Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
LKEAHetlG6.exe

Overview

General Information

Sample name:LKEAHetlG6.exe
renamed because original name is a hash value
Original sample name:c4f3815a85c4c42379e5a5fadeddfd6a5c412ab48b628ad6d07d85eb5827a009.exe
Analysis ID:1487187
MD5:56407455f0d9001e20b5bb55aacedb69
SHA1:831304ec839bdc1fa40c71c48eb2ef3872ba28a7
SHA256:c4f3815a85c4c42379e5a5fadeddfd6a5c412ab48b628ad6d07d85eb5827a009
Tags:exef005-backblazeb2-com
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • LKEAHetlG6.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\LKEAHetlG6.exe" MD5: 56407455F0D9001E20B5BB55AACEDB69)
    • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • LKEAHetlG6.exe (PID: 7152 cmdline: "C:\Users\user\Desktop\LKEAHetlG6.exe" MD5: 56407455F0D9001E20B5BB55AACEDB69)
      • cmd.exe (PID: 760 cmdline: C:\Windows\system32\cmd.exe /c "kdmapper.exe drv.sys" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: LKEAHetlG6.exeVirustotal: Detection: 12%Perma Link
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800CB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B800CB40
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8038810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B8038810
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1D84 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B7FF1D84
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8007980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,3_2_00007FF8B8007980
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF107D CRYPTO_free,3_2_00007FF8B7FF107D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF204A
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80159F0 CRYPTO_free,CRYPTO_free,3_2_00007FF8B80159F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF1A16
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8005A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,3_2_00007FF8B8005A10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF271B CRYPTO_free,CRYPTO_strdup,3_2_00007FF8B7FF271B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8047A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B8047A40
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8B7FF1C53
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF23EC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,3_2_00007FF8B7FF13D9
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803DAF0 CRYPTO_free,3_2_00007FF8B803DAF0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8015AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B8015AE0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8055B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B8055B10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8005B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,3_2_00007FF8B8005B10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8003B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B8003B30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B805BB70
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B803DB60
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF8B7FF222A
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF267B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF23E7 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B7FF23E7
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,3_2_00007FF8B7FF1CEE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,3_2_00007FF8B7FF150F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,3_2_00007FF8B7FF1361
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,3_2_00007FF8B7FF5C53
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,3_2_00007FF8B7FF19DD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8047CD0 CRYPTO_memcmp,3_2_00007FF8B8047CD0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1F37
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8015CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B8015CF0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF1F50
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8053D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FF8B8053D30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1CBC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8005D80 CRYPTO_THREAD_run_once,3_2_00007FF8B8005D80
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF15E6
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1CE9
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF16A4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8011E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,3_2_00007FF8B8011E60
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,3_2_00007FF8B7FF5E80
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF24E6
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF3EB0 CRYPTO_free,3_2_00007FF8B7FF3EB0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FFDEC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800BEC0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B800BEC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8069F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B8069F10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF236F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2027 CRYPTO_free,3_2_00007FF8B7FF2027
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF1AC3
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8061F70 CRYPTO_memcmp,3_2_00007FF8B8061F70
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1EDD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8B7FF1D8E
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,3_2_00007FF8B7FFDFB2
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF103C CRYPTO_malloc,COMP_expand_block,3_2_00007FF8B7FF103C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8024000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B8024000
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E040 CRYPTO_free,3_2_00007FF8B803E040
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1AB4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1893
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80480A0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B80480A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E0C1 CRYPTO_free,CRYPTO_free,3_2_00007FF8B803E0C1
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,3_2_00007FF8B7FF24C8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,3_2_00007FF8B7FF26DF
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8051126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B8051126
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFD140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FFD140
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,3_2_00007FF8B805D170
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,3_2_00007FF8B7FF111D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF20EF
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFB200 CRYPTO_clear_free,3_2_00007FF8B7FFB200
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1483
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8053210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,3_2_00007FF8B8053210
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8B7FF155A
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,3_2_00007FF8B7FF230B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80352A0 CRYPTO_free,3_2_00007FF8B80352A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFD2E1 CRYPTO_free,3_2_00007FF8B7FFD2E1
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,3_2_00007FF8B803D2F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FF8B7FF1997
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80412E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,3_2_00007FF8B80412E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF1ED8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1992
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,3_2_00007FF8B7FF144C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1ACD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8039370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B8039370
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF11BD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8053420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,3_2_00007FF8B8053420
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF193D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1023
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8023460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B8023460
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B803F490
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80014E0 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8B80014E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF12CB CRYPTO_THREAD_run_once,3_2_00007FF8B7FF12CB
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,3_2_00007FF8B7FFF540
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8065540 CRYPTO_memcmp,3_2_00007FF8B8065540
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80335E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,3_2_00007FF8B80335E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,3_2_00007FF8B7FF1646
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B804F660 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B804F660
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF2522
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,3_2_00007FF8B7FF176C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,3_2_00007FF8B7FF1087
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8007730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B8007730
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,3_2_00007FF8B7FF25D6
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF8B801D750
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF108C ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B7FF108C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8047770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B8047770
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8B7FF1582
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8069790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,3_2_00007FF8B8069790
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80097B0 CRYPTO_free,CRYPTO_strdup,3_2_00007FF8B80097B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,3_2_00007FF8B7FFF7F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF8B7FF11DB
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF19E7 CRYPTO_free,3_2_00007FF8B7FF19E7
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,3_2_00007FF8B7FF162C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8067820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B8067820
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1846
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8059850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B8059850
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8015870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B8015870
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,3_2_00007FF8B7FF586A
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80538A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,3_2_00007FF8B80538A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B7FF2590
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,3_2_00007FF8B7FF1B18
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1B31
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B804F8F0 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8B804F8F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,3_2_00007FF8B7FF1A05
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B805A930
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF2365
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF17F8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800E948 CRYPTO_free,3_2_00007FF8B800E948
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8B7FF1811
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8004980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,3_2_00007FF8B8004980
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8006990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,3_2_00007FF8B8006990
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1A32
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF117C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF20E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8038A90 CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B8038A90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,3_2_00007FF8B7FF110E
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF4B10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B7FF213F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801EB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,3_2_00007FF8B801EB40
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF2464
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1F87
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF4BD0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8032C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8B8032C10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800EC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,3_2_00007FF8B800EC00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8024C28 EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8B8024C28
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8046C40 CRYPTO_realloc,3_2_00007FF8B8046C40
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF11A9 EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8B7FF11A9
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B805ACD0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,3_2_00007FF8B7FF2112
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8018D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,3_2_00007FF8B8018D10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801CD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,3_2_00007FF8B801CD30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,3_2_00007FF8B7FF21E4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8050D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B8050D30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,3_2_00007FF8B7FF1A23
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8028D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B8028D90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,3_2_00007FF8B7FFCDC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,3_2_00007FF8B7FF195B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF8B7FF1E65
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8040E50 CRYPTO_memcmp,3_2_00007FF8B8040E50
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,3_2_00007FF8B7FF105F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8046E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B8046E70
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF1677
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2374 CRYPTO_free,3_2_00007FF8B7FF2374
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8052F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,3_2_00007FF8B8052F60
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF4FA0 CRYPTO_free,3_2_00007FF8B7FF4FA0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,3_2_00007FF8B7FF1393
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B7FF1B90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FFF060 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B7FFF060
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF2121
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FF8B7FF1262
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B805B0D0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,3_2_00007FF8B801D0C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80410C0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B80410C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1140 CRYPTO_free,3_2_00007FF8B7FF1140
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8054110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,3_2_00007FF8B8054110
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80121C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,3_2_00007FF8B80121C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80021F0 CRYPTO_THREAD_run_once,3_2_00007FF8B80021F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E200 CRYPTO_free,3_2_00007FF8B803E200
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8034230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8B8034230
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8032230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,3_2_00007FF8B8032230
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF1389
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800E227 CRYPTO_THREAD_write_lock,3_2_00007FF8B800E227
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF198D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1401
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E260 CRYPTO_free,3_2_00007FF8B803E260
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B7FF1B54
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8B7FF2180
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B806A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,3_2_00007FF8B806A2C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80622F0 CRYPTO_free,CRYPTO_memdup,3_2_00007FF8B80622F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF4300
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,3_2_00007FF8B7FF23D8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8048350 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8B8048350
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8010380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,3_2_00007FF8B8010380
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80043A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,3_2_00007FF8B80043A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,3_2_00007FF8B7FF25EF
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,3_2_00007FF8B7FF139D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF18B6
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1A0F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF84B0 CRYPTO_zalloc,CRYPTO_free,3_2_00007FF8B7FF84B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,3_2_00007FF8B7FF1F23
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8062510 CRYPTO_free,CRYPTO_strndup,3_2_00007FF8B8062510
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1492
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E540 CRYPTO_free,3_2_00007FF8B803E540
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8054540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B8054540
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF1488
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803E5A0 CRYPTO_free,3_2_00007FF8B803E5A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80325D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,3_2_00007FF8B80325D0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801E5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,3_2_00007FF8B801E5E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,3_2_00007FF8B7FF120D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B800A600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,3_2_00007FF8B800A600
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF114F CRYPTO_free,ERR_new,ERR_set_debug,3_2_00007FF8B7FF114F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,3_2_00007FF8B7FF1212
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8038620 CRYPTO_free,3_2_00007FF8B8038620
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF241E
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80386D0 OPENSSL_cleanse,CRYPTO_free,3_2_00007FF8B80386D0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,3_2_00007FF8B7FF26AD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF14CE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80566E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,3_2_00007FF8B80566E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80626E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,3_2_00007FF8B80626E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1CA3 CRYPTO_strdup,CRYPTO_free,3_2_00007FF8B7FF1CA3
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8050700 ERR_new,ERR_set_debug,CRYPTO_clear_free,3_2_00007FF8B8050700
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,3_2_00007FF8B7FF17E9
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF22D4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1771 CRYPTO_free,3_2_00007FF8B7FF1771
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B806A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B806A770
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8004790 CRYPTO_get_ex_new_index,3_2_00007FF8B8004790
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,3_2_00007FF8B7FF17DF
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80047F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,3_2_00007FF8B80047F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8064809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B8064809
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF136B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,3_2_00007FF8B7FF2577
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,3_2_00007FF8B7FF1181
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF13DE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,3_2_00007FF8B7FF1A41
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F75078 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,3_2_00007FF8B8F75078
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F75330 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,3_2_00007FF8B8F75330
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C6344 CRYPTO_memcmp,3_2_00007FF8B93C6344
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C18C0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,3_2_00007FF8B93C18C0
Source: LKEAHetlG6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045072897.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041736660.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: LKEAHetlG6.exe, 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041511839.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043710864.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044431296.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042464218.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044555266.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042075380.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044308941.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044431296.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042679757.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041341135.0000023096507000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045398452.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042608566.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043808210.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042864876.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041664235.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044308941.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045398452.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041969216.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043710864.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043617031.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042608566.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040248647.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174379177.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042397262.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043406151.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045299063.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042795141.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041511839.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042326258.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042397262.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174471307.00007FF8BA4F3000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042538640.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043312420.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041341135.0000023096507000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044931382.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045496409.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043511516.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042219020.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043312420.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: LKEAHetlG6.exe, 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmp, libssl-3.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044555266.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045299063.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: LKEAHetlG6.exe, 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044679454.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042464218.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045195491.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A8739000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2040248647.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174379177.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043906573.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042075380.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043511516.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044801944.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041969216.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041587257.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042679757.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041664235.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043617031.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044205408.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044931382.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043906573.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041439872.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2172776458.00007FF8B8CBE000.00000002.00000001.01000000.00000011.sdmp, _bz2.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041587257.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: LKEAHetlG6.exe, 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174284082.00007FF8B9F69000.00000002.00000001.01000000.00000007.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045195491.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044205408.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2168994227.00007FF8A938F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A87D1000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: LKEAHetlG6.exe, 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmp, libssl-3.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042864876.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041736660.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041439872.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044093263.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044801944.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A87D1000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042219020.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044679454.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045496409.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043808210.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043406151.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041808714.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042326258.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174196234.00007FF8B9843000.00000002.00000001.01000000.0000000D.sdmp, _queue.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042538640.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045072897.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042795141.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044093263.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D67990 FindFirstFileExW,FindClose,0_2_00007FF7E5D67990
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D66C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7E5D66C30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D81C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D67990 FindFirstFileExW,FindClose,3_2_00007FF7E5D67990
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D66C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF7E5D66C30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D81C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6EFEC FindFirstFileExW,FindClose,FindNextFileW,3_2_00007FF8B7E6EFEC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E42DFC FindFirstFileExW,3_2_00007FF8B7E42DFC
Source: Joe Sandbox ViewIP Address: 149.137.136.16 149.137.136.16
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: f005.backblazeb2.com
Source: LKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089157925.0000021EF3FE5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000002.2174859124.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041439872.000002309650E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000002.2174859124.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: LKEAHetlG6.exe, 00000003.00000003.2155930267.0000021EF411B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF410C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153503679.0000021EF3ED6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156802569.0000021EF3EDA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154542353.0000021EF3ED7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: LKEAHetlG6.exe, 00000003.00000003.2153503679.0000021EF3ED6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156802569.0000021EF3EDA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154542353.0000021EF3ED7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl6
Source: LKEAHetlG6.exe, 00000003.00000003.2155930267.0000021EF411B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF410C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl&
Source: LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000002.2174859124.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041439872.000002309650E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: _lzma.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041439872.000002309650E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165368085.0000021EF3F10000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070084203.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3F3E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165839985.0000021EF427C000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: LKEAHetlG6.exe, 00000003.00000003.2152061445.0000021EF35C6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154817772.0000021EF35D2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156622175.0000021EF35D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153503679.0000021EF3ED6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153995890.0000021EF3EEE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: LKEAHetlG6.exe, 00000003.00000003.2153309139.0000021EF359B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163322872.0000021EF39E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154668634.0000021EF39D1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160404641.0000021EF39E3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161678266.0000021EF39E6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154612082.0000021EF39CF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153521804.0000021EF39CE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155705158.0000021EF39D4000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esy
Source: LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.di
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041439872.000002309650E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000002.2174859124.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000002.2174859124.0000023096511000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, libssl-3.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: LKEAHetlG6.exe, 00000003.00000003.2161365714.0000021EF40B6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156995241.0000021EF40A9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157627855.0000021EF3907000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165541332.0000021EF40C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161345104.0000021EF40AC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157294454.0000021EF38FF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161467423.0000021EF40BC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157217178.0000021EF38EF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161384766.0000021EF40BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/z
Source: LKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF40E3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155199818.0000021EF40EC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155199818.0000021EF40EC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: LKEAHetlG6.exe, 00000003.00000003.2157771510.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156208856.0000021EF4132000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161212232.0000021EF4132000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: LKEAHetlG6.exe, 00000003.00000003.2157771510.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/w
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2047623118.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041341135.000002309650D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041439872.000002309650E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000000.00000003.2050082495.0000023096504000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, _hashlib.pyd.0.dr, libcrypto-3.dll.0.dr, _bz2.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: LKEAHetlG6.exe, 00000003.00000003.2151860384.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2090100081.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155306056.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152714757.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165563791.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156401092.0000021EF3FA2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: LKEAHetlG6.exe, 00000003.00000003.2153488736.0000021EF3A02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089883248.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: LKEAHetlG6.exe, 00000003.00000003.2161365714.0000021EF40B6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156995241.0000021EF40A9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161345104.0000021EF40AC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161467423.0000021EF40BC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161384766.0000021EF40BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155306056.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165563791.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070084203.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3F3E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066182430.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: LKEAHetlG6.exe, 00000003.00000003.2061790031.0000021EF35BE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF3550000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sys
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sys__
Source: LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/1/drv.syspydd
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exeP
Source: LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exetionsP
Source: LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163655584.0000021EF3C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165388705.0000021EF3F1C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: LKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: LKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2159150958.0000021EF1AD1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162199260.0000021EF1AD1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: LKEAHetlG6.exe, 00000003.00000003.2065201080.0000021EF399C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066701059.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066391193.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2065341640.0000021EF359E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: LKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163655584.0000021EF3C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161546329.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165347108.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: LKEAHetlG6.exe, 00000003.00000002.2165839985.0000021EF427C000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154891725.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156456390.0000021EF39BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: LKEAHetlG6.exe, 00000003.00000003.2152489145.0000021EF3915000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163084099.0000021EF3924000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160759120.0000021EF3924000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2090075701.0000021EF390F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF390E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153402815.0000021EF3923000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152534781.0000021EF391D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF3907000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4370000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF3907000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071262885.0000021EF3A11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF3A11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158094967.0000021EF3A19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: LKEAHetlG6.exe, 00000003.00000002.2162862367.0000021EF387C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157488779.0000021EF3878000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068986087.0000021EF3F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: LKEAHetlG6.exe, 00000003.00000002.2162751342.0000021EF3770000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: LKEAHetlG6.exe, 00000003.00000003.2157278979.0000021EF38E9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: LKEAHetlG6.exe, 00000003.00000003.2066346334.0000021EF35D6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066626111.0000021EF35D6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152061445.0000021EF35E5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153076909.0000021EF35E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F16000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: LKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: LKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmp, LKEAHetlG6.exe, 00000003.00000002.2167716527.00007FF8A887A000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068986087.0000021EF3F6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: LKEAHetlG6.exe, 00000003.00000002.2168429309.00007FF8A8DF8000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157294454.0000021EF38FF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157217178.0000021EF38EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: LKEAHetlG6.exe, 00000003.00000003.2155945272.0000021EF4135000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: LKEAHetlG6.exe, 00000003.00000003.2155945272.0000021EF4135000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/4%e
Source: LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156456390.0000021EF39BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D85F900_2_00007FF7E5D85F90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D86CF40_2_00007FF7E5D86CF4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D67F100_2_00007FF7E5D67F10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D706880_2_00007FF7E5D70688
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D6FE680_2_00007FF7E5D6FE68
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D75E000_2_00007FF7E5D75E00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D735A00_2_00007FF7E5D735A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D715700_2_00007FF7E5D71570
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7DD340_2_00007FF7E5D7DD34
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D719080_2_00007FF7E5D71908
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D730DC0_2_00007FF7E5D730DC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D728A00_2_00007FF7E5D728A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7088C0_2_00007FF7E5D7088C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7006C0_2_00007FF7E5D7006C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7E8480_2_00007FF7E5D7E848
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D787E80_2_00007FF7E5D787E8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D83FA00_2_00007FF7E5D83FA0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D867A80_2_00007FF7E5D867A8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D80C580_2_00007FF7E5D80C58
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D79F300_2_00007FF7E5D79F30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D89AB80_2_00007FF7E5D89AB8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D702780_2_00007FF7E5D70278
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D8620C0_2_00007FF7E5D8620C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D689EB0_2_00007FF7E5D689EB
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7E1C80_2_00007FF7E5D7E1C8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D781300_2_00007FF7E5D78130
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D72CD80_2_00007FF7E5D72CD8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7047C0_2_00007FF7E5D7047C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D80C580_2_00007FF7E5D80C58
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D8443C0_2_00007FF7E5D8443C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D81C040_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D693BD0_2_00007FF7E5D693BD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D68B8B0_2_00007FF7E5D68B8B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D85F903_2_00007FF7E5D85F90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D86CF43_2_00007FF7E5D86CF4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D67F103_2_00007FF7E5D67F10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D706883_2_00007FF7E5D70688
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D6FE683_2_00007FF7E5D6FE68
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D75E003_2_00007FF7E5D75E00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D735A03_2_00007FF7E5D735A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D715703_2_00007FF7E5D71570
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7DD343_2_00007FF7E5D7DD34
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D719083_2_00007FF7E5D71908
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D730DC3_2_00007FF7E5D730DC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D728A03_2_00007FF7E5D728A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7088C3_2_00007FF7E5D7088C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7006C3_2_00007FF7E5D7006C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7E8483_2_00007FF7E5D7E848
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D787E83_2_00007FF7E5D787E8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D83FA03_2_00007FF7E5D83FA0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D867A83_2_00007FF7E5D867A8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D80C583_2_00007FF7E5D80C58
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D79F303_2_00007FF7E5D79F30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D89AB83_2_00007FF7E5D89AB8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D702783_2_00007FF7E5D70278
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D8620C3_2_00007FF7E5D8620C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D689EB3_2_00007FF7E5D689EB
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7E1C83_2_00007FF7E5D7E1C8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D781303_2_00007FF7E5D78130
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D72CD83_2_00007FF7E5D72CD8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7047C3_2_00007FF7E5D7047C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D80C583_2_00007FF7E5D80C58
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D8443C3_2_00007FF7E5D8443C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D81C043_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D693BD3_2_00007FF7E5D693BD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D68B8B3_2_00007FF7E5D68B8B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8A92818803_2_00007FF8A9281880
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8A92812F03_2_00007FF8A92812F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6E8643_2_00007FF8B7E6E864
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E087D03_2_00007FF8B7E087D0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E157B83_2_00007FF8B7E157B8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E147883_2_00007FF8B7E14788
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E646F83_2_00007FF8B7E646F8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2D6E03_2_00007FF8B7E2D6E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E026A03_2_00007FF8B7E026A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1C6B03_2_00007FF8B7E1C6B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E426943_2_00007FF8B7E42694
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E086503_2_00007FF8B7E08650
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E205803_2_00007FF8B7E20580
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2C5703_2_00007FF8B7E2C570
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2654C3_2_00007FF8B7E2654C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1641C3_2_00007FF8B7E1641C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1D4083_2_00007FF8B7E1D408
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0A4003_2_00007FF8B7E0A400
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E122F03_2_00007FF8B7E122F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E022A43_2_00007FF8B7E022A4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E8B2AC3_2_00007FF8B7E8B2AC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0423C3_2_00007FF8B7E0423C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E091203_2_00007FF8B7E09120
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0B0B03_2_00007FF8B7E0B0B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0A0303_2_00007FF8B7E0A030
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E030003_2_00007FF8B7E03000
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1CEC03_2_00007FF8B7E1CEC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E42EC03_2_00007FF8B7E42EC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6CEC03_2_00007FF8B7E6CEC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E08EA03_2_00007FF8B7E08EA0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6EE443_2_00007FF8B7E6EE44
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E16E303_2_00007FF8B7E16E30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2BE103_2_00007FF8B7E2BE10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6DDF03_2_00007FF8B7E6DDF0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E28D503_2_00007FF8B7E28D50
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E08D303_2_00007FF8B7E08D30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7EA5CC03_2_00007FF8B7EA5CC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E3ACC43_2_00007FF8B7E3ACC4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1DC603_2_00007FF8B7E1DC60
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0DC303_2_00007FF8B7E0DC30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E0BBB03_2_00007FF8B7E0BBB0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E02B903_2_00007FF8B7E02B90
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2AB553_2_00007FF8B7E2AB55
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E01AF83_2_00007FF8B7E01AF8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1CAE43_2_00007FF8B7E1CAE4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6EA3C3_2_00007FF8B7E6EA3C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E05A203_2_00007FF8B7E05A20
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E039843_2_00007FF8B7E03984
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E1195E3_2_00007FF8B7E1195E
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7EA495C3_2_00007FF8B7EA495C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF15963_2_00007FF8B7FF1596
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF21DF3_2_00007FF8B7FF21DF
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1AD73_2_00007FF8B7FF1AD7
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8069B303_2_00007FF8B8069B30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8015CF03_2_00007FF8B8015CF0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1CBC3_2_00007FF8B7FF1CBC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1EDD3_2_00007FF8B7FF1EDD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1D8E3_2_00007FF8B7FF1D8E
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF155A3_2_00007FF8B7FF155A
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803D2F03_2_00007FF8B803D2F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80393703_2_00007FF8B8039370
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1FD73_2_00007FF8B7FF1FD7
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B801B7003_2_00007FF8B801B700
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80357703_2_00007FF8B8035770
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B803D7C03_2_00007FF8B803D7C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF15463_2_00007FF8B7FF1546
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF17F83_2_00007FF8B7FF17F8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF16183_2_00007FF8B7FF1618
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF26123_2_00007FF8B7FF2612
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF26FD3_2_00007FF8B7FF26FD
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF117C3_2_00007FF8B7FF117C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF24D73_2_00007FF8B7FF24D7
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF149C3_2_00007FF8B7FF149C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF21C13_2_00007FF8B7FF21C1
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1C123_2_00007FF8B7FF1C12
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80070B03_2_00007FF8B80070B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF116D3_2_00007FF8B7FF116D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1B543_2_00007FF8B7FF1B54
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80283F03_2_00007FF8B80283F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF1A0F3_2_00007FF8B7FF1A0F
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B805C5303_2_00007FF8B805C530
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF16FE3_2_00007FF8B7FF16FE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF86303_2_00007FF8B7FF8630
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B80626E03_2_00007FF8B80626E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF143D3_2_00007FF8B7FF143D
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF13DE3_2_00007FF8B7FF13DE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B219203_2_00007FF8B8B21920
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B2FA883_2_00007FF8B8B2FA88
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B212B03_2_00007FF8B8B212B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B21A003_2_00007FF8B8B21A00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B223B03_2_00007FF8B8B223B0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B273F83_2_00007FF8B8B273F8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B255D03_2_00007FF8B8B255D0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B246503_2_00007FF8B8B24650
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B22F803_2_00007FF8B8B22F80
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B28F403_2_00007FF8B8B28F40
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B25F003_2_00007FF8B8B25F00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB2DC03_2_00007FF8B8CB2DC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB3DC03_2_00007FF8B8CB3DC0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB77E83_2_00007FF8B8CB77E8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB60803_2_00007FF8B8CB6080
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CBC9AE3_2_00007FF8B8CBC9AE
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB10003_2_00007FF8B8CB1000
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB3B203_2_00007FF8B8CB3B20
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CE09803_2_00007FF8B8CE0980
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CDC4803_2_00007FF8B8CDC480
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F78E7C3_2_00007FF8B8F78E7C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F75C103_2_00007FF8B8F75C10
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F7543C3_2_00007FF8B8F7543C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F7BCB83_2_00007FF8B8F7BCB8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F787783_2_00007FF8B8F78778
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F79F8C3_2_00007FF8B8F79F8C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F79B943_2_00007FF8B8F79B94
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C18C03_2_00007FF8B93C18C0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C15803_2_00007FF8B93C1580
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C11A03_2_00007FF8B93C11A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C931 appears 39 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF7E5D61DB0 appears 36 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C93D appears 69 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C265 appears 48 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B8CD3800 appears 51 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF7E5D61DF0 appears 110 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B7E06448 appears 32 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B8CD3880 appears 114 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C17B appears 38 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C181 appears 1188 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B7FF1325 appears 477 times
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: String function: 00007FF8B806C16F appears 335 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
Source: LKEAHetlG6.exe, 00000000.00000003.2042608566.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2045072897.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2045195491.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2052414447.0000023096504000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042075380.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041808714.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044801944.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041587257.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041664235.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042864876.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2045299063.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044555266.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041225740.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044431296.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044093263.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041969216.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042679757.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042538640.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042795141.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2040248647.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043511516.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043617031.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042219020.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043906573.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044679454.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041736660.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041341135.0000023096507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2045398452.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2045496409.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043808210.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043710864.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044205408.0000023096502000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044308941.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042326258.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041439872.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043406151.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2044931382.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042464218.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2043312420.0000023096509000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2042397262.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000000.00000003.2041511839.0000023096501000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exeBinary or memory string: OriginalFilename vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamelibsslH vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2174319279.00007FF8B9F73000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2174509645.00007FF8BA4F6000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2174417821.00007FF8BA259000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2173451323.00007FF8B8CC3000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2168895294.00007FF8A8F20000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2169276377.00007FF8A9394000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2167716527.00007FF8A887A000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs LKEAHetlG6.exe
Source: LKEAHetlG6.exe, 00000003.00000002.2174231009.00007FF8B9846000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs LKEAHetlG6.exe
Source: classification engineClassification label: mal52.winEXE@6/56@1/1
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D61ED0 GetLastError,FormatMessageW,0_2_00007FF7E5D61ED0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402Jump to behavior
Source: LKEAHetlG6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LKEAHetlG6.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: LKEAHetlG6.exeVirustotal: Detection: 12%
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile read: C:\Users\user\Desktop\LKEAHetlG6.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\LKEAHetlG6.exe "C:\Users\user\Desktop\LKEAHetlG6.exe"
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Users\user\Desktop\LKEAHetlG6.exe "C:\Users\user\Desktop\LKEAHetlG6.exe"
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "kdmapper.exe drv.sys"
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Users\user\Desktop\LKEAHetlG6.exe "C:\Users\user\Desktop\LKEAHetlG6.exe"Jump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "kdmapper.exe drv.sys"Jump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeSection loaded: kernel.appcore.dllJump to behavior
Source: LKEAHetlG6.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: LKEAHetlG6.exeStatic file information: File size 9300301 > 1048576
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: LKEAHetlG6.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: LKEAHetlG6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045072897.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041736660.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: ucrtbase.pdb source: LKEAHetlG6.exe, 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041511839.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043710864.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044431296.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042464218.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044555266.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042075380.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044308941.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044431296.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042679757.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041341135.0000023096507000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045398452.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042608566.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043808210.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042864876.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041664235.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044308941.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045398452.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041969216.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043710864.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043617031.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042608566.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040248647.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174379177.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042397262.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043406151.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045299063.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042795141.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041511839.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042326258.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042397262.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: LKEAHetlG6.exe, 00000000.00000003.2052221560.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174471307.00007FF8BA4F3000.00000002.00000001.01000000.00000008.sdmp, select.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042538640.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043312420.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041341135.0000023096507000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044931382.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045496409.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043511516.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042219020.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043312420.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: LKEAHetlG6.exe, 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmp, libssl-3.dll.0.dr
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044555266.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045299063.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: LKEAHetlG6.exe, 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmp, _ssl.pyd.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044679454.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042464218.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045195491.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A8739000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2040248647.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174379177.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043906573.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042075380.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043511516.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044801944.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041969216.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041587257.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042679757.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040753019.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041664235.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043617031.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044205408.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044931382.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2043906573.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041439872.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: LKEAHetlG6.exe, 00000000.00000003.2040437249.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2172776458.00007FF8B8CBE000.00000002.00000001.01000000.00000011.sdmp, _bz2.pyd.0.dr
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041587257.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.0.dr
Source: Binary string: ucrtbase.pdbUGP source: LKEAHetlG6.exe, 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmp, ucrtbase.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041116513.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174284082.00007FF8B9F69000.00000002.00000001.01000000.00000007.sdmp, _socket.pyd.0.dr
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045195491.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044205408.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: LKEAHetlG6.exe, 00000000.00000003.2053386902.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2168994227.00007FF8A938F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A87D1000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: LKEAHetlG6.exe, 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmp, libssl-3.dll.0.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042864876.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2041736660.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041439872.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044093263.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2044801944.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: LKEAHetlG6.exe, 00000003.00000002.2167459306.00007FF8A87D1000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042219020.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044679454.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2045496409.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043808210.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2043406151.0000023096509000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041808714.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: LKEAHetlG6.exe, 00000000.00000003.2040859895.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmp, _lzma.pyd.0.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: LKEAHetlG6.exe, 00000000.00000003.2042326258.0000023096501000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: LKEAHetlG6.exe, 00000000.00000003.2041047592.0000023096500000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2174196234.00007FF8B9843000.00000002.00000001.01000000.0000000D.sdmp, _queue.pyd.0.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042538640.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2045072897.0000023096502000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2042795141.0000023096501000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: LKEAHetlG6.exe, 00000000.00000003.2044093263.0000023096509000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
Source: LKEAHetlG6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LKEAHetlG6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LKEAHetlG6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LKEAHetlG6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LKEAHetlG6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: 0x86AADB47 [Mon Aug 5 19:36:39 2041 UTC]
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E2983D push rdi; ret 3_2_00007FF8B7E29844
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E244F9 push rdi; ret 3_2_00007FF8B7E24502
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E29F52 push rdi; ret 3_2_00007FF8B7E29F56
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E24A15 push rdi; ret 3_2_00007FF8B7E24A1B
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8014021 push rcx; ret 3_2_00007FF8B8014022
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB9A93 push rbp; retn 0000h3_2_00007FF8B8CB9A9D

