                                                • Opcode Fuzzy Hash: 0606596fa166e1cda78e20840143be64882c812a319d989ec6b882d2d818d6e1
                                                                • Instruction Fuzzy Hash: 77012837F18B5682EB148B26E92496863A4FB49B90B484230DE6D47B98DF3CD515C700
                                                                Function 00007FFDFF1A1EE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ClassObjectsParseRestoreResumeSaveSizeTuple_
                                                                • String ID: :CoResumeClassObjects
                                                                • API String ID: 2642248414-995057619
                                                                • Opcode ID: 0c7e7255730d51a13eeedffdf8b787d0c8ee4b6a105f8be74f4d0c8f973a7b70
                                                                • Instruction ID: 6183bdc547fe43e0facffd35cc8c4360a3161cf4b2114b7204b8da930a3b25b1
                                                                • Opcode Fuzzy Hash: 0c7e7255730d51a13eeedffdf8b787d0c8ee4b6a105f8be74f4d0c8f973a7b70
                                                                • Instruction Fuzzy Hash: 8D011D37F18B4282EB18AB17AD60C6963A1BF88B84F840236C97D477A8DF3CE155C700
                                                                Function 00007FF704C19AD8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction ID: ffb2e8ca21b7b93e1355f2e29ec8338bac4e06ac2f43145ca5cbe4219c15eb0a
                                                                • Opcode Fuzzy Hash: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction Fuzzy Hash: 26F0AF61A08602A1EA20AF26EC9473BA320BF49765F900236C96E462F4CF7CD108C360
                                                                Function 00007FFDFF1A3EA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 21threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_FreeLibrariesParseRestoreSaveSizeTuple_Unused
                                                                • String ID: :CoFreeUnusedLibraries
                                                                • API String ID: 2765692386-3018881912
                                                                • Opcode ID: 383d2ca911cc49069e361430dbb4dccee3c030204aa6cd65f4383b31394ccd34
                                                                • Instruction ID: 4020800ec97aaf138d91ac524675afc15e80e86e04e89602e9c31bad7aa1c449
                                                                • Opcode Fuzzy Hash: 383d2ca911cc49069e361430dbb4dccee3c030204aa6cd65f4383b31394ccd34
                                                                • Instruction Fuzzy Hash: 52F0A526F09B4381EB18AB17EDA4C6923A0BB48B85F840235C97E423A8DF3CE159C700
                                                                Function 00007FFDFF1DFFE0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: free$ClearErr_LongLong_MemoryVariantmalloc
                                                                • String ID:
                                                                • API String ID: 2176891292-0
                                                                • Opcode ID: 58afd62aebbf398d61830d4a3d8db155a813aa92ecc785e2a7dd029d70d87db9
                                                                • Instruction ID: 94d7a315a9a4af55586c289d757bae13f28a87f341ec73b8622f169585ec277c
                                                                • Opcode Fuzzy Hash: 58afd62aebbf398d61830d4a3d8db155a813aa92ecc785e2a7dd029d70d87db9
                                                                • Instruction Fuzzy Hash: 70212533F09B4181EB498B55E86063963A0EB88FC4B484139DB6E4778DDF3DE851C700
                                                                Function 00007FFDFF1E3FD0 Relevance: 7.6, APIs: 5, Instructions: 59threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_SaveThread$ClearDeallocFreeStringVariant
                                                                • String ID:
                                                                • API String ID: 3546613564-0
                                                                • Opcode ID: eb7c64a7dea076836c6328398742ef00c4d39bf776e607073470c8edb5df1a3b
                                                                • Instruction ID: 0f81e32472323dd39f465ed77badbbee1646635168289ac39ee21a99e00e488a
                                                                • Opcode Fuzzy Hash: eb7c64a7dea076836c6328398742ef00c4d39bf776e607073470c8edb5df1a3b
                                                                • Instruction Fuzzy Hash: CF211037F0890682EB589B2AE9A4B782360FB44B90F144234DB3D426D8CF2DF5E4C340
                                                                Function 00007FF704C296F8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction ID: 1c0ba80f9c81d413e23cf8c0aa1fa79653d80d0de3e420c60afe8e16ff3710f9