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: "C:\Users\user\Desktop\LKEAHetlG6.exe"
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\select.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D64300 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7E5D64300
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\select.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17910
Source: C:\Users\user\Desktop\LKEAHetlG6.exeAPI coverage: 1.4 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D67990 FindFirstFileExW,FindClose,0_2_00007FF7E5D67990
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D66C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7E5D66C30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D81C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D67990 FindFirstFileExW,FindClose,3_2_00007FF7E5D67990
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D66C30 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,3_2_00007FF7E5D66C30
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D81C04 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF7E5D81C04
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6EFEC FindFirstFileExW,FindClose,FindNextFileW,3_2_00007FF8B7E6EFEC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E42DFC FindFirstFileExW,3_2_00007FF8B7E42DFC
Source: LKEAHetlG6.exe, 00000000.00000003.2046500637.0000023096502000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3567000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158448923.0000021EF3565000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5D7A668
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D83810 GetProcessHeap,0_2_00007FF7E5D83810
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D7A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5D7A668
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D6B84C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7E5D6B84C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D6AFB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7E5D6AFB0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D6B9F0 SetUnhandledExceptionFilter,0_2_00007FF7E5D6B9F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D7A668 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7E5D7A668
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D6B84C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF7E5D6B84C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D6AFB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF7E5D6AFB0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF7E5D6B9F0 SetUnhandledExceptionFilter,3_2_00007FF7E5D6B9F0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8A9283028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8A9283028
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8A9282A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8A9282A70
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E422DC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B7E422DC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7E6CC28 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7E6CC28
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B7FF2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B7FF2126
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B33E60 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8B33E60
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8B338A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8B338A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CB9FF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8CB9FF0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CBAA1C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8CBAA1C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CE3D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8CE3D20
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8CE42E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8CE42E8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F726A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B8F726A0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B8F730CC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B8F730CC
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B9061A00 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B9061A00
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B9061430 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B9061430
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C4060 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B93C4060
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B93C4620 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B93C4620
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B9841AA0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF8B9841AA0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 3_2_00007FF8B98414E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF8B98414E0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Users\user\Desktop\LKEAHetlG6.exe "C:\Users\user\Desktop\LKEAHetlG6.exe"Jump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "kdmapper.exe drv.sys"Jump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D89900 cpuid 0_2_00007FF7E5D89900
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FF8B7E6B62C
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00007FF8B7E6B4B8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: GetPrimaryLen,EnumSystemLocalesW,3_2_00007FF8B7E6B074
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,3_2_00007FF8B7E68FB8
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: GetPrimaryLen,EnumSystemLocalesW,3_2_00007FF8B7E6AFC4
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: EnumSystemLocalesW,3_2_00007FF8B7E6AF64
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: GetProcAddress,GetLocaleInfoW,3_2_00007FF8B7E03AE0
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\ucrtbase.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63402 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeQueries volume information: C:\Users\user\Desktop\LKEAHetlG6.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D6B730 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7E5D6B730
Source: C:\Users\user\Desktop\LKEAHetlG6.exeCode function: 0_2_00007FF7E5D85F90 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7E5D85F90