                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction Fuzzy Hash: 4E1190B2F18A0321F6943D66EED537781407F95BA0F980636E96E062E68FBC68414120
                                                                Function 00007FFDFF1A9DD0 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: U_object@@$AllocD@@@DeallocErr_MemoryObject_Sequence_TaskTuple@@
                                                                • String ID:
                                                                • API String ID: 806334198-0
                                                                • Opcode ID: 6f30ea8e3432bf89143934e543cb8f320fec828300744d76893ea6299ce1a67c
                                                                • Instruction ID: db2fe1fa8ae81a50cbcae363d563b3cb7152ea29a9eaf1a4709c298e9ce40b92
                                                                • Opcode Fuzzy Hash: 6f30ea8e3432bf89143934e543cb8f320fec828300744d76893ea6299ce1a67c
                                                                • Instruction Fuzzy Hash: 10114C33F09B4286EB108F15A860539B7A1FB94B80F488134DEBD46799EF3CE885C740
                                                                Function 00007FF704C1B3A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B3BF
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B3DE
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B406
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B417
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF704C1A5F7,?,?,00000000,00007FF704C1A892,?,?,?,?,?,00007FF704C1A81E), ref: 00007FF704C1B428
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: cbe03ada2e908f7540b7ea9c9b7e310366358306a55d4bff4aa4be204bebbfb0
                                                                • Instruction ID: 56d77ac17c9175ac140e14d3117f92b17ebab33c2683664310f1cba077171611
                                                                • Opcode Fuzzy Hash: cbe03ada2e908f7540b7ea9c9b7e310366358306a55d4bff4aa4be204bebbfb0
                                                                • Instruction Fuzzy Hash: A3116020E0C60261F954BF23ADD117BE1615F463A0FC4473BEA2E567E6EF2CF8028620
                                                                Function 00007FF704C1B234 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: 6c3b0d0b3a93207179c120b497fe964da44e247211fc03abc75b26b01eb415ae
                                                                • Instruction ID: 2ce1dea6fe2ba21f6d6f642fc44148aef163dbf03862e6f662eec7ae294b5bbb
                                                                • Opcode Fuzzy Hash: 6c3b0d0b3a93207179c120b497fe964da44e247211fc03abc75b26b01eb415ae
                                                                • Instruction Fuzzy Hash: D211C514E0D20761F958BA635DE157B92614F47360FD40B3AD92E1A3F2EF2DB8059A20
                                                                Function 00007FFDFF1E6F94 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Long$Long_$DeallocErr_Number_OccurredUnsigned
                                                                • String ID:
                                                                • API String ID: 3673791007-0
                                                                • Opcode ID: ae1b5303cc182a3a08bafadaa73d667adde3f57e2d5ac04cf373d6501fd8c537
                                                                • Instruction ID: 04e1ea88a786f1f1b42e30887167ef025c3b1c0f88e763fb88ae57b29b920ea0
                                                                • Opcode Fuzzy Hash: ae1b5303cc182a3a08bafadaa73d667adde3f57e2d5ac04cf373d6501fd8c537
                                                                • Instruction Fuzzy Hash: B911DB37F09A8681FB659B12E964AB963A0AF48B94F544631CA7D037DCDF2CF4458600
                                                                Function 00007FF704C16070 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: verbose
                                                                • API String ID: 3215553584-579935070
                                                                • Opcode ID: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction ID: bc032c641c65f0c83a368cc081f4d0bcf87cd8556b020938d02ddc62efc84663
                                                                • Opcode Fuzzy Hash: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction Fuzzy Hash: 3E91A122B08A4692F721AE26D89037EB6B1AF46B94FD44137DA5A473E5DF3CE4458320
                                                                Function 00007FF704C1FF58 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                • API String ID: 3215553584-1196891531