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS32
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
LKEAHetlG6.exe8%ReversingLabsWin64.Malware.Generic
LKEAHetlG6.exe13%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI63402\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI63402\python312.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
f005.backblazeb2.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.firmaprofesional.com/cps00%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
http://crl.securetrust.com/STCA.crl00%URL Reputationsafe
https://tools.ietf.org/html/rfc2388#section-4.40%URL Reputationsafe
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-60%URL Reputationsafe
http://www.quovadisglobal.com/cps00%URL Reputationsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%URL Reputationsafe
http://curl.haxx.se/rfc/cookie_spec.html0%URL Reputationsafe
http://repository.swisssign.com/0%URL Reputationsafe
http://www.accv.es/legislacion_c.htm0U0%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
http://ocsp.accv.es00%URL Reputationsafe
https://www.python.org/0%URL Reputationsafe
https://json.org0%URL Reputationsafe
https://httpbin.org/0%URL Reputationsafe
https://twitter.com/0%URL Reputationsafe
http://www.quovadisglobal.com/cps0%URL Reputationsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://wwwsearch.sf.net/):0%URL Reputationsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%URL Reputationsafe
http://tools.ietf.org/html/rfc6125#section-6.4.30%URL Reputationsafe
https://www.openssl.org/H0%URL Reputationsafe
http://crl.certigna.fr/certignarootca.crl010%URL Reputationsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
http://google.com/0%Avira URL Cloudsafe
http://ocsp.accv.esy0%Avira URL Cloudsafe
http://www.accv.es000%URL Reputationsafe
http://crl.securetrust.com/SGCA.crl0%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc7231#section-4.3.6)0%Avira URL Cloudsafe
https://httpbin.org/post0%Avira URL Cloudsafe
http://crl.securetrust.com/SGCA.crl0%VirustotalBrowse
http://crl.securetrust.com/SGCA.crl&0%Avira URL Cloudsafe
http://google.com/1%VirustotalBrowse
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc7231#section-4.3.6)0%VirustotalBrowse
http://crl.securetrust.com/SGCA.crl&0%VirustotalBrowse
https://httpbin.org/post1%VirustotalBrowse
https://github.com/urllib3/urllib3/issues/29200%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sys__0%Avira URL Cloudsafe
https://yahoo.com/0%Avira URL Cloudsafe
https://github.com/Ousret/charset_normalizer0%VirustotalBrowse
https://github.com/urllib3/urllib3/issues/29200%VirustotalBrowse
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/0%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#0%VirustotalBrowse
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sys__1%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0%Avira URL Cloudsafe
https://yahoo.com/0%VirustotalBrowse
https://html.spec.whatwg.org/multipage/0%VirustotalBrowse
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.syspydd0%Avira URL Cloudsafe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%VirustotalBrowse
https://www.rfc-editor.org/rfc/rfc8259#section-8.10%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329630%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0%VirustotalBrowse
https://peps.python.org/pep-0205/0%Avira URL Cloudsafe
https://requests.readthedocs.io0%Avira URL Cloudsafe
https://www.rfc-editor.org/rfc/rfc8259#section-8.10%VirustotalBrowse
http://crl.dhimyotis.com/certignarootca.crl0%Avira URL Cloudsafe
http://ocsp.accv.es0%Avira URL Cloudsafe
https://requests.readthedocs.io0%VirustotalBrowse
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base640%VirustotalBrowse
http://www.cert.fnmt.es/dpcs/w0%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exe0%Avira URL Cloudsafe
http://crl.dhimyotis.com/certignarootca.crl0%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%VirustotalBrowse
http://ocsp.accv.es0%VirustotalBrowse
https://github.com/urllib3/urllib3/issues/2192#issuecomment-8218329630%VirustotalBrowse
https://peps.python.org/pep-0205/0%VirustotalBrowse
http://www.cert.fnmt.es/dpcs/w0%VirustotalBrowse
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl0%Avira URL Cloudsafe
https://httpbin.org/get0%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exetionsP0%Avira URL Cloudsafe
https://www.python.org0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L6880%VirustotalBrowse
https://wwww.certigna.fr/autorites/4%e0%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exeP0%Avira URL Cloudsafe
http://ocsp.di0%Avira URL Cloudsafe
http://crl.xrampsecurity.com/XGCA.crl0%VirustotalBrowse
https://www.python.org0%VirustotalBrowse
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%Avira URL Cloudsafe
https://httpbin.org/get1%VirustotalBrowse
https://github.com/python/cpython/issues/86361.0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader0%VirustotalBrowse
https://docs.python.org/3/howto/mro.html.0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%Avira URL Cloudsafe
http://repository.swisssign.com/z0%Avira URL Cloudsafe
https://google.com/0%Avira URL Cloudsafe
https://github.com/python/cpython/issues/86361.0%VirustotalBrowse
https://wwww.certigna.fr/autorites/0%VirustotalBrowse
https://google.com/mail/0%Avira URL Cloudsafe
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exe1%VirustotalBrowse
https://www.python.org/psf/license/0%Avira URL Cloudsafe
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
f005.backblazeb2.com
149.137.136.16
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://google.com/LKEAHetlG6.exe, 00000003.00000003.2152061445.0000021EF35C6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154817772.0000021EF35D2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156622175.0000021EF35D3000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://mahler:8092/site-updates.pyLKEAHetlG6.exe, 00000003.00000002.2162862367.0000021EF387C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157488779.0000021EF3878000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068986087.0000021EF3F6A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://ocsp.accv.esyLKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/SGCA.crlLKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://.../back.jpegLKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089157925.0000021EF3FE5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3FE0000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tools.ietf.org/html/rfc7231#section-4.3.6)LKEAHetlG6.exe, 00000003.00000003.2066346334.0000021EF35D6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066626111.0000021EF35D6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152061445.0000021EF35E5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153076909.0000021EF35E6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/postLKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/SGCA.crl&LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/Ousret/charset_normalizerLKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165388705.0000021EF3F1C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.firmaprofesional.com/cps0LKEAHetlG6.exe, 00000003.00000003.2151860384.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2090100081.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155306056.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152714757.0000021EF3F9D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165563791.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156401092.0000021EF3FA2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#LKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2920LKEAHetlG6.exe, 00000003.00000002.2165839985.0000021EF427C000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sys__LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/SGCA.crl0LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://yahoo.com/LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156456390.0000021EF39BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/STCA.crl0LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tools.ietf.org/html/rfc2388#section-4.4LKEAHetlG6.exe, 00000003.00000003.2157278979.0000021EF38E9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066182430.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6LKEAHetlG6.exe, 00000003.00000003.2153488736.0000021EF3A02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089883248.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39F3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://html.spec.whatwg.org/multipage/LKEAHetlG6.exe, 00000003.00000003.2152489145.0000021EF3915000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163084099.0000021EF3924000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160759120.0000021EF3924000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2090075701.0000021EF390F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF390E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153402815.0000021EF3923000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152534781.0000021EF391D000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF3907000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.quovadisglobal.com/cps0LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155306056.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165563791.0000021EF40C8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlLKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF40E3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsLKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.syspyddLKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.rfc-editor.org/rfc/rfc8259#section-8.1LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157294454.0000021EF38FF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157217178.0000021EF38EF000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163655584.0000021EF3C70000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://requests.readthedocs.ioLKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0205/LKEAHetlG6.exe, 00000003.00000002.2162751342.0000021EF3770000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.dhimyotis.com/certignarootca.crlLKEAHetlG6.exe, 00000003.00000003.2155930267.0000021EF411B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF410C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://curl.haxx.se/rfc/cookie_spec.htmlLKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165368085.0000021EF3F10000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070084203.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3F3E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165839985.0000021EF427C000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.accv.esLKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://repository.swisssign.com/LKEAHetlG6.exe, 00000003.00000003.2161365714.0000021EF40B6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156995241.0000021EF40A9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154646537.0000021EF38E8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157627855.0000021EF3907000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165541332.0000021EF40C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161345104.0000021EF40AC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157294454.0000021EF38FF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161467423.0000021EF40BC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157217178.0000021EF38EF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161384766.0000021EF40BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.cert.fnmt.es/dpcs/wLKEAHetlG6.exe, 00000003.00000003.2157771510.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exeLKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyLKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/getLKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4370000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.xrampsecurity.com/XGCA.crlLKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exetionsPLKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.orgLKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162494798.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160226830.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158235787.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158994936.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://wwww.certigna.fr/autorites/4%eLKEAHetlG6.exe, 00000003.00000003.2155945272.0000021EF4135000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.accv.es/legislacion_c.htm0ULKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/2/kdmapper.exePLKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://wwww.certigna.fr/autorites/0mLKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.accv.es0LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ocsp.diLKEAHetlG6.exe, 00000000.00000003.2040579112.0000023096500000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068986087.0000021EF3F6A000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerLKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2159150958.0000021EF1AD1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162199260.0000021EF1AD1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/issues/86361.LKEAHetlG6.exe, 00000003.00000003.2065201080.0000021EF399C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068489279.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066701059.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2066391193.0000021EF3880000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2065341640.0000021EF359E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152384924.0000021EF38E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152311361.0000021EF38D8000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://json.orgLKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF3907000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071262885.0000021EF3A11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF3A11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158094967.0000021EF3A19000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://httpbin.org/LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://wwww.certigna.fr/autorites/LKEAHetlG6.exe, 00000003.00000003.2155945272.0000021EF4135000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/howto/mro.html.LKEAHetlG6.exe, 00000003.00000003.2061790031.0000021EF35BE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF3550000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF33D0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
  • Avira URL Cloud: safe
unknown
https://twitter.com/LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154296731.0000021EF3584000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F16000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155102834.0000021EF3587000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.quovadisglobal.com/cpsLKEAHetlG6.exe, 00000003.00000003.2161365714.0000021EF40B6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156995241.0000021EF40A9000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161345104.0000021EF40AC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161467423.0000021EF40BC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161384766.0000021EF40BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535LKEAHetlG6.exe, 00000003.00000003.2153309139.0000021EF359B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163322872.0000021EF39E7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154668634.0000021EF39D1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2160404641.0000021EF39E3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152949314.0000021EF39C1000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161678266.0000021EF39E6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154612082.0000021EF39CF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153521804.0000021EF39CE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155705158.0000021EF39D4000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syLKEAHetlG6.exe, 00000003.00000003.2157927673.0000021EF1ACD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2062877388.0000021EF1A7E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152266869.0000021EF3535000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158623728.0000021EF3545000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158514491.0000021EF1ACF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2061950412.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156540490.0000021EF3541000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158659929.0000021EF354F000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2063791387.0000021EF355B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152607937.0000021EF1AB2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152242908.0000021EF1AAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2162471442.0000021EF355C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158888967.0000021EF1AD0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152136896.0000021EF1AA3000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://repository.swisssign.com/zLKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154891725.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068235580.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156602962.0000021EF358C000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/mail/LKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/psf/license/LKEAHetlG6.exe, 00000003.00000002.2168429309.00007FF8A8DF8000.00000008.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://google.com/mail/LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153503679.0000021EF3ED6000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153995890.0000021EF3EEE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.securetrust.com/STCA.crlLKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://wwwsearch.sf.net/):LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070084203.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070891070.0000021EF3F3E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3F3C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154441116.0000021EF3EAE000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157589293.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153283109.0000021EF3EAD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165252524.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152168709.0000021EF3EA5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155878335.0000021EF3EAF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.accv.es/legislacion_c.htmLKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155199818.0000021EF40EC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3LKEAHetlG6.exe, 00000003.00000002.2163729882.0000021EF3D70000.00000004.00001000.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.xrampsecurity.com/XGCA.crl0LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.openssl.org/HLKEAHetlG6.exe, 00000000.00000003.2048866114.0000023096504000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmp, LKEAHetlG6.exe, 00000003.00000002.2167716527.00007FF8A887A000.00000002.00000001.01000000.0000000A.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drfalse
  • URL Reputation: safe
unknown
http://crl.certigna.fr/certignarootca.crl01LKEAHetlG6.exe, 00000003.00000003.2155930267.0000021EF411B000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157235980.0000021EF3871000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155425564.0000021EF410C000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.cert.fnmt.es/dpcs/LKEAHetlG6.exe, 00000003.00000003.2157771510.0000021EF3E81000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154248967.0000021EF4108000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156208856.0000021EF4132000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161212232.0000021EF4132000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155150281.0000021EF411E000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155288495.0000021EF4131000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156370154.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://google.com/mailLKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2089470414.0000021EF39A5000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157170637.0000021EF3F08000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156456390.0000021EF39BB000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2158125827.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153417535.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2157755598.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2151634462.0000021EF39A7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2156569932.0000021EF3F18000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069235984.0000021EF39BA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152550892.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://f005.backblazeb2.com/file/exefiles-storage/1/drv.sysLKEAHetlG6.exe, 00000003.00000002.2162261698.0000021EF3350000.00000004.00001000.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.accv.es00LKEAHetlG6.exe, 00000003.00000003.2155067013.0000021EF40DF000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155560449.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154726166.0000021EF40A8000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165602889.0000021EF4107000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155199818.0000021EF40EC000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2088940268.0000021EF4102000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154759537.0000021EF40C7000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2155088852.0000021EF4103000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154993870.0000021EF40CA000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153598712.0000021EF40A2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.python.org/psf/license/)LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyLKEAHetlG6.exe, 00000003.00000003.2153324572.0000021EF353B000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacyLKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4410000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0263/LKEAHetlG6.exe, 00000003.00000002.2167979262.00007FF8A8C81000.00000002.00000001.01000000.00000005.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://foss.heptapod.net/pypy/pypy/-/issues/3539LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3ED2000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069500003.0000021EF3EB0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2163655584.0000021EF3C70000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.LKEAHetlG6.exe, 00000003.00000003.2152436559.0000021EF3F02000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2069039955.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2067978758.0000021EF3EFD000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068671868.0000021EF3F15000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2152029123.0000021EF3EF0000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2161546329.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2154926282.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000002.2165347108.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068756810.0000021EF3F17000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2153045508.0000021EF3F03000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2071379859.0000021EF3E71000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2068564281.0000021EF3F11000.00000004.00000020.00020000.00000000.sdmp, LKEAHetlG6.exe, 00000003.00000003.2070374501.0000021EF3EA6000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/psf/requests/pull/6710LKEAHetlG6.exe, 00000003.00000002.2165980728.0000021EF4370000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
149.137.136.16
f005.backblazeb2.comUnited States
30103ZOOM-VIDEO-COMM-ASUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1487187
Start date and time:2024-08-03 09:56:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 26s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:LKEAHetlG6.exe
renamed because original name is a hash value
Original Sample Name:c4f3815a85c4c42379e5a5fadeddfd6a5c412ab48b628ad6d07d85eb5827a009.exe
Detection:MAL
Classification:mal52.winEXE@6/56@1/1
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
149.137.136.16zCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
    http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
        https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
          https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
            https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
              https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse
                https://sites.google.com/view/drypapersonalbankruptcy/homeGet hashmaliciousHTMLPhisherBrowse
                  https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=_HkV8W7DpUuifstDSryGNxqrvyMyb5JNtRYXwlOy-ZhUMkZaWk1ISTRDNlcyVlYyQ0JTWjdRR0Q1RS4uGet hashmaliciousHTMLPhisherBrowse
                    https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=YDCDde770Ueh5dtv6QWp2ez1wu3978xAu7QoNXSq2MBUQVo4VVFVR0ExUkpKWUJKVk1FUzdBWkg2VS4uGet hashmaliciousHTMLPhisherBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      f005.backblazeb2.comzCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.136.16
                      http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://sites.google.com/view/drypapersonalbankruptcy/homeGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=YDCDde770Ueh5dtv6QWp2ez1wu3978xAu7QoNXSq2MBUQVo4VVFVR0ExUkpKWUJKVk1FUzdBWkg2VS4uGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/b2api/v1/b2_download_file_by_id?fileid=4_z4bed65aed9dccfff819c0814_f1197bbd660a9cbda_d20230807_m115920_c005_v0521006_t0054_u01691409560201Get hashmaliciousUnknownBrowse
                      • 149.137.136.16

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ZOOM-VIDEO-COMM-ASUSzCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.136.16
                      hgt1WRKzKt.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.137.254
                      yZT4VDN0sk.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                      • 149.137.137.254
                      https://docs.google.com/drawings/d/1e_ozWSFq93ETp5eAzec4s3erAU8PzdP48pyt4fxNtl4/preview?pli=1Get hashmaliciousHTMLPhisherBrowse
                      • 149.137.137.254
                      http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.136.16
                      https://1drv.ms/o/s!ArBtBaxzZQ2-bgubRKeHU2HcLQk?e=2pF7dhGet hashmaliciousHTMLPhisherBrowse
                      • 149.137.129.254
                      https://docs.google.com/drawings/u/0/d/1Lm_lPFW1hN0tIjBZtfH2sq0Q6UPjdfB1utEgL942uZg/preview?pli=1Get hashmaliciousHTMLPhisherBrowse
                      • 149.137.137.254
                      http://pub-9f23a057c92846ceb9a489bd3cb57fd5.r2.dev/index.htm?y=d:%25jx@bli4f1ud%7Cbibgos??uGet hashmaliciousUnknownBrowse
                      • 149.137.137.254
                      https://jffjdi1911.s3.us-west-002.backblazeb2.com/Attachments.htmlGet hashmaliciousUnknownBrowse
                      • 149.137.142.254

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Temp\_MEI63402\VCRUNTIME140.dllBase.exeGet hashmaliciousAsyncRAT, Blank Grabber, XWormBrowse
                        Doc4.docx.docGet hashmaliciousUnknownBrowse
                          1 (3).exeGet hashmaliciousUnknownBrowse
                            Doc4.docx.docGet hashmaliciousUnknownBrowse
                              Windows.exeGet hashmaliciousPython StealerBrowse
                                V3NOM LOGGER 1.05.exeGet hashmaliciousXWormBrowse
                                  setup.exeGet hashmaliciousXWormBrowse
                                    CrowdStrike Falcon.exeGet hashmaliciousPython StealerBrowse
                                      kITyVxWkHB.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, PureLog Stealer, RedLineBrowse
                                        SPt4FUjZMt.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, PythonCryptoHijacker, RedLineBrowse
                                          C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pydDoc4.docx.docGet hashmaliciousUnknownBrowse
                                            1 (3).exeGet hashmaliciousUnknownBrowse
                                              Doc4.docx.docGet hashmaliciousUnknownBrowse
                                                V3NOM LOGGER 1.05.exeGet hashmaliciousXWormBrowse
                                                  setup.exeGet hashmaliciousXWormBrowse
                                                    kITyVxWkHB.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, PureLog Stealer, RedLineBrowse
                                                      SPt4FUjZMt.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, PythonCryptoHijacker, RedLineBrowse
                                                        WfKynArKjH.exeGet hashmaliciousAsyncRAT, Luca Stealer, MicroClip, RedLineBrowse
                                                          8cf0382f7f56bc86f6d5cf41a76b23d0cbc64dacf467b.exeGet hashmaliciousUnknownBrowse
                                                            8cf0382f7f56bc86f6d5cf41a76b23d0cbc64dacf467b.exeGet hashmaliciousUnknownBrowse