                                                                • Opcode ID: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction ID: 22300f7571e8ba59aeb78f4e289266264e18ef954f73eac362a47f9562988d37
                                                                • Opcode Fuzzy Hash: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction Fuzzy Hash: D881D635D08212A9F7646F2BDFD027AE6A0AF11B48FD55037CB0967295CBBCE5019321
                                                                Function 00007FF704C0BD28 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction ID: 7779856fe04ed3c36b070cf17fc30e8d22ffba50920e4d84972dd22fb77879c5
                                                                • Opcode Fuzzy Hash: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction Fuzzy Hash: B751D535B19602AADB14EF56D888A7AB391EF44B88F844132EA5D87748EF7CFC41C710
                                                                Function 00007FF704C0D5B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction ID: 12887b0fa3b60ba45a564333cc01fa321973df1bb0671d172c8024476a2661f9
                                                                • Opcode Fuzzy Hash: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction Fuzzy Hash: F4618172908B8591D7609F56E8843AAB7A0FB84B84F444226EB9D43B99CF7CD194CB10
                                                                Function 00007FF704C0D968 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction ID: fee1244b3296d18c12aacade50fb97f3c5871744efcb43c263b8ca56dc371184
                                                                • Opcode Fuzzy Hash: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction Fuzzy Hash: E151B132508342AAEB74AF93988837AB790EF54B94F945237DA4E83795CF3CE550CB10
                                                                Function 00007FF704C067B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNEL32(00000000,?,00007FF704C0240C,?,?,00007FF704C02BD3), ref: 00007FF704C068C2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID: %.*s$%s%c$\
                                                                • API String ID: 4241100979-1685191245
                                                                • Opcode ID: 1eb3a29e5924a329783ad5126d280cb7576a2586479cae5dfb36453c71b1a29d
                                                                • Instruction ID: 50b9c480ebcb9ef6a7c25e9564aa67bdd56357bd9d628318c334349dc1af855e
                                                                • Opcode Fuzzy Hash: 1eb3a29e5924a329783ad5126d280cb7576a2586479cae5dfb36453c71b1a29d
                                                                • Instruction Fuzzy Hash: 4331C721B19AC565EA31AF16EC943EBA254EF44BE0F840332EE5D877C5EF2CD6458710
                                                                Function 00007FF704C01ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID: %ls: %ls$<FormatMessageW failed.>
                                                                • API String ID: 3479602957-1483686772
                                                                • Opcode ID: 66905646dc6b4e1ae8a439d10b7206d34a71fba3fb7bfa1e624f4a1fd0dafa6d
                                                                • Instruction ID: f0a58a6062a5c3a30d6d13a8ba3710a891fdd56b65375c9e12f4be9cf66b2990
                                                                • Opcode Fuzzy Hash: 66905646dc6b4e1ae8a439d10b7206d34a71fba3fb7bfa1e624f4a1fd0dafa6d
                                                                • Instruction Fuzzy Hash: E5119162A08781A1F320AF13FD457ABA660BF897C4F840136EE8D47765DF7CD5458790
                                                                Function 00007FFDFF1A3DA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Arg_ParseRestoreSaveSizeTuple_
                                                                • String ID: l:CoInitializeEx
                                                                • API String ID: 381111819-1925297153
                                                                • Opcode ID: 0c9a39eea8707bb92c30320df0e3202d2147dc44f1c8c2673e9a6a65800a1b59
                                                                • Instruction ID: 1e571ec937c45196c5648e44c8b82dc61f5e62101707a145aa1957b37a3d473c
                                                                • Opcode Fuzzy Hash: 0c9a39eea8707bb92c30320df0e3202d2147dc44f1c8c2673e9a6a65800a1b59
                                                                • Instruction Fuzzy Hash: 40012137F18A4282DB18AB26ED6086A63A1FF88784F840236D67D57798DF3CE515C700
                                                                Function 00007FFDFF1CAD70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: ReleaseConnection$iii
                                                                • API String ID: 715727267-1631745756
                                                                • Opcode ID: 89f1599cfbd7401cada510e7f2205b80c030610959db41fc73a31d045c84c639