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\VCRUNTIME140.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):119192
                                                              Entropy (8bit):6.6016214745004635
                                                              Encrypted:false
                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: Base.exe, Detection: malicious, Browse
                                                              • Filename: Doc4.docx.doc, Detection: malicious, Browse
                                                              • Filename: 1 (3).exe, Detection: malicious, Browse
                                                              • Filename: Doc4.docx.doc, Detection: malicious, Browse
                                                              • Filename: Windows.exe, Detection: malicious, Browse
                                                              • Filename: V3NOM LOGGER 1.05.exe, Detection: malicious, Browse
                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                              • Filename: CrowdStrike Falcon.exe, Detection: malicious, Browse
                                                              • Filename: kITyVxWkHB.exe, Detection: malicious, Browse
                                                              • Filename: SPt4FUjZMt.exe, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_bz2.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):85272
                                                              Entropy (8bit):6.593462846910602
                                                              Encrypted:false
                                                              SSDEEP:1536:i2sz7yc51BVo1QX/FPI11IK1cDm015ssO687sjkD1ISCV087Syyxt+:dsz2c5eQXB4am05spd7MkD1ISCVzL
                                                              MD5:5BEBC32957922FE20E927D5C4637F100
                                                              SHA1:A94EA93EE3C3D154F4F90B5C2FE072CC273376B3
                                                              SHA-256:3ED0E5058D370FB14AA5469D81F96C5685559C054917C7280DD4125F21D25F62
                                                              SHA-512:AFBE80A73EE9BD63D9FFA4628273019400A75F75454667440F43BEB253091584BF9128CBB78AE7B659CE67A5FAEFDBA726EDB37987A4FE92F082D009D523D5D6
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: Doc4.docx.doc, Detection: malicious, Browse
                                                              • Filename: 1 (3).exe, Detection: malicious, Browse
                                                              • Filename: Doc4.docx.doc, Detection: malicious, Browse
                                                              • Filename: V3NOM LOGGER 1.05.exe, Detection: malicious, Browse
                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                              • Filename: kITyVxWkHB.exe, Detection: malicious, Browse
                                                              • Filename: SPt4FUjZMt.exe, Detection: malicious, Browse
                                                              • Filename: WfKynArKjH.exe, Detection: malicious, Browse
                                                              • Filename: 8cf0382f7f56bc86f6d5cf41a76b23d0cbc64dacf467b.exe, Detection: malicious, Browse
                                                              • Filename: 8cf0382f7f56bc86f6d5cf41a76b23d0cbc64dacf467b.exe, Detection: malicious, Browse
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b......................................................................................Rich...................PE..d.....bf.........." ...(.....^...............................................`......P.....`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text.../........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_decimal.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):257304
                                                              Entropy (8bit):6.565489271518002
                                                              Encrypted:false
                                                              SSDEEP:6144:vnXBJvhy8AJOMg4hmRWw710z4ez9qWM53pLW1AW/ZJJJWtCk1mGc:ByJJOMiRW+10EHFpNc
                                                              MD5:492C0C36D8ED1B6CA2117869A09214DA
                                                              SHA1:B741CAE3E2C9954E726890292FA35034509EF0F6
                                                              SHA-256:B8221D1C9E2C892DD6227A6042D1E49200CD5CB82ADBD998E4A77F4EE0E9ABF1
                                                              SHA-512:B8F1C64AD94DB0252D96082E73A8632412D1D73FB8095541EE423DF6F00BC417A2B42C76F15D7E014E27BAAE0EF50311C3F768B1560DB005A522373F442E4BE0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V.............. .....G&......G&......G&......G&.......!......................!.......!.......!.......!L......!......Rich............PE..d.....bf.........." ...(.....<............................................................`..........................................c..P....c...................&......./......T.......T...........................p...@............................................text...I........................... ..`.rdata..(...........................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_hashlib.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):66328
                                                              Entropy (8bit):6.2279606895285875
                                                              Encrypted:false
                                                              SSDEEP:1536:JgHpgE4Z27b4ZWZnEmIAtISOIx7SyZUxN:i14ZeEmIAtISOIx7+
                                                              MD5:DA02CEFD8151ECB83F697E3BD5280775
                                                              SHA1:1C5D0437EB7E87842FDE55241A5F0CA7F0FC25E7
                                                              SHA-256:FD77A5756A17EC0788989F73222B0E7334DD4494B8C8647B43FE554CF3CFB354
                                                              SHA-512:A13BC5C481730F48808905F872D92CB8729CC52CFB4D5345153CE361E7D6586603A58B964A1EBFD77DD6222B074E5DCCA176EAAEFECC39F75496B1F8387A2283
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Reputation:moderate, very likely benign file
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N@.. ... ... ...... ..k!... ..k#... ..k$... ..k%... ..l!... ...!... ..h!... ...!.A. ..l-... ..l ... ..l.... ..l"... .Rich.. .........................PE..d.....bf.........." ...(.V.......... @...............................................G....`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_lzma.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):160024
                                                              Entropy (8bit):6.854257867628366
                                                              Encrypted:false
                                                              SSDEEP:3072:Bsvkxuqgo7e2uONqG+hi+CSznfF9mNopXnmnu1ISZ1Vk:BnuFo7Jg1NYOp2uO
                                                              MD5:195DEFE58A7549117E06A57029079702
                                                              SHA1:3795B02803CA37F399D8883D30C0AA38AD77B5F2
                                                              SHA-256:7BF9FF61BABEBD90C499A8ED9B62141F947F90D87E0BBD41A12E99D20E06954A
                                                              SHA-512:C47A9B1066DD9744C51ED80215BD9645AAB6CC9D6A3F9DF99F618E3DD784F6C7CE6F53EABE222CF134EE649250834193D5973E6E88F8A93151886537C62E2E2B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hD..,%.X,%.X,%.X%]7X(%.X.Y.%.X.Y/%.X.Y$%.X.Y %.X?..Y/%.Xg].Y.%.X,%.XI%.X?..Y.%.X?..Y-%.X?.[X-%.X?..Y-%.XRich,%.X........PE..d.....bf.........." ...(.f..........`8....................................................`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_queue.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):32536
                                                              Entropy (8bit):6.5090721419869135
                                                              Encrypted:false
                                                              SSDEEP:768:xOz+R6rbVKMoNpISQUA5YiSyv86lAMxkEzc:xjgbVJoNpISQUS7SyU6dxPc
                                                              MD5:B7E5FBD7EF3EEFFF8F502290C0E2B259
                                                              SHA1:9DECBA47B1CDB0D511B58C3146D81644E56E3611
                                                              SHA-256:DBDABB5FE0CCBC8B951A2C6EC033551836B072CAB756AAA56B6F22730080D173
                                                              SHA-512:B7568B9DF191347D1A8D305BD8DDD27CBFA064121C785FA2E6AFEF89EC330B60CAFC366BE2B22409D15C9434F5E46E36C5CBFB10783523FDCAC82C30360D36F7
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V......V......V......V......V......V.......V...V...V......V......V....N..V......V..Rich.V..................PE..d.....bf.........." ...(.....8......................................................1.....`..........................................C..L....D..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...0........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_socket.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):83736
                                                              Entropy (8bit):6.32286800032437
                                                              Encrypted:false
                                                              SSDEEP:1536:ldcydNgIznrvGvLfo4o7zfqwXJ9/s+S+pzo08/n1IsJhv6cpISLwV97Sy7UxV:l6ydrr+DgxjqwXJ9/sT+pzoN1IwhScpf
                                                              MD5:DD8FF2A3946B8E77264E3F0011D27704
                                                              SHA1:A2D84CFC4D6410B80EEA4B25E8EFC08498F78990
                                                              SHA-256:B102522C23DAC2332511EB3502466CAF842D6BCD092FBC276B7B55E9CC01B085
                                                              SHA-512:958224A974A3449BCFB97FAAB70C0A5B594FA130ADC0C83B4E15BDD7AAB366B58D94A4A9016CB662329EA47558645ACD0E0CC6DF54F12A81AC13A6EC0C895CD8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}O.c|.Nb}O.a|.Nb}O.f|.Nb}O.g|.Nb}..c|.Nb}.Nc}4Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}........PE..d.....bf.........." ...(.x..........`-.......................................`...........`.............................................P............@.......0.........../...P..........T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\_ssl.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):178968
                                                              Entropy (8bit):5.9687584339585324
                                                              Encrypted:false
                                                              SSDEEP:3072:AHtmUArl7bOGLbfbmeq2wfq6XDQJsY2GvMe1ba+VRJNI7IM/H9o/PCrXuI51ISCQ:Ym5lfOGLbjBOq6XD4MejTGl
                                                              MD5:C87C5890039C3BDB55A8BC189256315F
                                                              SHA1:84EF3C2678314B7F31246471B3300DA65CB7E9DE
                                                              SHA-256:A5D361707F7A2A2D726B20770E8A6FC25D753BE30BCBCBBB683FFEE7959557C2
                                                              SHA-512:E750DC36AE00249ED6DA1C9D816F1BD7F8BC84DDEA326C0CD0410DBCFB1A945AAC8C130665BFACDCCD1EE2B7AC097C6FF241BFC6CC39017C9D1CDE205F460C44
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^..`...`...`......`..ia...`..ic...`..id...`..ie...`..na...`..ja...`...a.I.`...a...`..nm...`..n`...`..n....`..nb...`.Rich..`.........................PE..d.....bf.........." ...(............P,..............................................Bj....`.............................................d...D...................P......../......x.......T...........................@...@............................................text...0........................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............d..............@..@.rsrc................p..............@..@.reloc..x............z..............@..B........................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-console-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22112
                                                              Entropy (8bit):4.744270711412692
                                                              Encrypted:false
                                                              SSDEEP:192:zFOhcWqhWpvWEXCVWQ4iWwklRxwVIX01k9z3AROVaz4ILS:zFlWqhWpk6R9zeU0J2
                                                              MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
                                                              SHA1:A312CFC6A7ED7BF1B786E5B3FD842A7EEB683452
                                                              SHA-256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
                                                              SHA-512:B74D9B12B69DB81A96FC5A001FD88C1E62EE8299BA435E242C5CB2CE446740ED3D8A623E1924C2BC07BFD9AEF7B2577C9EC8264E53E5BE625F4379119BAFCC27
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-datetime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.602255667966723
                                                              Encrypted:false
                                                              SSDEEP:192:NWqhWEWEXCVWQ4cRWvBQrVXC4dlgX01k9z3AUj7W6SxtR:NWqhWPlZVXC4deR9zVj7QR
                                                              MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
                                                              SHA1:5150E7EDD1293E29D2E4D6BB68067374B8A07CE6
                                                              SHA-256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
                                                              SHA-512:B0E02E1F19CFA7DE3693D4D63E404BDB9D15527AC85A6D492DB1128BB695BFFD11BEC33D32F317A7615CB9A820CD14F9F8B182469D65AF2430FFCDBAD4BD7000
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-debug-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.606873381830854
                                                              Encrypted:false
                                                              SSDEEP:192:T0WqhWnWEXCVWQ4mW5ocADB6ZX01k9z3AkprGvV:T0WqhW8VcTR9zJpr4V
                                                              MD5:33BBECE432F8DA57F17BF2E396EBAA58
                                                              SHA1:890DF2DDDFDF3EECCC698312D32407F3E2EC7EB1
                                                              SHA-256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
                                                              SHA-512:619B684E83546D97FC1D1BC7181AD09C083E880629726EE3AF138A9E4791A6DCF675A8DF65DC20EDBE6465B5F4EAC92A64265DF37E53A5F34F6BE93A5C2A7AE5
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@...........`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-errorhandling-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.65169290018864
                                                              Encrypted:false
                                                              SSDEEP:192:qzmxD3T4qLWqhW2WJWadJCsVWQ4mW/xNVAv+cQ0GX01k9z3ARoanSwT44:qzQVWqhWTCsiNbZR9zQoUSwTJ
                                                              MD5:EB0978A9213E7F6FDD63B2967F02D999
                                                              SHA1:9833F4134F7AC4766991C918AECE900ACFBF969F
                                                              SHA-256:AB25A1FE836FC68BCB199F1FE565C27D26AF0C390A38DA158E0D8815EFE1103E
                                                              SHA-512:6F268148F959693EE213DB7D3DB136B8E3AD1F80267D8CBD7D5429C021ADACCC9C14424C09D527E181B9C9B5EA41765AFF568B9630E4EB83BFC532E56DFE5B63
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26216
                                                              Entropy (8bit):4.866487428274293
                                                              Encrypted:false
                                                              SSDEEP:192:gaNYPvVX8rFTsCWqhWVWEXCVWQ4mWPJlBLrp0KBQfX01k9z3ALkBw:WPvVX8WqhWiyBRxB+R9z2kBw
                                                              MD5:EFAD0EE0136532E8E8402770A64C71F9
                                                              SHA1:CDA3774FE9781400792D8605869F4E6B08153E55
                                                              SHA-256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
                                                              SHA-512:69D25EDF0F4C8AC5D77CB5815DFB53EAC7F403DC8D11BFE336A545C19A19FFDE1031FA59019507D119E4570DA0D79B95351EAC697F46024B4E558A0FF6349852
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......z.....`A........................................p................@...............@..h&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.619913450163593
                                                              Encrypted:false
                                                              SSDEEP:192:iDGaWqhWhWJWadJCsVWQ4mWd9afKUSIX01k9z3AEXzAU9:i6aWqhWACs92IR9z5EU9
                                                              MD5:1C58526D681EFE507DEB8F1935C75487
                                                              SHA1:0E6D328FAF3563F2AAE029BC5F2272FB7A742672
                                                              SHA-256:EF13DCE8F71173315DFC64AB839B033AB19A968EE15230E9D4D2C9D558EFEEE2
                                                              SHA-512:8EDB9A0022F417648E2ECE9E22C96E2727976332025C3E7D8F15BCF6D7D97E680D1BF008EB28E2E0BD57787DCBB71D38B2DEB995B8EDC35FA6852AB1D593F3D1
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@......;.....`A........................................p...L............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-file-l2-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):18696
                                                              Entropy (8bit):7.054510010549814
                                                              Encrypted:false
                                                              SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                              MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                              SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                              SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                              SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-handle-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.625331165566263
                                                              Encrypted:false
                                                              SSDEEP:192:qzWqhWxWJWadJCsVWQ4mW8RJLNVAv+cQ0GX01k9z3ARo8ef3uBJu:qzWqhWwCsjNbZR9zQoEzu
                                                              MD5:E89CDCD4D95CDA04E4ABBA8193A5B492
                                                              SHA1:5C0AEE81F32D7F9EC9F0650239EE58880C9B0337
                                                              SHA-256:1A489E0606484BD71A0D9CB37A1DC6CA8437777B3D67BFC8C0075D0CC59E6238
                                                              SHA-512:55D01E68C8C899E99A3C62C2C36D6BCB1A66FF6ECD2636D2D0157409A1F53A84CE5D6F0C703D5ED47F8E9E2D1C9D2D87CC52585EE624A23D92183062C999B97E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.737397647066978
                                                              Encrypted:false
                                                              SSDEEP:192:OdxlZWqhWcWJWadJCsVWQ4mWlhtFyttuX01k9z3A2oD:OdxlZWqhWpCsctkSR9zfoD
                                                              MD5:ACCC640D1B06FB8552FE02F823126FF5
                                                              SHA1:82CCC763D62660BFA8B8A09E566120D469F6AB67
                                                              SHA-256:332BA469AE84AA72EC8CCE2B33781DB1AB81A42ECE5863F7A3CB5A990059594F
                                                              SHA-512:6382302FB7158FC9F2BE790811E5C459C5C441F8CAEE63DF1E09B203B8077A27E023C4C01957B252AC8AC288F8310BCEE5B4DCC1F7FC691458B90CDFAA36DCBE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......A....`A........................................p................0...............0..x&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-interlocked-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.6569647133331316
                                                              Encrypted:false
                                                              SSDEEP:192:dwWqhWWWEXCVWQ4mWLnySfKUSIX01k9z3AEXz5SLaDa3:iWqhWJhY2IR9z5YLt3
                                                              MD5:C6024CC04201312F7688A021D25B056D
                                                              SHA1:48A1D01AE8BC90F889FB5F09C0D2A0602EE4B0FD
                                                              SHA-256:8751D30DF554AF08EF42D2FAA0A71ABCF8C7D17CE9E9FF2EA68A4662603EC500
                                                              SHA-512:D86C773416B332945ACBB95CBE90E16730EF8E16B7F3CCD459D7131485760C2F07E95951AEB47C1CF29DE76AFFEB1C21BDF6D8260845E32205FE8411ED5EFA47
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......v.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-libraryloader-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.882042129450427
                                                              Encrypted:false
                                                              SSDEEP:192:9TvuBL3BBLAWqhWUWEXCVWQ4iWgdCLVx6RMySX01k9z3AzaXQ+BB:9TvuBL3BaWqhW/WSMR9zqaP
                                                              MD5:1F2A00E72BC8FA2BD887BDB651ED6DE5
                                                              SHA1:04D92E41CE002251CC09C297CF2B38C4263709EA
                                                              SHA-256:9C8A08A7D40B6F697A21054770F1AFA9FFB197F90EF1EEE77C67751DF28B7142
                                                              SHA-512:8CF72DF019F9FC9CD22FF77C37A563652BECEE0708FF5C6F1DA87317F41037909E64DCBDCC43E890C5777E6BCFA4035A27AFC1AEEB0F5DEBA878E3E9AEF7B02A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-localization-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.355894399765837
                                                              Encrypted:false
                                                              SSDEEP:384:0naOMw3zdp3bwjGzue9/0jCRrndbnWqhW5lFydVXC4deR9zVj7xR:FOMwBprwjGzue9/0jCRrndbtGydVXC4O
                                                              MD5:724223109E49CB01D61D63A8BE926B8F
                                                              SHA1:072A4D01E01DBBAB7281D9BD3ADD76F9A3C8B23B
                                                              SHA-256:4E975F618DF01A492AE433DFF0DD713774D47568E44C377CEEF9E5B34AAD1210
                                                              SHA-512:19B0065B894DC66C30A602C9464F118E7F84D83010E74457D48E93AACA4422812B093B15247B24D5C398B42EF0319108700543D13F156067B169CCFB4D7B6B7C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......L0....`A........................................p................0...............0..h&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-memory-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.771309314175772
                                                              Encrypted:false
                                                              SSDEEP:192:L0WqhWTWEXCVWQ4cRWdmjKDUX01k9z3AQyMX/7kn:L0WqhWol1pR9zzDY
                                                              MD5:3C38AAC78B7CE7F94F4916372800E242
                                                              SHA1:C793186BCF8FDB55A1B74568102B4E073F6971D6
                                                              SHA-256:3F81A149BA3862776AF307D5C7FEEF978F258196F0A1BF909DA2D3F440FF954D
                                                              SHA-512:C2746AA4342C6AFFFBD174819440E1BBF4371A7FED29738801C75B49E2F4F94FD6D013E002BAD2AADAFBC477171B8332C8C5579D624684EF1AFBFDE9384B8588
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......K.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-namedpipe-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.7115212149950185
                                                              Encrypted:false
                                                              SSDEEP:192:bWqhWUxWJWadJCsVWQ4mW5iFyttuX01k9z3A2EC:bWqhWUwCs8SR9zfEC
                                                              MD5:321A3CA50E80795018D55A19BF799197
                                                              SHA1:DF2D3C95FB4CBB298D255D342F204121D9D7EF7F
                                                              SHA-256:5476DB3A4FECF532F96D48F9802C966FDEF98EC8D89978A79540CB4DB352C15F
                                                              SHA-512:3EC20E1AC39A98CB5F726D8390C2EE3CD4CD0BF118FDDA7271F7604A4946D78778713B675D19DD3E1EC1D6D4D097ABE9CD6D0F76B3A7DFF53CE8D6DBC146870A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processenvironment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.893761152454321
                                                              Encrypted:false
                                                              SSDEEP:192:dEFP2WqhWVWEXCVWQ4mW68vx6RMySX01k9z3AzapOP:eF+WqhWi6gMR9zqa0
                                                              MD5:0462E22F779295446CD0B63E61142CA5
                                                              SHA1:616A325CD5B0971821571B880907CE1B181126AE
                                                              SHA-256:0B6B598EC28A9E3D646F2BB37E1A57A3DDA069A55FBA86333727719585B1886E
                                                              SHA-512:07B34DCA6B3078F7D1E8EDE5C639F697C71210DCF9F05212FD16EB181AB4AC62286BC4A7CE0D84832C17F5916D0224D1E8AAB210CEEFF811FC6724C8845A74FE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@............`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):5.231196901820079
                                                              Encrypted:false
                                                              SSDEEP:192:/Mck1JzX9cKSI0WqhWsWJWadJCsVWQ4mWClLeyttuX01k9z3A2XCJq:Uck1JzNcKSI0WqhWZCsvfSR9zfyk
                                                              MD5:C3632083B312C184CBDD96551FED5519
                                                              SHA1:A93E8E0AF42A144009727D2DECB337F963A9312E
                                                              SHA-256:BE8D78978D81555554786E08CE474F6AF1DE96FCB7FA2F1CE4052BC80C6B2125
                                                              SHA-512:8807C2444A044A3C02EF98CF56013285F07C4A1F7014200A21E20FCB995178BA835C30AC3889311E66BC61641D6226B1FF96331B019C83B6FCC7C87870CCE8C4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......9&....`A........................................p................0...............0..x&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-processthreads-l1-1-1.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.799245167892134
                                                              Encrypted:false
                                                              SSDEEP:192:R0DfIeUWqhWLWJWadJCsVWQ4mWFVyttuX01k9z3A2YHmp:R0DfIeUWqhWiCsLSR9zfYHmp
                                                              MD5:517EB9E2CB671AE49F99173D7F7CE43F
                                                              SHA1:4CCF38FED56166DDBF0B7EFB4F5314C1F7D3B7AB
                                                              SHA-256:57CC66BF0909C430364D35D92B64EB8B6A15DC201765403725FE323F39E8AC54
                                                              SHA-512:492BE2445B10F6BFE6C561C1FC6F5D1AF6D1365B7449BC57A8F073B44AE49C88E66841F5C258B041547FCD33CBDCB4EB9DD3E24F0924DB32720E51651E9286BE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@.......,....`A........................................p................0...............0..x&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-profile-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.587063911311469
                                                              Encrypted:false
                                                              SSDEEP:192:fWqhWeWJWadJCsVWQ4mWMs7DENNVAv+cQ0GX01k9z3ARoIGA/:fWqhWbCs8oNbZR9zQoxS
                                                              MD5:F3FF2D544F5CD9E66BFB8D170B661673
                                                              SHA1:9E18107CFCD89F1BBB7FDAF65234C1DC8E614ADD
                                                              SHA-256:E1C5D8984A674925FA4AFBFE58228BE5323FE5123ABCD17EC4160295875A625F
                                                              SHA-512:184B09C77D079127580EF80EB34BDED0F5E874CEFBE1C5F851D86861E38967B995D859E8491FCC87508930DC06C6BBF02B649B3B489A1B138C51A7D4B4E7AAAD
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.754374422741657
                                                              Encrypted:false
                                                              SSDEEP:192:CGeVPWqhWUWJWadJCsVWQ4mWUhSqyttuX01k9z3A2lqn7cq:CGeVPWqhWBCsvoSR9zflBq
                                                              MD5:A0C2DBE0F5E18D1ADD0D1BA22580893B
                                                              SHA1:29624DF37151905467A223486500ED75617A1DFD
                                                              SHA-256:3C29730DF2B28985A30D9C82092A1FAA0CEB7FFC1BD857D1EF6324CF5524802F
                                                              SHA-512:3E627F111196009380D1687E024E6FFB1C0DCF4DCB27F8940F17FEC7EFDD8152FF365B43CB7FDB31DE300955D6C15E40A2C8FB6650A91706D7EA1C5D89319B12
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.664553499673792
                                                              Encrypted:false
                                                              SSDEEP:192:mZyMvr5WqhWAWJWadJCsVWQ4mWWqpNVAv+cQ0GX01k9z3ARo+GZ:mZyMvlWqhWNCsUpNbZR9zQo+GZ
                                                              MD5:2666581584BA60D48716420A6080ABDA
                                                              SHA1:C103F0EA32EBBC50F4C494BCE7595F2B721CB5AD
                                                              SHA-256:27E9D3E7C8756E4512932D674A738BF4C2969F834D65B2B79C342A22F662F328
                                                              SHA-512:BEFED15F11A0550D2859094CC15526B791DADEA12C2E7CEB35916983FB7A100D89D638FB1704975464302FAE1E1A37F36E01E4BEF5BC4924AB8F3FD41E60BD0C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):5.146069394118203
                                                              Encrypted:false
                                                              SSDEEP:384:vUwidv3V0dfpkXc0vVaCsWqhWjCsa2IR9z5Bk5l:sHdv3VqpkXc0vVaP+U9zzk5l
                                                              MD5:225D9F80F669CE452CA35E47AF94893F
                                                              SHA1:37BD0FFC8E820247BD4DB1C36C3B9F9F686BBD50
                                                              SHA-256:61C0EBE60CE6EBABCB927DDFF837A9BF17E14CD4B4C762AB709E630576EC7232
                                                              SHA-512:2F71A3471A9868F4D026C01E4258AFF7192872590F5E5C66AABD3C088644D28629BA8835F3A4A23825631004B1AFD440EFE7161BB9FC7D7C69E0EE204813CA7B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@.......J....`A........................................p...X............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-synch-l1-2-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.834520503429805
                                                              Encrypted:false
                                                              SSDEEP:192:etZ3xWqhWqWJWadJCsVWQ4mWfH/fKUSIX01k9z3AEXz40OY:etZ3xWqhWHCsMH2IR9z5OY
                                                              MD5:1281E9D1750431D2FE3B480A8175D45C
                                                              SHA1:BC982D1C750B88DCB4410739E057A86FF02D07EF
                                                              SHA-256:433BD8DDC4F79AEE65CA94A54286D75E7D92B019853A883E51C2B938D2469BAA
                                                              SHA-512:A954E6CE76F1375A8BEAC51D751B575BBC0B0B8BA6AA793402B26404E45718165199C2C00CCBCBA3783C16BDD96F0B2C17ADDCC619C39C8031BECEBEF428CE77
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......w....`A........................................p...x............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-sysinfo-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.916367637528538
                                                              Encrypted:false
                                                              SSDEEP:192:qaIMFSYWqhWzWJWadJCsVWQ4mW14LyttuX01k9z3A2ClV:qdYWqhWqCsISR9zfCT
                                                              MD5:FD46C3F6361E79B8616F56B22D935A53
                                                              SHA1:107F488AD966633579D8EC5EB1919541F07532CE
                                                              SHA-256:0DC92E8830BC84337DCAE19EF03A84EF5279CF7D4FDC2442C1BC25320369F9DF
                                                              SHA-512:3360B2E2A25D545CCD969F305C4668C6CDA443BBDBD8A8356FFE9FBC2F70D90CF4540F2F28C9ED3EEA6C9074F94E69746E7705E6254827E6A4F158A75D81065B
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-timezone-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.829681745003914
                                                              Encrypted:false
                                                              SSDEEP:192:HNpWqhW5WJWadJCsVWQ4mWbZyttuX01k9z3A2qkFU:HXWqhW4Cs1SR9zf9U
                                                              MD5:D12403EE11359259BA2B0706E5E5111C
                                                              SHA1:03CC7827A30FD1DEE38665C0CC993B4B533AC138
                                                              SHA-256:F60E1751A6AC41F08E46480BF8E6521B41E2E427803996B32BDC5E78E9560781
                                                              SHA-512:9004F4E59835AF57F02E8D9625814DB56F0E4A98467041DA6F1367EF32366AD96E0338D48FFF7CC65839A24148E2D9989883BCDDC329D9F4D27CAE3F843117D0
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@............`A........................................p...H............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-core-util-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.612408827336625
                                                              Encrypted:false
                                                              SSDEEP:192:CWqhW+WJWadJCsVWQ4mWprgfKUSIX01k9z3AEXzh:CWqhW7Cs12IR9z5F
                                                              MD5:0F129611A4F1E7752F3671C9AA6EA736
                                                              SHA1:40C07A94045B17DAE8A02C1D2B49301FAD231152
                                                              SHA-256:2E1F090ABA941B9D2D503E4CD735C958DF7BB68F1E9BDC3F47692E1571AAAC2F
                                                              SHA-512:6ABC0F4878BB302713755A188F662C6FE162EA6267E5E1C497C9BA9FDDBDAEA4DB050E322CB1C77D6638ECF1DAD940B9EBC92C43ACAA594040EE58D313CBCFAE
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-conio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.918215004381039
                                                              Encrypted:false
                                                              SSDEEP:192:OvMWqhWkWJWadJCsVWQ4mWoz/HyttuX01k9z3A21O:JWqhWxCs/SSR9zf1O
                                                              MD5:D4FBA5A92D68916EC17104E09D1D9D12
                                                              SHA1:247DBC625B72FFB0BF546B17FB4DE10CAD38D495
                                                              SHA-256:93619259328A264287AEE7C5B88F7F0EE32425D7323CE5DC5A2EF4FE3BED90D5
                                                              SHA-512:D5A535F881C09F37E0ADF3B58D41E123F527D081A1EBECD9A927664582AE268341771728DC967C30908E502B49F6F853EEAEBB56580B947A629EDC6BCE2340D8
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......UJ....`A.........................................................0...............0..x&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-convert-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26216
                                                              Entropy (8bit):4.882777558752248
                                                              Encrypted:false
                                                              SSDEEP:192:I9cy5WqhWKWEXCVWQ4mW1pbm6yttuX01k9z3A2jyM:Ry5WqhWdcbmLSR9zfjj
                                                              MD5:EDF71C5C232F5F6EF3849450F2100B54
                                                              SHA1:ED46DA7D59811B566DD438FA1D09C20F5DC493CE
                                                              SHA-256:B987AB40CDD950EBE7A9A9176B80B8FFFC005CCD370BB1CBBCAD078C1A506BDC
                                                              SHA-512:481A3C8DC5BEF793EE78CE85EC0F193E3E9F6CD57868B813965B312BD0FADEB5F4419707CD3004FBDB407652101D52E061EF84317E8BD458979443E9F8E4079A
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P............`A.........................................................@...............@..h&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-environment-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.738587310329139
                                                              Encrypted:false
                                                              SSDEEP:192:TWqhWXWEXCVWQ4mWPXTNyttuX01k9z3A2dGxr:TWqhWMKASR9zfYxr
                                                              MD5:F9235935DD3BA2AA66D3AA3412ACCFBF
                                                              SHA1:281E548B526411BCB3813EB98462F48FFAF4B3EB
                                                              SHA-256:2F6BD6C235E044755D5707BD560A6AFC0BA712437530F76D11079D67C0CF3200
                                                              SHA-512:AD0C0A7891FB8328F6F0CF1DDC97523A317D727C15D15498AFA53C07610210D2610DB4BC9BD25958D47ADC1AF829AD4D7CF8AABCAB3625C783177CCDB7714246
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......h*....`A............................................"............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-filesystem-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.202163846121633
                                                              Encrypted:false
                                                              SSDEEP:192:2pUEpnWlC0i5CBWqhWXLeWEXCVWQ4iW+/x6RMySX01k9z3Aza8Az629:2ptnWm5CBWqhWtWMR9zqaH629
                                                              MD5:5107487B726BDCC7B9F7E4C2FF7F907C
                                                              SHA1:EBC46221D3C81A409FAB9815C4215AD5DA62449C
                                                              SHA-256:94A86E28E829276974E01F8A15787FDE6ED699C8B9DC26F16A51765C86C3EADE
                                                              SHA-512:A0009B80AD6A928580F2B476C1BDF4352B0611BB3A180418F2A42CFA7A03B9F0575ED75EC855D30B26E0CCA96A6DA8AFFB54862B6B9AFF33710D2F3129283FAA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......M4....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-heap-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.866983142029453
                                                              Encrypted:false
                                                              SSDEEP:192:0vh8Y17aFBRsWqhW9AWEXCVWQ4mWCB4Lrp0KBQfX01k9z3ALkg5Z7:SL5WqhW9boRxB+R9z2kM7
                                                              MD5:D5D77669BD8D382EC474BE0608AFD03F
                                                              SHA1:1558F5A0F5FACC79D3957FF1E72A608766E11A64
                                                              SHA-256:8DD9218998B4C4C9E8D8B0F8B9611D49419B3C80DAA2F437CBF15BCFD4C0B3B8
                                                              SHA-512:8DEFA71772105FD9128A669F6FF19B6FE47745A0305BEB9A8CADB672ED087077F7538CD56E39329F7DAA37797A96469EAE7CD5E4CCA57C9A183B35BDC44182F3
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-locale-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.828044267819929
                                                              Encrypted:false
                                                              SSDEEP:192:dUnWqhWRWJWadJCsVWQ4mW+2PyttuX01k9z3A23y:cWqhWQCsHSR9zf3y
                                                              MD5:650435E39D38160ABC3973514D6C6640
                                                              SHA1:9A5591C29E4D91EAA0F12AD603AF05BB49708A2D
                                                              SHA-256:551A34C400522957063A2D71FA5ABA1CD78CC4F61F0ACE1CD42CC72118C500C0
                                                              SHA-512:7B4A8F86D583562956593D27B7ECB695CB24AB7192A94361F994FADBA7A488375217755E7ED5071DE1D0960F60F255AA305E9DD477C38B7BB70AC545082C9D5E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......-....`A............................................e............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-math-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):30328
                                                              Entropy (8bit):5.14173409150951
                                                              Encrypted:false
                                                              SSDEEP:384:r7yaFM4Oe59Ckb1hgmLVWqhW2CsWNbZR9zQoekS:/FMq59Bb1jnoFT9zGp
                                                              MD5:B8F0210C47847FC6EC9FBE2A1AD4DEBB
                                                              SHA1:E99D833AE730BE1FEDC826BF1569C26F30DA0D17
                                                              SHA-256:1C4A70A73096B64B536BE8132ED402BCFB182C01B8A451BFF452EFE36DDF76E7
                                                              SHA-512:992D790E18AC7AE33958F53D458D15BFF522A3C11A6BD7EE2F784AC16399DE8B9F0A7EE896D9F2C96D1E2C8829B2F35FF11FC5D8D1B14C77E22D859A1387797C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`............`A.............................................%...........P...............P..x&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-process-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):4.883012715268179
                                                              Encrypted:false
                                                              SSDEEP:192:5eXrqjd7ZWqhW3WEXCVWQ4mW3Ql1Lrp0KBQfX01k9z3ALkjY/12:54rgWqhWsP1RxB+R9z2kjY/Y
                                                              MD5:272C0F80FD132E434CDCDD4E184BB1D8
                                                              SHA1:5BC8B7260E690B4D4039FE27B48B2CECEC39652F
                                                              SHA-256:BD943767F3E0568E19FB52522217C22B6627B66A3B71CD38DD6653B50662F39D
                                                              SHA-512:94892A934A92EF1630FBFEA956D1FE3A3BFE687DEC31092828960968CB321C4AB3AF3CAF191D4E28C8CA6B8927FBC1EC5D17D5C8A962C848F4373602EC982CD4
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@......N.....`A............................................x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-runtime-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26208
                                                              Entropy (8bit):5.023753175006074
                                                              Encrypted:false
                                                              SSDEEP:192:4mGqX8mPrpJhhf4AN5/KiFWqhWyzWEXCVWQ4OW4034hHssDX01k9z3AaYX2cWo:4ysyr77WqhWyI0oFDR9z9YH9
                                                              MD5:20C0AFA78836B3F0B692C22F12BDA70A
                                                              SHA1:60BB74615A71BD6B489C500E6E69722F357D283E
                                                              SHA-256:962D725D089F140482EE9A8FF57F440A513387DD03FDC06B3A28562C8090C0BC
                                                              SHA-512:65F0E60136AB358661E5156B8ECD135182C8AAEFD3EC320ABDF9CFC8AEAB7B68581890E0BBC56BAD858B83D47B7A0143FA791195101DC3E2D78956F591641D16
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P......D!....`A............................................4............@...............@..`&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-stdio-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26232
                                                              Entropy (8bit):5.289041983400337
                                                              Encrypted:false
                                                              SSDEEP:192:UuV2OlkuWYFxEpahfWqhWNWJWadJCsVWQ4mWeX9UfKUSIX01k9z3AEXzGd5S:dV2oFVhfWqhWMCstE2IR9z5Sd5S
                                                              MD5:96498DC4C2C879055A7AFF2A1CC2451E
                                                              SHA1:FECBC0F854B1ADF49EF07BEACAD3CEC9358B4FB2
                                                              SHA-256:273817A137EE049CBD8E51DC0BB1C7987DF7E3BF4968940EE35376F87EF2EF8D
                                                              SHA-512:4E0B2EF0EFE81A8289A447EB48898992692FEEE4739CEB9D87F5598E449E0059B4E6F4EB19794B9DCDCE78C05C8871264797C14E4754FD73280F37EC3EA3C304
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P............`A............................................a............@...............@..x&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-string-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):26232
                                                              Entropy (8bit):5.284932479906984
                                                              Encrypted:false
                                                              SSDEEP:384:tCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWqhWbQCsMSR9zful:tCV5yguNvZ5VQgx3SbwA71IkFGqHe9zI
                                                              MD5:115E8275EB570B02E72C0C8A156970B3
                                                              SHA1:C305868A014D8D7BBEF9ABBB1C49A70E8511D5A6
                                                              SHA-256:415025DCE5A086DBFFC4CF322E8EAD55CB45F6D946801F6F5193DF044DB2F004
                                                              SHA-512:B97EF7C5203A0105386E4949445350D8FF1C83BDEAEE71CCF8DC22F7F6D4F113CB0A9BE136717895C36EE8455778549F629BF8D8364109185C0BF28F3CB2B2CA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P......\.....`A.........................................................@...............@..x&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-time-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22120
                                                              Entropy (8bit):5.253102285412285
                                                              Encrypted:false
                                                              SSDEEP:192:mt3hwDGWqhWrWEXCVWQ4mWn+deyttuX01k9z3A23x:AWqhWgPSR9zfh
                                                              MD5:001E60F6BBF255A60A5EA542E6339706
                                                              SHA1:F9172EC37921432D5031758D0C644FE78CDB25FA
                                                              SHA-256:82FBA9BC21F77309A649EDC8E6FC1900F37E3FFCB45CD61E65E23840C505B945
                                                              SHA-512:B1A6DC5A34968FBDC8147D8403ADF8B800A06771CC9F15613F5CE874C29259A156BAB875AAE4CAAEC2117817CE79682A268AA6E037546AECA664CD4EEA60ADBF
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@.......&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\api-ms-win-crt-utility-l1-1-0.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):22136
                                                              Entropy (8bit):4.810971823417463
                                                              Encrypted:false
                                                              SSDEEP:192:p/fHQduDWqhWJWJWadJCsVWQ4mWxrnyttuX01k9z3A2Yv6WT:p/ftWqhWoCsmySR9zfYvvT
                                                              MD5:A0776B3A28F7246B4A24FF1B2867BDBF
                                                              SHA1:383C9A6AFDA7C1E855E25055AAD00E92F9D6AAFF
                                                              SHA-256:2E554D9BF872A64D2CD0F0EB9D5A06DEA78548BC0C7A6F76E0A0C8C069F3C0A9
                                                              SHA-512:7C9F0F8E53B363EF5B2E56EEC95E7B78EC50E9308F34974A287784A1C69C9106F49EA2D9CA037F0A7B3C57620FCBB1C7C372F207C68167DF85797AFFC3D7F3BA
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......^.....`A............................................^............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\base_library.zip