                                                                • Instruction ID: 10f0c3ed7689a63bfb321d2511e4fa4a0d1b19b7fc8dcb66ddad5044cda8ca02
                                                                • Opcode Fuzzy Hash: 89f1599cfbd7401cada510e7f2205b80c030610959db41fc73a31d045c84c639
                                                                • Instruction Fuzzy Hash: E4014B73A18B548AD300DF1AF844A5ABBA0FB88B94F454536EF9D83B68DF38D545CB40
                                                                Function 00007FFDFF1A0EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: AddressHandleModuleProc
                                                                • String ID: CoInitializeEx$ole32.dll
                                                                • API String ID: 1646373207-4163290989
                                                                • Opcode ID: 7209ba9117013d767e5d4340db10cc18250320c598fa321a1db4cf96333cde76
                                                                • Instruction ID: 0bfbabb119b2fcd38928fd990d216b3ac1be0d608c5cbea981427d3cd850f60d
                                                                • Opcode Fuzzy Hash: 7209ba9117013d767e5d4340db10cc18250320c598fa321a1db4cf96333cde76
                                                                • Instruction Fuzzy Hash: EDF0AC36F4964383FB0C9B24ACA296427916F58320FD50739D43EC63E8DF2CA595A600
                                                                Function 00007FF704C1C6B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction ID: bea9441179bada5be1c70ae615fab33cf175a00b2efa449cd07800545826522e
                                                                • Opcode Fuzzy Hash: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction Fuzzy Hash: B9D11572B18A819AE711DF76D8802AD77B1FB45798B808237DE4D97BA9DF38D406C310
                                                                Function 00007FFDFF1E4DA0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Tuple_$DeallocDict_Item
                                                                • String ID:
                                                                • API String ID: 4030228039-0
                                                                • Opcode ID: d294887b3e29c2c2db26f1b05f68337db13b0f002244e19ced39cb332449e16d
                                                                • Instruction ID: 31df01b74567f626169d071c2d99db409eaf681489a2b95e48354f1f6b778351
                                                                • Opcode Fuzzy Hash: d294887b3e29c2c2db26f1b05f68337db13b0f002244e19ced39cb332449e16d
                                                                • Instruction Fuzzy Hash: 9C41F537B04B4286DB20CF65F9549A9B7A4FB88B90B054235DAB9437A8DF3CE415C704
                                                                Function 00007FFDFF193EB0 Relevance: 6.1, APIs: 4, Instructions: 66threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorEval_InfoThread$CreateRestoreSave
                                                                • String ID:
                                                                • API String ID: 4101529084-0
                                                                • Opcode ID: f837c2a415032dba919f44e9aecb497459b0b61efd4341ffe5153b56680d8d2b
                                                                • Instruction ID: 99439f702c319d2682b2678b7a3d699869edcaff563a27556a27ffa5cb696854
                                                                • Opcode Fuzzy Hash: f837c2a415032dba919f44e9aecb497459b0b61efd4341ffe5153b56680d8d2b
                                                                • Instruction Fuzzy Hash: CC21F877704A4182DB149F2AE49442EA771FBC8FC5B258126EF6E47B68CF3AD844C740
                                                                Function 00007FFDFF1E6EF5 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_Object_String$Bstr@@DeallocFormatFreeU_object@@
                                                                • String ID:
                                                                • API String ID: 2276157465-0
                                                                • Opcode ID: 8b03eeb2545027445cd368e2150a9abf13596b59d6f4cc30188395740f06a9ef
                                                                • Instruction ID: 1f2bffe42a81f9acbbcf42ba72328f3a3fe1b52c84d1df2e90e5f422a8fcf6d0
                                                                • Opcode Fuzzy Hash: 8b03eeb2545027445cd368e2150a9abf13596b59d6f4cc30188395740f06a9ef
                                                                • Instruction Fuzzy Hash: 8E21D837F09B8681FB249F15E960A6963A0AB58B94F444532CEBE07B9CDF2CE055C700