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                              Category:dropped
                                                              Size (bytes):1334069
                                                              Entropy (8bit):5.58784984725534
                                                              Encrypted:false
                                                              SSDEEP:12288:NttcY+bS4OmE1jc+fYNXPh26UZWAzLX7jOIqL3QtltIrdmoP0Hz1dc+4/BaYcUi:NttcY+NHSPL/eMKrdmoPuzFcaYcUi
                                                              MD5:55DF3C98D18EC80BC37A6682BA0ABCBB
                                                              SHA1:E3BF60CFECFEE2473D4E0B07057AF3C27AFA6567
                                                              SHA-256:D8DE678C0AC0CECB7BE261BDA75511C47E6A565F0C6260EACF240C7C5039753B
                                                              SHA-512:26368C9187155EE83C450BFC792938A2908C473BA60330CE95BCC3F780390043879BBFF3949BD4A25B38343EAC3C5C9BA709267959109C9C99A229809C97F3BD
                                                              Malicious:false
                                                              Preview:PK..........!..............._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\certifi\cacert.pem

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291528
                                                              Entropy (8bit):6.047650375646611
                                                              Encrypted:false
                                                              SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5NP:QWb/TRJLWURrI5RWavdF0J
                                                              MD5:181AC9A809B1A8F1BC39C1C5C777CF2A
                                                              SHA1:9341E715CEA2E6207329E7034365749FCA1F37DC
                                                              SHA-256:488BA960602BF07CC63F4EF7AEC108692FEC41820FC3328A8E3F3DE038149AEE
                                                              SHA-512:E19A92B94AEDCF1282B3EF561BD471EA19ED361334092C55D72425F9183EBD1D30A619E493841B6F75C629F26F28DC682960977941B486C59475F21CF86FFF85
                                                              Malicious:false
                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md.cp312-win_amd64.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):10752
                                                              Entropy (8bit):4.674392865869017
                                                              Encrypted:false
                                                              SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                              MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                              SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                              SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                              SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):122880
                                                              Entropy (8bit):5.917175475547778
                                                              Encrypted:false
                                                              SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                              MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                              SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                              SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                              SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\libcrypto-3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):5191960
                                                              Entropy (8bit):5.962142634441191
                                                              Encrypted:false
                                                              SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                              MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                              SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                              SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                              SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\libssl-3.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):787224
                                                              Entropy (8bit):5.609561366841894
                                                              Encrypted:false
                                                              SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                              MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                              SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                              SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                              SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\python312.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6926616
                                                              Entropy (8bit):5.7675148099570395
                                                              Encrypted:false
                                                              SSDEEP:49152:PPknDqOJlpxSupRo2vXDZ2lgghXQIX2CG4Ts99kdwQAvyodh1GCOepxk1NHh8yfE:kdlpx9p5Loehv6JfDvXHDMiETH+0Tn
                                                              MD5:D521654D889666A0BC753320F071EF60
                                                              SHA1:5FD9B90C5D0527E53C199F94BAD540C1E0985DB6
                                                              SHA-256:21700F0BAD5769A1B61EA408DC0A140FFD0A356A774C6EB0CC70E574B929D2E2
                                                              SHA-512:7A726835423A36DE80FB29EF65DFE7150BD1567CAC6F3569E24D9FE091496C807556D0150456429A3D1A6FD2ED0B8AE3128EA3B8674C97F42CE7C897719D2CD3
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..N%..N%..N%......L%....m.@%......J%......F%......C%..G]..T%...]..E%..N%..>$..]....%..]...O%..].o.O%..]...O%..RichN%..........................PE..d.....bf.........." ...(..(..<B......w.......................................pj.....[.j...`..........................................VN.d...D$O.......i......._..J....i../....i..[....2.T.....................H.(.....2.@.............(..............................text.....'.......(................. ..`.rdata...9'...(..:'...(.............@..@.data....L...PO......>O.............@....pdata...J...._..L....^.............@..@PyRuntim0.....a.......a.............@....rsrc.........i.......h.............@..@.reloc...[....i..\...&h.............@..B........................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\select.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):31000
                                                              Entropy (8bit):6.554631307714331
                                                              Encrypted:false
                                                              SSDEEP:384:2RVBC9t6Lhz64wHqFslDT90YpISQGrHQIYiSy1pCQ+42AM+o/8E9VF0Nyes:YGyIHqG1HpISQG75YiSyvB2AMxkEp
                                                              MD5:D0CC9FC9A0650BA00BD206720223493B
                                                              SHA1:295BC204E489572B74CC11801ED8590F808E1618
                                                              SHA-256:411D6F538BDBAF60F1A1798FA8AA7ED3A4E8FCC99C9F9F10D21270D2F3742019
                                                              SHA-512:D3EBCB91D1B8AA247D50C2C4B2BA1BF3102317C593CBF6C63883E8BF9D6E50C0A40F149654797ABC5B4F17AEE282DDD972A8CD9189BFCD5B9CEC5AB9C341E20B
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'...&..'...&..'...&..'...&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'........PE..d.....bf.........." ...(.....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\ucrtbase.dll

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1016584
                                                              Entropy (8bit):6.669319438805479
                                                              Encrypted:false
                                                              SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                              MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                              SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                              SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                              SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Temp\_MEI63402\unicodedata.pyd

                                                              Download File
                                                              Process:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1138456
                                                              Entropy (8bit):5.461934346955969
                                                              Encrypted:false
                                                              SSDEEP:12288:LrEHdcM6hbqCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAjL:LrEXPCjfk7bPNfv42BN6yzUAjL
                                                              MD5:CC8142BEDAFDFAA50B26C6D07755C7A6
                                                              SHA1:0FCAB5816EAF7B138F22C29C6D5B5F59551B39FE
                                                              SHA-256:BC2CF23B7B7491EDCF03103B78DBAF42AFD84A60EA71E764AF9A1DDD0FE84268
                                                              SHA-512:C3B0C1DBE5BF159AB7706F314A75A856A08EBB889F53FE22AB3EC92B35B5E211EDAB3934DF3DA64EBEA76F38EB9BFC9504DB8D7546A36BC3CABE40C5599A9CBD
                                                              Malicious:false
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....}...}...}......}..*|...}..*~...}..*y...}..*x...}..-|...}.H.|...}...|.S.}..-p...}..-}...}..-....}..-....}.Rich..}.........................PE..d.....bf.........." ...(.@..........0*.......................................p............`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (console) x86-64, for MS Windows
                                                              Entropy (8bit):7.992724184250649
                                                              TrID:
                                                              • Win64 Executable Console (202006/5) 92.65%
                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                              • DOS Executable Generic (2002/1) 0.92%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:LKEAHetlG6.exe
                                                              File size:9'300'301 bytes
                                                              MD5:56407455f0d9001e20b5bb55aacedb69
                                                              SHA1:831304ec839bdc1fa40c71c48eb2ef3872ba28a7
                                                              SHA256:c4f3815a85c4c42379e5a5fadeddfd6a5c412ab48b628ad6d07d85eb5827a009
                                                              SHA512:e8e744bdb9e75d0e003139f99625b8c675d95189734ac3c5200e98b0c680a94852c7bb127dde1902e203a4d8b5b024df0f1f97ac8bb06e4c7769f01f065caa9d
                                                              SSDEEP:196608:d7Xg49UERBA1HeT39IigQh1ncKOVVtgSE37cdEtQtNQGxwKF:dr5q1+TtIiLv0VlCME6CO
                                                              TLSH:A796339173E20CF6E66B943B8471CF25EAA3BC584322C68F53D44AD32F531929D39B52
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.CU3.-.3.-.3.-.x...4.-.x.(...-.x.).9.-..;..0.-..;..:.-..;).".-..;(...-.x.,.4.-.3.,.O.-. <).*.-. </.2.-.Rich3.-.........PE..d..

                                                              File Icon

                                                              Icon Hash:2e1e7c4c4c61e979

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x14000b4d0
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows cui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66A00558 [Tue Jul 23 19:32:40 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:ba2fe82dbe3fc8bdddc26ef88c3ef15a

                                                              Entrypoint Preview

                                                              Instruction
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F9C3862FD5Ch
                                                              dec eax
                                                              add esp, 28h
                                                              jmp 00007F9C3862F96Fh
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              call 00007F9C386300E8h
                                                              test eax, eax
                                                              je 00007F9C3862FB23h
                                                              dec eax
                                                              mov eax, dword ptr [00000030h]
                                                              dec eax
                                                              mov ecx, dword ptr [eax+08h]
                                                              jmp 00007F9C3862FB07h
                                                              dec eax
                                                              cmp ecx, eax
                                                              je 00007F9C3862FB16h
                                                              xor eax, eax
                                                              dec eax
                                                              cmpxchg dword ptr [0003A03Ch], ecx
                                                              jne 00007F9C3862FAF0h
                                                              xor al, al
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              mov al, 01h
                                                              jmp 00007F9C3862FAF9h
                                                              int3
                                                              int3
                                                              int3
                                                              dec eax
                                                              sub esp, 28h
                                                              test ecx, ecx
                                                              jne 00007F9C3862FB09h
                                                              mov byte ptr [0003A025h], 00000001h
                                                              call 00007F9C3862F245h
                                                              call 00007F9C38630500h
                                                              test al, al
                                                              jne 00007F9C3862FB06h
                                                              xor al, al
                                                              jmp 00007F9C3862FB16h
                                                              call 00007F9C3863E9CFh
                                                              test al, al
                                                              jne 00007F9C3862FB0Bh
                                                              xor ecx, ecx
                                                              call 00007F9C38630510h
                                                              jmp 00007F9C3862FAECh
                                                              mov al, 01h
                                                              dec eax
                                                              add esp, 28h
                                                              ret
                                                              int3
                                                              int3
                                                              inc eax
                                                              push ebx
                                                              dec eax
                                                              sub esp, 20h
                                                              cmp byte ptr [00039FECh], 00000000h
                                                              mov ebx, ecx
                                                              jne 00007F9C3862FB69h
                                                              cmp ecx, 01h
                                                              jnbe 00007F9C3862FB6Ch
                                                              call 00007F9C3863005Eh
                                                              test eax, eax
                                                              je 00007F9C3862FB2Ah
                                                              test ebx, ebx
                                                              jne 00007F9C3862FB26h
                                                              dec eax
                                                              lea ecx, dword ptr [00039FD6h]
                                                              call 00007F9C3863E7C2h

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3d6940x50.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4a0000xef8c.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x470000x22c8.pdata
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x590000x768.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3ac600x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3ab200x140.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2c0000x398.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x2a2b00x2a400e053bf2f68c38f61c99aca86be7960ddFalse0.5460082285502958data6.489919752629757IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x2c0000x1233a0x124002f1755e05d4519a381ed55b58399a0f3False0.5267417594178082data5.783019917218662IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x3f0000x73e80xe000a0e29468eba7a0d037450c69e0a49c7False0.134765625data1.846104717976044IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x470000x22c80x24000c9766474f47260d6400d369145300b2False0.4747178819444444data5.345499890484728IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .rsrc0x4a0000xef8c0xf000182535996cad843065a3dadaf64df887False0.8010091145833333data7.350145587019619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x590000x7680x80020f278305f39ce7b0fa7b6fef8861e19False0.52099609375data5.224382024500949IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x4a2080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                              RT_ICON0x4b0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                              RT_ICON0x4b9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                              RT_ICON0x4bec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                              RT_ICON0x54f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                              RT_ICON0x575040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                              RT_ICON0x585ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                              RT_GROUP_ICON0x58a140x68data0.7019230769230769
                                                              RT_MANIFEST0x58a7c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                              Imports

                                                              DLLImport
                                                              USER32.dllGetWindowThreadProcessId, ShowWindow
                                                              KERNEL32.dllGetModuleFileNameW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, WaitForSingleObject, FormatMessageW, GetCurrentProcess, GetCurrentProcessId, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, HeapReAlloc, GetLastError, WriteConsoleW, SetEndOfFile, Sleep, EnterCriticalSection, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW, GetFileAttributesExW, GetStringTypeW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize
                                                              ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 3, 2024 09:57:06.499998093 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:06.500078917 CEST44349705149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:06.500262976 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:06.500962019 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:06.501009941 CEST44349705149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.007666111 CEST44349705149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.008368015 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.008413076 CEST44349705149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.010540962 CEST44349705149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.010636091 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.011758089 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.011897087 CEST49705443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.014123917 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.014183998 CEST44349706149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.014269114 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.014638901 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.014664888 CEST44349706149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.494265079 CEST44349706149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.494802952 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.494821072 CEST44349706149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.498486042 CEST44349706149.137.136.16192.168.2.5
                                                              Aug 3, 2024 09:57:07.498585939 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.499373913 CEST49706443192.168.2.5149.137.136.16
                                                              Aug 3, 2024 09:57:07.499481916 CEST49706443192.168.2.5149.137.136.16

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 3, 2024 09:57:06.489041090 CEST5349753192.168.2.51.1.1.1
                                                              Aug 3, 2024 09:57:06.496846914 CEST53534971.1.1.1192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Aug 3, 2024 09:57:06.489041090 CEST192.168.2.51.1.1.10xa5c0Standard query (0)f005.backblazeb2.comA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Aug 3, 2024 09:57:06.496846914 CEST1.1.1.1192.168.2.50xa5c0No error (0)f005.backblazeb2.com149.137.136.16A (IP address)IN (0x0001)false