                                                                Function 00007FFDFF1E701A Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Long$DeallocFormatLong_Number_OccurredString
                                                                • String ID:
                                                                • API String ID: 4161373848-0
                                                                • Opcode ID: 4b08904da712e7a8f3c17438fdbc9e036fd045c5376425a9b104ead78c49b629
                                                                • Instruction ID: c3293945ace0338e1d1527780fdd2483e45fc1958acfe0c968a31676b963e06e
                                                                • Opcode Fuzzy Hash: 4b08904da712e7a8f3c17438fdbc9e036fd045c5376425a9b104ead78c49b629
                                                                • Instruction Fuzzy Hash: 3311DA37F09A8681FB659B16A920AB963A0AB49B94F484632C97E037DDDF2CF0459700
                                                                Function 00007FFDFF1E6F54 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Err_$Long$DeallocFormatLong_Number_OccurredString
                                                                • String ID:
                                                                • API String ID: 4161373848-0
                                                                • Opcode ID: 4f3e0ec92de11997c148a088fe3b0d6cab3d9e559bf33cf7146e5ded7b7afbc2
                                                                • Instruction ID: 6d8980536787d5f5a04f04106fe821b367038f89dceed6f3be1200097a54e7cf
                                                                • Opcode Fuzzy Hash: 4f3e0ec92de11997c148a088fe3b0d6cab3d9e559bf33cf7146e5ded7b7afbc2
                                                                • Instruction Fuzzy Hash: 6811E837F09A8681FB659F16E960AB963A0AB48B94F084631CE7E437DDDF2CF0459700
                                                                Function 00007FFDFB3A7810 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1731477104.00007FFDFB201000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FFDFB200000, based on PE: true
                                                                • Associated: 00000002.00000002.1731452293.00007FFDFB200000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731650956.00007FFDFB481000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731650956.00007FFDFB4A3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731650956.00007FFDFB4B0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731650956.00007FFDFB525000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731650956.00007FFDFB5F1000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1731987700.00007FFDFB6F5000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732051053.00007FFDFB764000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732085584.00007FFDFB766000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732116866.00007FFDFB768000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732177214.00007FFDFB7EE000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732204734.00007FFDFB7F0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732233391.00007FFDFB7FA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732268863.00007FFDFB81F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732292972.00007FFDFB822000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732321119.00007FFDFB824000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732349442.00007FFDFB830000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732377674.00007FFDFB831000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732410914.00007FFDFB873000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732443737.00007FFDFB890000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdfb200000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 203fc1dba7cc33d476055cf7582a3997dd67ce7cbda3f23b695a44c26f55815b
                                                                • Instruction ID: 32950e36ff0d2af25d82c6ad6c2f060884798860bb025364e741cb226a1b7540
                                                                • Opcode Fuzzy Hash: 203fc1dba7cc33d476055cf7582a3997dd67ce7cbda3f23b695a44c26f55815b
                                                                • Instruction Fuzzy Hash: B3117322B15F028AEB00CF60E8656B833A4F719758F441D31DA2D46BA8EF3CD154C380
                                                                Function 00007FF704C0B730 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction ID: 40c814b47deadcb83c958e4b4cdfc606d0c47330074912fd97b5a5cc686a65d3
                                                                • Opcode Fuzzy Hash: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction Fuzzy Hash: F8114826B14B019AEB00DF65EC852A973A4FF18B58F840E36DA6D827A4DF78E1548390
                                                                Function 00007FFDFF1E0DE3 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Global$Size$Bytes_FromLockStringUnlock
                                                                • String ID:
                                                                • API String ID: 911184104-0
                                                                • Opcode ID: 839abb858024755d30e34b1f86beb1ce23b0261844b96d7761f511234b44e24a
                                                                • Instruction ID: d9c4677585899aaba5f2da501afd64e26383385481aa693aeb0ccd8124b94331
                                                                • Opcode Fuzzy Hash: 839abb858024755d30e34b1f86beb1ce23b0261844b96d7761f511234b44e24a
                                                                • Instruction Fuzzy Hash: 9AF0B72AF19A4282DB449B16E8649696370FB89FD4B481231DF3E477D9DF2CF4A58300
                                                                Function 00007FF704C076E0 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction ID: 57dc7cd9f4bd3df40cf22e8911f740d1c47a08d86ea715225c1c059e4dcc073f
                                                                • Opcode Fuzzy Hash: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction Fuzzy Hash: 6EF01C21A19A4292EB556F27ADC403AA2A1AF88BC0B882032DA4A47254DF3CF4458620
                                                                Function 00007FF704C07850 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction ID: 9771e8d346af7f0e84b233df57e4c964c0e000c3c02547153b1c6d3c1e59d5f7
                                                                • Opcode Fuzzy Hash: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction Fuzzy Hash: AAF01C21A2964292EB646F22EDC453EA361AF84B84F881532D94A57654DF3CF445C720
                                                                Function 00007FF704C25EAC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                • String ID: ?
                                                                • API String ID: 1286766494-1684325040
                                                                • Opcode ID: cf697bdb51094207d6ee9eae1cd5fbc0d85a6320413321d07d0a3768db1f0123
                                                                • Instruction ID: bcc0dbc65a767f6395214734b1452d0fa2d4f3aa5aa1ae6c117a83adc8a071d1
                                                                • Opcode Fuzzy Hash: cf697bdb51094207d6ee9eae1cd5fbc0d85a6320413321d07d0a3768db1f0123
                                                                • Instruction Fuzzy Hash: A441F722B1828272FB64AF27DA8137BD660EF817A4F944236EF5D06AD5DF7CD4418710
                                                                Function 00007FF704C19068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF704C1909A
                                                                  • Part of subcall function 00007FF704C1A574: HeapFree.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A58A
                                                                  • Part of subcall function 00007FF704C1A574: GetLastError.KERNEL32(?,?,?,00007FF704C230B2,?,?,?,00007FF704C230EF,?,?,00000000,00007FF704C235B5,?,?,?,00007FF704C234E7), ref: 00007FF704C1A594
                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF704C0B2B5), ref: 00007FF704C190B8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                • String ID: C:\Users\user\Desktop\rQTI6IKszT.exe
                                                                • API String ID: 3580290477-1571259150
                                                                • Opcode ID: c4ef40391585e63bfee76c0dec08306d42474283c32ed7c9db37b7dfee7db718
                                                                • Instruction ID: ad9b5fec0b5ca9264a5c5a79d2738aa18d34b1d6ac785481ea1f04601df1cbdc
                                                                • Opcode Fuzzy Hash: c4ef40391585e63bfee76c0dec08306d42474283c32ed7c9db37b7dfee7db718
                                                                • Instruction Fuzzy Hash: 66418275A09B42A6EB14FF229D900BAA6B5AF46794FD44037EE0E03765DF3DE481C320
                                                                Function 00007FF704C20960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                • String ID: .$:
                                                                • API String ID: 2020911589-4202072812
                                                                • Opcode ID: f18622fc874dc0096da447da923746415c13c3d6c21b8197b813cfbbf25dd785
                                                                • Instruction ID: 6fbced1a99bc2935f686c93d0088cfbeaede76decce28d6c93f18c28a2640f08
                                                                • Opcode Fuzzy Hash: f18622fc874dc0096da447da923746415c13c3d6c21b8197b813cfbbf25dd785