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:03:56:59
                                                              Start date:03/08/2024
                                                              Path:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\LKEAHetlG6.exe"
                                                              Imagebase:0x7ff7e5d60000
                                                              File size:9'300'301 bytes
                                                              MD5 hash:56407455F0D9001E20B5BB55AACEDB69
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:03:56:59
                                                              Start date:03/08/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6d64d0000
                                                              File size:862'208 bytes
                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:3
                                                              Start time:03:57:01
                                                              Start date:03/08/2024
                                                              Path:C:\Users\user\Desktop\LKEAHetlG6.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\LKEAHetlG6.exe"
                                                              Imagebase:0x7ff7e5d60000
                                                              File size:9'300'301 bytes
                                                              MD5 hash:56407455F0D9001E20B5BB55AACEDB69
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:03:57:06
                                                              Start date:03/08/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\cmd.exe /c "kdmapper.exe drv.sys"
                                                              Imagebase:0x7ff6c69f0000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:9.3%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:8.8%
                                                                Total number of Nodes:2000
                                                                Total number of Limit Nodes:40
                                                                execution_graph 19810 7ff7e5d8b112 19813 7ff7e5d75238 LeaveCriticalSection 19810->19813 20282 7ff7e5d8af8c 20283 7ff7e5d8af9c 20282->20283 20286 7ff7e5d75238 LeaveCriticalSection 20283->20286 19823 7ff7e5d79de0 19826 7ff7e5d79d58 19823->19826 19833 7ff7e5d80668 EnterCriticalSection 19826->19833 19841 7ff7e5d7afe0 19842 7ff7e5d7afe5 19841->19842 19846 7ff7e5d7affa 19841->19846 19847 7ff7e5d7b000 19842->19847 19848 7ff7e5d7b04a 19847->19848 19849 7ff7e5d7b042 19847->19849 19851 7ff7e5d7a574 __free_lconv_num 11 API calls 19848->19851 19850 7ff7e5d7a574 __free_lconv_num 11 API calls 19849->19850 19850->19848 19852 7ff7e5d7b057 19851->19852 19853 7ff7e5d7a574 __free_lconv_num 11 API calls 19852->19853 19854 7ff7e5d7b064 19853->19854 19855 7ff7e5d7a574 __free_lconv_num 11 API calls 19854->19855 19856 7ff7e5d7b071 19855->19856 19857 7ff7e5d7a574 __free_lconv_num 11 API calls 19856->19857 19858 7ff7e5d7b07e 19857->19858 19859 7ff7e5d7a574 __free_lconv_num 11 API calls 19858->19859 19860 7ff7e5d7b08b 19859->19860 19861 7ff7e5d7a574 __free_lconv_num 11 API calls 19860->19861 19862 7ff7e5d7b098 19861->19862 19863 7ff7e5d7a574 __free_lconv_num 11 API calls 19862->19863 19864 7ff7e5d7b0a5 19863->19864 19865 7ff7e5d7a574 __free_lconv_num 11 API calls 19864->19865 19866 7ff7e5d7b0b5 19865->19866 19867 7ff7e5d7a574 __free_lconv_num 11 API calls 19866->19867 19868 7ff7e5d7b0c5 19867->19868 19873 7ff7e5d7aeac 19868->19873 19887 7ff7e5d80668 EnterCriticalSection 19873->19887 20728 7ff7e5d6b260 20729 7ff7e5d6b270 20728->20729 20745 7ff7e5d79bf8 20729->20745 20731 7ff7e5d6b27c 20751 7ff7e5d6b568 20731->20751 20733 7ff7e5d6b84c 7 API calls 20735 7ff7e5d6b315 20733->20735 20734 7ff7e5d6b294 _RTC_Initialize 20743 7ff7e5d6b2e9 20734->20743 20756 7ff7e5d6b718 20734->20756 20737 7ff7e5d6b2a9 20759 7ff7e5d79068 20737->20759 20743->20733 20744 7ff7e5d6b305 20743->20744 20746 7ff7e5d79c09 20745->20746 20747 7ff7e5d79c11 20746->20747 20748 7ff7e5d7b598 _set_fmode 11 API calls 20746->20748 20747->20731 20749 7ff7e5d79c20 20748->20749 20750 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 20749->20750 20750->20747 20752 7ff7e5d6b579 20751->20752 20755 7ff7e5d6b57e __scrt_acquire_startup_lock 20751->20755 20753 7ff7e5d6b84c 7 API calls 20752->20753 20752->20755 20754 7ff7e5d6b5f2 20753->20754 20755->20734 20784 7ff7e5d6b6dc 20756->20784 20758 7ff7e5d6b721 20758->20737 20760 7ff7e5d79088 20759->20760 20767 7ff7e5d6b2b5 20759->20767 20761 7ff7e5d790a6 GetModuleFileNameW 20760->20761 20762 7ff7e5d79090 20760->20762 20766 7ff7e5d790d1 20761->20766 20763 7ff7e5d7b598 _set_fmode 11 API calls 20762->20763 20764 7ff7e5d79095 20763->20764 20765 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 20764->20765 20765->20767 20768 7ff7e5d79008 11 API calls 20766->20768 20767->20743 20783 7ff7e5d6b7ec InitializeSListHead 20767->20783 20769 7ff7e5d79111 20768->20769 20770 7ff7e5d79119 20769->20770 20774 7ff7e5d79131 20769->20774 20771 7ff7e5d7b598 _set_fmode 11 API calls 20770->20771 20772 7ff7e5d7911e 20771->20772 20773 7ff7e5d7a574 __free_lconv_num 11 API calls 20772->20773 20773->20767 20775 7ff7e5d79153 20774->20775 20777 7ff7e5d79198 20774->20777 20778 7ff7e5d7917f 20774->20778 20776 7ff7e5d7a574 __free_lconv_num 11 API calls 20775->20776 20776->20767 20780 7ff7e5d7a574 __free_lconv_num 11 API calls 20777->20780 20779 7ff7e5d7a574 __free_lconv_num 11 API calls 20778->20779 20781 7ff7e5d79188 20779->20781 20780->20775 20782 7ff7e5d7a574 __free_lconv_num 11 API calls 20781->20782 20782->20767 20785 7ff7e5d6b6f6 20784->20785 20787 7ff7e5d6b6ef 20784->20787 20788 7ff7e5d7a27c 20785->20788 20787->20758 20791 7ff7e5d79eb8 20788->20791 20798 7ff7e5d80668 EnterCriticalSection 20791->20798 19511 7ff7e5d756f4 19512 7ff7e5d7570e 19511->19512 19513 7ff7e5d7572b 19511->19513 19514 7ff7e5d7b578 _fread_nolock 11 API calls 19512->19514 19513->19512 19515 7ff7e5d7573e CreateFileW 19513->19515 19516 7ff7e5d75713 19514->19516 19517 7ff7e5d757a8 19515->19517 19518 7ff7e5d75772 19515->19518 19520 7ff7e5d7b598 _set_fmode 11 API calls 19516->19520 19562 7ff7e5d75cd0 19517->19562 19536 7ff7e5d75848 GetFileType 19518->19536 19523 7ff7e5d7571b 19520->19523 19527 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19523->19527 19525 7ff7e5d757dc 19583 7ff7e5d75a90 19525->19583 19526 7ff7e5d757b1 19530 7ff7e5d7b50c _fread_nolock 11 API calls 19526->19530 19532 7ff7e5d75726 19527->19532 19528 7ff7e5d7579d CloseHandle 19528->19532 19529 7ff7e5d75787 CloseHandle 19529->19532 19535 7ff7e5d757bb 19530->19535 19535->19532 19537 7ff7e5d75896 19536->19537 19538 7ff7e5d75953 19536->19538 19541 7ff7e5d758c2 GetFileInformationByHandle 19537->19541 19546 7ff7e5d75bcc 21 API calls 19537->19546 19539 7ff7e5d7597d 19538->19539 19540 7ff7e5d7595b 19538->19540 19545 7ff7e5d759a0 PeekNamedPipe 19539->19545 19560 7ff7e5d7593e 19539->19560 19542 7ff7e5d7596e GetLastError 19540->19542 19543 7ff7e5d7595f 19540->19543 19541->19542 19544 7ff7e5d758eb 19541->19544 19549 7ff7e5d7b50c _fread_nolock 11 API calls 19542->19549 19547 7ff7e5d7b598 _set_fmode 11 API calls 19543->19547 19548 7ff7e5d75a90 51 API calls 19544->19548 19545->19560 19552 7ff7e5d758b0 19546->19552 19547->19560 19550 7ff7e5d758f6 19548->19550 19549->19560 19600 7ff7e5d759f0 19550->19600 19551 7ff7e5d6ac60 _log10_special 8 API calls 19554 7ff7e5d75780 19551->19554 19552->19541 19552->19560 19554->19528 19554->19529 19556 7ff7e5d759f0 10 API calls 19557 7ff7e5d75915 19556->19557 19558 7ff7e5d759f0 10 API calls 19557->19558 19559 7ff7e5d75926 19558->19559 19559->19560 19561 7ff7e5d7b598 _set_fmode 11 API calls 19559->19561 19560->19551 19561->19560 19563 7ff7e5d75d06 19562->19563 19564 7ff7e5d75d9e __std_exception_copy 19563->19564 19565 7ff7e5d7b598 _set_fmode 11 API calls 19563->19565 19566 7ff7e5d6ac60 _log10_special 8 API calls 19564->19566 19567 7ff7e5d75d18 19565->19567 19568 7ff7e5d757ad 19566->19568 19569 7ff7e5d7b598 _set_fmode 11 API calls 19567->19569 19568->19525 19568->19526 19570 7ff7e5d75d20 19569->19570 19571 7ff7e5d77e54 45 API calls 19570->19571 19572 7ff7e5d75d35 19571->19572 19573 7ff7e5d75d3d 19572->19573 19574 7ff7e5d75d47 19572->19574 19575 7ff7e5d7b598 _set_fmode 11 API calls 19573->19575 19576 7ff7e5d7b598 _set_fmode 11 API calls 19574->19576 19579 7ff7e5d75d42 19575->19579 19577 7ff7e5d75d4c 19576->19577 19577->19564 19578 7ff7e5d7b598 _set_fmode 11 API calls 19577->19578 19580 7ff7e5d75d56 19578->19580 19579->19564 19581 7ff7e5d75d90 GetDriveTypeW 19579->19581 19582 7ff7e5d77e54 45 API calls 19580->19582 19581->19564 19582->19579 19585 7ff7e5d75ab8 19583->19585 19584 7ff7e5d757e9 19593 7ff7e5d75bcc 19584->19593 19585->19584 19607 7ff7e5d7fab4 19585->19607 19587 7ff7e5d75b4c 19587->19584 19588 7ff7e5d7fab4 51 API calls 19587->19588 19589 7ff7e5d75b5f 19588->19589 19589->19584 19590 7ff7e5d7fab4 51 API calls 19589->19590 19591 7ff7e5d75b72 19590->19591 19591->19584 19592 7ff7e5d7fab4 51 API calls 19591->19592 19592->19584 19594 7ff7e5d75be6 19593->19594 19595 7ff7e5d75c1d 19594->19595 19596 7ff7e5d75bf6 19594->19596 19597 7ff7e5d7f948 21 API calls 19595->19597 19598 7ff7e5d7b50c _fread_nolock 11 API calls 19596->19598 19599 7ff7e5d75c06 19596->19599 19597->19599 19598->19599 19599->19535 19601 7ff7e5d75a0c 19600->19601 19602 7ff7e5d75a19 FileTimeToSystemTime 19600->19602 19601->19602 19603 7ff7e5d75a14 19601->19603 19602->19603 19604 7ff7e5d75a2d SystemTimeToTzSpecificLocalTime 19602->19604 19605 7ff7e5d6ac60 _log10_special 8 API calls 19603->19605 19604->19603 19606 7ff7e5d75905 19605->19606 19606->19556 19608 7ff7e5d7fae5 19607->19608 19609 7ff7e5d7fac1 19607->19609 19611 7ff7e5d7fb1f 19608->19611 19614 7ff7e5d7fb3e 19608->19614 19609->19608 19610 7ff7e5d7fac6 19609->19610 19612 7ff7e5d7b598 _set_fmode 11 API calls 19610->19612 19613 7ff7e5d7b598 _set_fmode 11 API calls 19611->19613 19615 7ff7e5d7facb 19612->19615 19616 7ff7e5d7fb24 19613->19616 19617 7ff7e5d74ee8 45 API calls 19614->19617 19618 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19615->19618 19619 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19616->19619 19623 7ff7e5d7fb4b 19617->19623 19620 7ff7e5d7fad6 19618->19620 19622 7ff7e5d7fb2f 19619->19622 19620->19587 19621 7ff7e5d8086c 51 API calls 19621->19623 19622->19587 19623->19621 19623->19622 19906 7ff7e5d817f0 19924 7ff7e5d80668 EnterCriticalSection 19906->19924 19677 7ff7e5d6a1f0 19678 7ff7e5d6a21e 19677->19678 19679 7ff7e5d6a205 19677->19679 19679->19678 19681 7ff7e5d7d8d4 12 API calls 19679->19681 19680 7ff7e5d6a27e 19681->19680 21065 7ff7e5d81a40 21076 7ff7e5d87774 21065->21076 21077 7ff7e5d87781 21076->21077 21078 7ff7e5d7a574 __free_lconv_num 11 API calls 21077->21078 21080 7ff7e5d8779d 21077->21080 21078->21077 21079 7ff7e5d7a574 __free_lconv_num 11 API calls 21079->21080 21080->21079 21081 7ff7e5d81a49 21080->21081 21082 7ff7e5d80668 EnterCriticalSection 21081->21082 16887 7ff7e5d6b34c 16908 7ff7e5d6b52c 16887->16908 16890 7ff7e5d6b36d __scrt_acquire_startup_lock 16893 7ff7e5d6b4ad 16890->16893 16898 7ff7e5d6b38b __scrt_release_startup_lock 16890->16898 16891 7ff7e5d6b4a3 17053 7ff7e5d6b84c IsProcessorFeaturePresent 16891->17053 16894 7ff7e5d6b84c 7 API calls 16893->16894 16896 7ff7e5d6b4b8 __CxxCallCatchBlock 16894->16896 16895 7ff7e5d6b3b0 16897 7ff7e5d6b436 16916 7ff7e5d797d0 16897->16916 16898->16895 16898->16897 17042 7ff7e5d79b7c 16898->17042 16901 7ff7e5d6b43b 16922 7ff7e5d61000 16901->16922 16905 7ff7e5d6b45f 16905->16896 17049 7ff7e5d6b6b0 16905->17049 16909 7ff7e5d6b534 16908->16909 16910 7ff7e5d6b540 __scrt_dllmain_crt_thread_attach 16909->16910 16911 7ff7e5d6b54d 16910->16911 16912 7ff7e5d6b365 16910->16912 17060 7ff7e5d7a41c 16911->17060 16912->16890 16912->16891 16917 7ff7e5d797e0 16916->16917 16920 7ff7e5d797f5 16916->16920 16917->16920 17103 7ff7e5d79260 16917->17103 16920->16901 16923 7ff7e5d626b0 16922->16923 17172 7ff7e5d754d0 16923->17172 16925 7ff7e5d626eb 17179 7ff7e5d625a0 16925->17179 16930 7ff7e5d6ac60 _log10_special 8 API calls 16933 7ff7e5d62a6e 16930->16933 16931 7ff7e5d6272c 16934 7ff7e5d61bd0 49 API calls 16931->16934 16932 7ff7e5d62836 17355 7ff7e5d631c0 16932->17355 17047 7ff7e5d6b99c GetModuleHandleW 16933->17047 16957 7ff7e5d62748 16934->16957 16937 7ff7e5d62885 17378 7ff7e5d61df0 GetCurrentProcessId 16937->17378 16940 7ff7e5d6299b 16942 7ff7e5d629a4 16940->16942 16943 7ff7e5d6299f 16940->16943 16941 7ff7e5d62994 17384 7ff7e5d676e0 GetConsoleWindow 16941->17384 17241 7ff7e5d670f0 16942->17241 17389 7ff7e5d67850 GetConsoleWindow 16943->17389 16944 7ff7e5d62878 16949 7ff7e5d6287d 16944->16949 16950 7ff7e5d6289f 16944->16950 17374 7ff7e5d6e6f4 16949->17374 16952 7ff7e5d61bd0 49 API calls 16950->16952 16954 7ff7e5d628be 16952->16954 16953 7ff7e5d629b0 __std_exception_copy 16955 7ff7e5d62ab3 16953->16955 16956 7ff7e5d629f2 16953->16956 16960 7ff7e5d618d0 114 API calls 16954->16960 17394 7ff7e5d630e0 16955->17394 16959 7ff7e5d670f0 14 API calls 16956->16959 16957->16940 16957->16941 16962 7ff7e5d629fe 16959->16962 16963 7ff7e5d628df 16960->16963 16961 7ff7e5d62ac1 16964 7ff7e5d62ad4 16961->16964 16965 7ff7e5d62ae0 16961->16965 17254 7ff7e5d67260 16962->17254 16963->16957 16968 7ff7e5d628ef 16963->16968 17397 7ff7e5d63230 16964->17397 16970 7ff7e5d61bd0 49 API calls 16965->16970 16967 7ff7e5d62a0d 16971 7ff7e5d62a84 16967->16971 16975 7ff7e5d62a17 16967->16975 16972 7ff7e5d61df0 81 API calls 16968->16972 16981 7ff7e5d62a39 __std_exception_copy 16970->16981 17263 7ff7e5d67730 16971->17263 17033 7ff7e5d626f8 16972->17033 17259 7ff7e5d61bd0 16975->17259 16976 7ff7e5d62b0d 16979 7ff7e5d62b1e SetDllDirectoryW 16976->16979 16980 7ff7e5d62a40 16976->16980 16982 7ff7e5d62b32 16979->16982 16985 7ff7e5d61df0 81 API calls 16980->16985 16981->16980 17313 7ff7e5d67aa0 16981->17313 16984 7ff7e5d62cad 16982->16984 17318 7ff7e5d657e0 16982->17318 16987 7ff7e5d62cb8 16984->16987 16988 7ff7e5d62cbf 16984->16988 16985->17033 16990 7ff7e5d676e0 4 API calls 16987->16990 16992 7ff7e5d62cc8 16988->16992 16993 7ff7e5d62cc3 16988->16993 16994 7ff7e5d62cbd 16990->16994 17444 7ff7e5d62240 16992->17444 16996 7ff7e5d67850 4 API calls 16993->16996 16994->16992 16995 7ff7e5d62b59 16997 7ff7e5d62bb6 16995->16997 16999 7ff7e5d62b70 16995->16999 17400 7ff7e5d65820 16995->17400 16996->16992 16997->16984 17005 7ff7e5d62bcb 16997->17005 17012 7ff7e5d62b74 16999->17012 17421 7ff7e5d65bf0 16999->17421 17335 7ff7e5d622a0 17005->17335 17009 7ff7e5d65a00 FreeLibrary 17011 7ff7e5d62cee 17009->17011 17012->16997 17013 7ff7e5d61df0 81 