                                                                • Instruction Fuzzy Hash: D1412A22E05A22A8FB11BFB2DD911BEA6B46F15748F940037DF4E67B95EF7894418320
                                                                Function 00007FF704C1CD48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction ID: d0879f7ee3b62277190e9358f3a0b93ccd723063b8f5e451b5a76990086d1157
                                                                • Opcode Fuzzy Hash: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction Fuzzy Hash: 4F41A422A18A8192DB20EF66E8843BAB761FF99794F804136EE4D87798DF7CD441C750
                                                                Function 00007FF704C1F948 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID: :
                                                                • API String ID: 1611563598-336475711
                                                                • Opcode ID: 16423aaa6e76add96948d3da3e85a25f80ad5e0aa4873cb1fd8aa8ebc72cb466
                                                                • Instruction ID: bf0e2566aee44c4308636b30c0d53e638e4d547ee2c9eaeb1d0505ee8b9ae8a9
                                                                • Opcode Fuzzy Hash: 16423aaa6e76add96948d3da3e85a25f80ad5e0aa4873cb1fd8aa8ebc72cb466
                                                                • Instruction Fuzzy Hash: B521D522A0868191EB20AF16D88426FA3B1FF89B44FC5403BD68D53395DF7CE945C760
                                                                Function 00007FFDFF1E1D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • PyVARDESC ctor has unknown varkind (%d) - returning None, xrefs: 00007FFDFF1E1E44
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BuildFromLongLong_ReferenceSizeValue_
                                                                • String ID: PyVARDESC ctor has unknown varkind (%d) - returning None
                                                                • API String ID: 2591102632-2090549355
                                                                • Opcode ID: 774dcf83d9c265a03f4fd1e71f6178a9dd13d1f67923ca296168780e17c11a3c
                                                                • Instruction ID: 2bf98594d0aec9d1fc43490953d27a440317db632b1550367b1448a8032f6463
                                                                • Opcode Fuzzy Hash: 774dcf83d9c265a03f4fd1e71f6178a9dd13d1f67923ca296168780e17c11a3c
                                                                • Instruction Fuzzy Hash: 10212873F08A4196E7648F25E96197833A0FB08B88B544635DA7E837D8DF78E8A0C740
                                                                Function 00007FF704C0E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction ID: 9ad3c3683b06b248363b45cf6ba6af06d2d9ecd34385e83c38cacf6900f043e6
                                                                • Opcode Fuzzy Hash: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction Fuzzy Hash: 82116D32618B8092EB209F56F98426AB7E4FF88B94F984631DE8D47B65DF3CD551CB00
                                                                Function 00007FF704C20ACC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1729423436.00007FF704C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF704C00000, based on PE: true
                                                                • Associated: 00000002.00000002.1729398635.00007FF704C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729459374.00007FF704C2C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C3F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729490080.00007FF704C44000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000002.00000002.1729541388.00007FF704C47000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ff704c00000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                • String ID: :
                                                                • API String ID: 2595371189-336475711
                                                                • Opcode ID: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction ID: 4efe62d04f52bf0597b28e2f8861cd54510ad608e5f3390b451d535b30e62d2a
                                                                • Opcode Fuzzy Hash: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction Fuzzy Hash: 2A018F22A1C20296F730BF62D8E527FA3A0EF45748FC41537D64D866A1EF6CE544CA24
                                                                Function 00007FFDFF1C6FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: Skip
                                                                • API String ID: 715727267-1480915523
                                                                • Opcode ID: da71c9266bbd2d20fcc991b2b3bbb00d1e79ababe61d7d01384daacd525ca938
                                                                • Instruction ID: bc190503b23d0a0919f0592f4b1c350bc1ec17d667d92a39db460b4799c1b68f
                                                                • Opcode Fuzzy Hash: da71c9266bbd2d20fcc991b2b3bbb00d1e79ababe61d7d01384daacd525ca938
                                                                • Instruction Fuzzy Hash: 30F03A37F18B6582EB008F2AE414959A3B4FB88B94B444532DFAC83758DF39D445CB40
                                                                Function 00007FFDFF1B4C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: Skip
                                                                • API String ID: 715727267-1480915523
                                                                • Opcode ID: 4a1acb47e40b5c5fcecde29af26ecf7bfa456187618cb3d85ee8b8633156f38b
                                                                • Instruction ID: bc190503b23d0a0919f0592f4b1c350bc1ec17d667d92a39db460b4799c1b68f
                                                                • Opcode Fuzzy Hash: 4a1acb47e40b5c5fcecde29af26ecf7bfa456187618cb3d85ee8b8633156f38b
                                                                • Instruction Fuzzy Hash: 30F03A37F18B6582EB008F2AE414959A3B4FB88B94B444532DFAC83758DF39D445CB40
                                                                Function 00007FFDFF1C7030 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: Reset
                                                                • API String ID: 715727267-2438762569
                                                                • Opcode ID: 0bcea6b3bb714fa0ef324269dc711fbe38d68379f0820dd015e8954e73d7a605
                                                                • Instruction ID: 7113a78e98ebfe3b2c139c9d3b3da678b6e627b71ceb2b1bbb694bfa670b4c18
                                                                • Opcode Fuzzy Hash: 0bcea6b3bb714fa0ef324269dc711fbe38d68379f0820dd015e8954e73d7a605
                                                                • Instruction Fuzzy Hash: CCE09233F14B5582EB004B7AF9A8E2C63A0FB5CB84F455030DB2947688DE38D488C700
                                                                Function 00007FFDFF1C2ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: DragLeave
                                                                • API String ID: 715727267-794947634
                                                                • Opcode ID: 3cd7c171ab090fc4b0cc019c7f7a04ef324aab13caf11e8371b870bdee15f951
                                                                • Instruction ID: 052bc4ded301a8f462b05aa89d6540f880e7a802b0670877ac2be61d159681b7
                                                                • Opcode Fuzzy Hash: 3cd7c171ab090fc4b0cc019c7f7a04ef324aab13caf11e8371b870bdee15f951
                                                                • Instruction Fuzzy Hash: 83E09233F1475582EB004B7AF4A8E1D63A0FB8CB84F455030DA2987658EE38C488C700
                                                                Function 00007FFDFF1C9D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000002.00000002.1732503637.00007FFDFF191000.00000020.00000001.01000000.00000015.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                • Associated: 00000002.00000002.1732474720.00007FFDFF190000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732553498.00007FFDFF1EC000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732594650.00007FFDFF21F000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732622985.00007FFDFF22A000.00000008.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732650752.00007FFDFF22B000.00000004.00000001.01000000.00000015.sdmpDownload File
                                                                • Associated: 00000002.00000002.1732679742.00007FFDFF234000.00000002.00000001.01000000.00000015.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_2_2_7ffdff190000_rQTI6IKszT.jbxd
                                                                Similarity
                                                                • API ID: State_$EnsureRelease
                                                                • String ID: Reset
                                                                • API String ID: 715727267-2438762569
                                                                • Opcode ID: e6b78c5ead045899ecef7d3a6e1e115a888041bcd40e110be5cecad8b582e21e
                                                                • Instruction ID: 7113a78e98ebfe3b2c139c9d3b3da678b6e627b71ceb2b1bbb694bfa670b4c18
                                                                • Opcode Fuzzy Hash: e6b78c5ead045899ecef7d3a6e1e115a888041bcd40e110be5cecad8b582e21e
                                                                • Instruction Fuzzy Hash: CCE09233F14B5582EB004B7AF9A8E2C63A0FB5CB84F455030DB2947688DE38D488C700