API calls 17012->17013 17015 7ff7e5d62bae 17013->17015 17437 7ff7e5d65a00 17015->17437 17033->16930 17043 7ff7e5d79bb4 17042->17043 17044 7ff7e5d79b93 17042->17044 19462 7ff7e5d7a468 17043->19462 17044->16897 17048 7ff7e5d6b9ad 17047->17048 17048->16905 17050 7ff7e5d6b6c1 17049->17050 17051 7ff7e5d6b476 17050->17051 17052 7ff7e5d6bf68 7 API calls 17050->17052 17051->16895 17052->17051 17054 7ff7e5d6b872 __CxxCallCatchBlock memcpy_s 17053->17054 17055 7ff7e5d6b891 RtlCaptureContext RtlLookupFunctionEntry 17054->17055 17056 7ff7e5d6b8ba RtlVirtualUnwind 17055->17056 17057 7ff7e5d6b8f6 memcpy_s 17055->17057 17056->17057 17058 7ff7e5d6b928 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17057->17058 17059 7ff7e5d6b976 __CxxCallCatchBlock 17058->17059 17059->16893 17061 7ff7e5d8383c 17060->17061 17062 7ff7e5d6b552 17061->17062 17070 7ff7e5d7c630 17061->17070 17062->16912 17064 7ff7e5d6bf68 17062->17064 17065 7ff7e5d6bf7a 17064->17065 17066 7ff7e5d6bf70 17064->17066 17065->16912 17082 7ff7e5d6c304 17066->17082 17081 7ff7e5d80668 EnterCriticalSection 17070->17081 17083 7ff7e5d6c313 17082->17083 17084 7ff7e5d6bf75 17082->17084 17090 7ff7e5d6c540 17083->17090 17086 7ff7e5d6c370 17084->17086 17087 7ff7e5d6c39b 17086->17087 17088 7ff7e5d6c37e DeleteCriticalSection 17087->17088 17089 7ff7e5d6c39f 17087->17089 17088->17087 17089->17065 17094 7ff7e5d6c3a8 17090->17094 17095 7ff7e5d6c492 TlsFree 17094->17095 17101 7ff7e5d6c3ec __vcrt_InitializeCriticalSectionEx 17094->17101 17096 7ff7e5d6c41a LoadLibraryExW 17098 7ff7e5d6c43b GetLastError 17096->17098 17099 7ff7e5d6c4b9 17096->17099 17097 7ff7e5d6c4d9 GetProcAddress 17097->17095 17098->17101 17099->17097 17100 7ff7e5d6c4d0 FreeLibrary 17099->17100 17100->17097 17101->17095 17101->17096 17101->17097 17102 7ff7e5d6c45d LoadLibraryExW 17101->17102 17102->17099 17102->17101 17104 7ff7e5d79279 17103->17104 17115 7ff7e5d79275 17103->17115 17124 7ff7e5d82dcc GetEnvironmentStringsW 17104->17124 17107 7ff7e5d79286 17109 7ff7e5d7a574 __free_lconv_num 11 API calls 17107->17109 17108 7ff7e5d79292 17131 7ff7e5d793e0 17108->17131 17109->17115 17112 7ff7e5d7a574 __free_lconv_num 11 API calls 17113 7ff7e5d792b9 17112->17113 17114 7ff7e5d7a574 __free_lconv_num 11 API calls 17113->17114 17114->17115 17115->16920 17116 7ff7e5d79620 17115->17116 17117 7ff7e5d79643 17116->17117 17122 7ff7e5d7965a 17116->17122 17117->16920 17118 7ff7e5d7f014 _set_fmode 11 API calls 17118->17122 17119 7ff7e5d796ce 17121 7ff7e5d7a574 __free_lconv_num 11 API calls 17119->17121 17120 7ff7e5d7fc30 MultiByteToWideChar _fread_nolock 17120->17122 17121->17117 17122->17117 17122->17118 17122->17119 17122->17120 17123 7ff7e5d7a574 __free_lconv_num 11 API calls 17122->17123 17123->17122 17125 7ff7e5d7927e 17124->17125 17126 7ff7e5d82df0 17124->17126 17125->17107 17125->17108 17150 7ff7e5d7d8d4 17126->17150 17128 7ff7e5d82e27 memcpy_s 17129 7ff7e5d7a574 __free_lconv_num 11 API calls 17128->17129 17130 7ff7e5d82e47 FreeEnvironmentStringsW 17129->17130 17130->17125 17132 7ff7e5d79408 17131->17132 17133 7ff7e5d7f014 _set_fmode 11 API calls 17132->17133 17138 7ff7e5d79443 17133->17138 17134 7ff7e5d7a574 __free_lconv_num 11 API calls 17135 7ff7e5d7929a 17134->17135 17135->17112 17136 7ff7e5d794c5 17137 7ff7e5d7a574 __free_lconv_num 11 API calls 17136->17137 17137->17135 17138->17136 17139 7ff7e5d7f014 _set_fmode 11 API calls 17138->17139 17140 7ff7e5d794b4 17138->17140 17145 7ff7e5d794e8 17138->17145 17146 7ff7e5d7944b 17138->17146 17148 7ff7e5d7a574 __free_lconv_num 11 API calls 17138->17148 17157 7ff7e5d80804 17138->17157 17139->17138 17166 7ff7e5d794fc 17140->17166 17144 7ff7e5d7a574 __free_lconv_num 11 API calls 17144->17146 17147 7ff7e5d7a954 _isindst 17 API calls 17145->17147 17146->17134 17149 7ff7e5d794fa 17147->17149 17148->17138 17151 7ff7e5d7d91f 17150->17151 17156 7ff7e5d7d8e3 _set_fmode 17150->17156 17152 7ff7e5d7b598 _set_fmode 11 API calls 17151->17152 17154 7ff7e5d7d91d 17152->17154 17153 7ff7e5d7d906 RtlAllocateHeap 17153->17154 17153->17156 17154->17128 17155 7ff7e5d83920 _set_fmode 2 API calls 17155->17156 17156->17151 17156->17153 17156->17155 17158 7ff7e5d8081b 17157->17158 17159 7ff7e5d80811 17157->17159 17160 7ff7e5d7b598 _set_fmode 11 API calls 17158->17160 17159->17158 17164 7ff7e5d80837 17159->17164 17161 7ff7e5d80823 17160->17161 17162 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17161->17162 17163 7ff7e5d8082f 17162->17163 17163->17138 17164->17163 17165 7ff7e5d7b598 _set_fmode 11 API calls 17164->17165 17165->17161 17168 7ff7e5d79501 17166->17168 17171 7ff7e5d794bc 17166->17171 17167 7ff7e5d7952a 17170 7ff7e5d7a574 __free_lconv_num 11 API calls 17167->17170 17168->17167 17169 7ff7e5d7a574 __free_lconv_num 11 API calls 17168->17169 17169->17168 17170->17171 17171->17144 17174 7ff7e5d7f810 17172->17174 17173 7ff7e5d7f863 17175 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17173->17175 17174->17173 17176 7ff7e5d7f8b6 17174->17176 17178 7ff7e5d7f88c 17175->17178 17457 7ff7e5d7f6e8 17176->17457 17178->16925 17465 7ff7e5d6af60 17179->17465 17182 7ff7e5d625db 17472 7ff7e5d61ed0 GetLastError 17182->17472 17183 7ff7e5d625f8 17467 7ff7e5d67990 FindFirstFileExW 17183->17467 17187 7ff7e5d6260b 17479 7ff7e5d67a10 CreateFileW 17187->17479 17188 7ff7e5d62665 17488 7ff7e5d67b50 17188->17488 17190 7ff7e5d6ac60 _log10_special 8 API calls 17193 7ff7e5d6269d 17190->17193 17193->17033 17201 7ff7e5d618d0 17193->17201 17194 7ff7e5d62673 17198 7ff7e5d61e50 78 API calls 17194->17198 17200 7ff7e5d625ee 17194->17200 17195 7ff7e5d6261c 17482 7ff7e5d61e50 17195->17482 17196 7ff7e5d62634 __vcrt_InitializeCriticalSectionEx 17196->17188 17198->17200 17200->17190 17202 7ff7e5d631c0 108 API calls 17201->17202 17203 7ff7e5d61905 17202->17203 17204 7ff7e5d61b96 17203->17204 17205 7ff7e5d66920 83 API calls 17203->17205 17206 7ff7e5d6ac60 _log10_special 8 API calls 17204->17206 17207 7ff7e5d6194b 17205->17207 17208 7ff7e5d61bb1 17206->17208 17240 7ff7e5d6197c 17207->17240 17512 7ff7e5d6ed7c 17207->17512 17208->16931 17208->16932 17210 7ff7e5d6e6f4 74 API calls 17210->17204 17211 7ff7e5d61965 17212 7ff7e5d61969 17211->17212 17213 7ff7e5d61981 17211->17213 17519 7ff7e5d61db0 17212->17519 17516 7ff7e5d6ea44 17213->17516 17217 7ff7e5d6199f 17218 7ff7e5d61db0 80 API calls 17217->17218 17218->17240 17219 7ff7e5d619b7 17220 7ff7e5d619ce 17219->17220 17221 7ff7e5d619e6 17219->17221 17222 7ff7e5d61db0 80 API calls 17220->17222 17223 7ff7e5d61bd0 49 API calls 17221->17223 17222->17240 17224 7ff7e5d619fd 17223->17224 17225 7ff7e5d61bd0 49 API calls 17224->17225 17226 7ff7e5d61a48 17225->17226 17227 7ff7e5d6ed7c 73 API calls 17226->17227 17228 7ff7e5d61a6c 17227->17228 17229 7ff7e5d61a99 17228->17229 17230 7ff7e5d61a81 17228->17230 17231 7ff7e5d6ea44 _fread_nolock 53 API calls 17229->17231 17232 7ff7e5d61db0 80 API calls 17230->17232 17233 7ff7e5d61aae 17231->17233 17232->17240 17234 7ff7e5d61acc 17233->17234 17235 7ff7e5d61ab4 17233->17235 17524 7ff7e5d6e7b8 17234->17524 17236 7ff7e5d61db0 80 API calls 17235->17236 17236->17240 17239 7ff7e5d61df0 81 API calls 17239->17240 17240->17210 17242 7ff7e5d670fa 17241->17242 17243 7ff7e5d67aa0 2 API calls 17242->17243 17244 7ff7e5d67119 GetEnvironmentVariableW 17243->17244 17245 7ff7e5d67136 ExpandEnvironmentStringsW 17244->17245 17246 7ff7e5d67182 17244->17246 17245->17246 17247 7ff7e5d67158 17245->17247 17248 7ff7e5d6ac60 _log10_special 8 API calls 17246->17248 17249 7ff7e5d67b50 2 API calls 17247->17249 17250 7ff7e5d67194 17248->17250 17251 7ff7e5d6716a 17249->17251 17250->16953 17252 7ff7e5d6ac60 _log10_special 8 API calls 17251->17252 17253 7ff7e5d6717a 17252->17253 17253->16953 17255 7ff7e5d67aa0 2 API calls 17254->17255 17256 7ff7e5d67274 17255->17256 17890 7ff7e5d78284 17256->17890 17258 7ff7e5d67286 __std_exception_copy 17258->16967 17260 7ff7e5d61bf5 17259->17260 17261 7ff7e5d74a14 49 API calls 17260->17261 17262 7ff7e5d61c18 17261->17262 17262->16981 17264 7ff7e5d67745 17263->17264 17908 7ff7e5d66dd0 GetCurrentProcess OpenProcessToken 17264->17908 17267 7ff7e5d66dd0 7 API calls 17268 7ff7e5d67771 17267->17268 17269 7ff7e5d6778a 17268->17269 17270 7ff7e5d677a4 17268->17270 17918 7ff7e5d66ec0 17269->17918 17272 7ff7e5d66ec0 48 API calls 17270->17272 17273 7ff7e5d677b7 LocalFree LocalFree 17272->17273 17275 7ff7e5d677d3 17273->17275 17277 7ff7e5d677df 17273->17277 17276 7ff7e5d61e50 78 API calls 17275->17276 17276->17277 17278 7ff7e5d6ac60 _log10_special 8 API calls 17277->17278 17279 7ff7e5d62a89 17278->17279 17279->16980 17280 7ff7e5d66f20 17279->17280 17281 7ff7e5d66f38 17280->17281 17282 7ff7e5d66f5c 17281->17282 17283 7ff7e5d66fba GetTempPathW GetCurrentProcessId 17281->17283 17285 7ff7e5d670f0 14 API calls 17282->17285 18116 7ff7e5d678b0 17283->18116 17286 7ff7e5d66f68 17285->17286 18123 7ff7e5d66a50 17286->18123 17291 7ff7e5d66fa8 __std_exception_copy 17312 7ff7e5d67094 __std_exception_copy 17291->17312 17293 7ff7e5d66fe8 __std_exception_copy 17299 7ff7e5d67025 __std_exception_copy 17293->17299 18120 7ff7e5d78bbc 17293->18120 17294 7ff7e5d78284 38 API calls 17295 7ff7e5d66f8e __std_exception_copy 17294->17295 17295->17283 17301 7ff7e5d66f9c 17295->17301 17298 7ff7e5d6ac60 _log10_special 8 API calls 17300 7ff7e5d670d5 17298->17300 17304 7ff7e5d67aa0 2 API calls 17299->17304 17299->17312 17300->16981 17303 7ff7e5d61e50 78 API calls 17301->17303 17303->17291 17305 7ff7e5d67071 17304->17305 17306 7ff7e5d670a9 17305->17306 17307 7ff7e5d67076 17305->17307 17309 7ff7e5d78284 38 API calls 17306->17309 17308 7ff7e5d67aa0 2 API calls 17307->17308 17310 7ff7e5d67086 17308->17310 17309->17312 17311 7ff7e5d78284 38 API calls 17310->17311 17311->17312 17312->17298 17314 7ff7e5d67ac2 MultiByteToWideChar 17313->17314 17317 7ff7e5d67ae6 17313->17317 17315 7ff7e5d67afc __std_exception_copy 17314->17315 17314->17317 17315->16976 17316 7ff7e5d67b03 MultiByteToWideChar 17316->17315 17317->17315 17317->17316 17319 7ff7e5d657f5 17318->17319 17320 7ff7e5d62b44 17319->17320 17321 7ff7e5d61db0 80 API calls 17319->17321 17322 7ff7e5d65d80 17320->17322 17321->17320 17323 7ff7e5d65dca __std_exception_copy 17322->17323 17324 7ff7e5d65db0 17322->17324 17323->16995 17324->17323 18387 7ff7e5d61420 17324->18387 17326 7ff7e5d65dd4 17326->17323 17327 7ff7e5d63230 49 API calls 17326->17327 17328 7ff7e5d65df6 17327->17328 17329 7ff7e5d63230 49 API calls 17328->17329 17333 7ff7e5d65dfb 17328->17333 17331 7ff7e5d65e1a 17329->17331 17330 7ff7e5d61df0 81 API calls 17330->17323 17332 7ff7e5d63230 49 API calls 17331->17332 17331->17333 17332->17333 17333->17330 17334 7ff7e5d65eaf __std_exception_copy memcpy_s 17333->17334 17334->16995 17346 7ff7e5d622ae memcpy_s 17335->17346 17336 7ff7e5d6ac60 _log10_special 8 API calls 17338 7ff7e5d6254e 17336->17338 17337 7ff7e5d624a7 17337->17336 17338->17033 17354 7ff7e5d676c0 LocalFree 17338->17354 17340 7ff7e5d61bd0 49 API calls 17340->17346 17341 7ff7e5d624c9 17343 7ff7e5d61df0 81 API calls 17341->17343 17343->17337 17345 7ff7e5d624a9 17349 7ff7e5d61df0 81 API calls 17345->17349 17346->17337 17346->17340 17346->17341 17346->17345 17348 7ff7e5d61df0 81 API calls 17346->17348 17352 7ff7e5d624b7 17346->17352 18448 7ff7e5d63160 17346->18448 18454 7ff7e5d667b0 17346->18454 18465 7ff7e5d615a0 17346->18465 18503 7ff7e5d65b60 17346->18503 18507 7ff7e5d62d90 17346->18507 18551 7ff7e5d63050 17346->18551 17348->17346 17349->17337 17353 7ff7e5d61df0 81 API calls 17352->17353 17353->17337 17356 7ff7e5d631cc 17355->17356 17357 7ff7e5d67aa0 2 API calls 17356->17357 17358 7ff7e5d631f4 17357->17358 17359 7ff7e5d67aa0 2 API calls 17358->17359 17360 7ff7e5d63207 17359->17360 18687 7ff7e5d76064 17360->18687 17363 7ff7e5d6ac60 _log10_special 8 API calls 17364 7ff7e5d62846 17363->17364 17364->16937 17365 7ff7e5d66920 17364->17365 17366 7ff7e5d66944 17365->17366 17367 7ff7e5d6ed7c 73 API calls 17366->17367 17372 7ff7e5d66a1b __std_exception_copy 17366->17372 17368 7ff7e5d66960 17367->17368 17368->17372 19078 7ff7e5d77914 17368->19078 17370 7ff7e5d6ed7c 73 API calls 17373 7ff7e5d66975 17370->17373 17371 7ff7e5d6ea44 _fread_nolock 53 API calls 17371->17373 17372->16944 17373->17370 17373->17371 17373->17372 17375 7ff7e5d6e724 17374->17375 19093 7ff7e5d6e4d0 17375->19093 17377 7ff7e5d6e73d 17377->16937 17379 7ff7e5d61e1a 17378->17379 17380 7ff7e5d61d60 78 API calls 17379->17380 17381 7ff7e5d61e2c 17380->17381 17382 7ff7e5d61c30 80 API calls 17381->17382 17383 7ff7e5d61e3b 17382->17383 17383->17033 17385 7ff7e5d62999 17384->17385 17386 7ff7e5d676f4 GetCurrentProcessId GetWindowThreadProcessId 17384->17386 17385->16942 17386->17385 17387 7ff7e5d67713 17386->17387 17387->17385 17388 7ff7e5d67719 ShowWindow 17387->17388 17388->17385 17390 7ff7e5d67897 17389->17390 17391 7ff7e5d67864 GetCurrentProcessId GetWindowThreadProcessId 17389->17391 17390->16942 17391->17390 17392 7ff7e5d67883 17391->17392 17392->17390 17393 7ff7e5d67889 ShowWindow 17392->17393 17393->17390 17395 7ff7e5d61bd0 49 API calls 17394->17395 17396 7ff7e5d630fd 17395->17396 17396->16961 17398 7ff7e5d61bd0 49 API calls 17397->17398 17399 7ff7e5d63260 17398->17399 17399->16981 17410 7ff7e5d6583c 17400->17410 17401 7ff7e5d6ac60 _log10_special 8 API calls 17402 7ff7e5d65971 17401->17402 17402->16999 17403 7ff7e5d617c0 45 API calls 17403->17410 17404 7ff7e5d659dd 17405 7ff7e5d61df0 81 API calls 17404->17405 17418 7ff7e5d6595f 17405->17418 17406 7ff7e5d61bd0 49 API calls 17406->17410 17407 7ff7e5d659ca 17409 7ff7e5d61df0 81 API calls 17407->17409 17408 7ff7e5d63160 10 API calls 17408->17410 17409->17418 17410->17403 17410->17404 17410->17406 17410->17407 17410->17408 17411 7ff7e5d6598d 17410->17411 17412 7ff7e5d667b0 52 API calls 17410->17412 17414 7ff7e5d61df0 81 API calls 17410->17414 17415 7ff7e5d659b7 17410->17415 17416 7ff7e5d615a0 115 API calls 17410->17416 17410->17418 17419 7ff7e5d659a0 17410->17419 17413 7ff7e5d61df0 81 API calls 17411->17413 17412->17410 17413->17418 17414->17410 17417 7ff7e5d61df0 81 API calls 17415->17417 17416->17410 17417->17418 17418->17401 17420 7ff7e5d61df0 81 API calls 17419->17420 17420->17418 19104 7ff7e5d67480 17421->19104 17423 7ff7e5d65c09 17424 7ff7e5d67480 3 API calls 17423->17424 17425 7ff7e5d65c1c 17424->17425 17426 7ff7e5d65c4f 17425->17426 17427 7ff7e5d65c34 17425->17427 17428 7ff7e5d61df0 81 API calls 17426->17428 19108 7ff7e5d66120 GetProcAddress 17427->19108 17430 7ff7e5d62b85 17428->17430 17430->17012 17431 7ff7e5d65f50 17430->17431 17432 7ff7e5d65f6d 17431->17432 17433 7ff7e5d61df0 81 API calls 17432->17433 17436 7ff7e5d65fd8 17432->17436 17434 7ff7e5d65fc0 17433->17434 17435 7ff7e5d65a00 FreeLibrary 17434->17435 17435->17436 17436->17012 17438 7ff7e5d65b56 17437->17438 17443 7ff7e5d65a12 17437->17443 17438->16997 17439 7ff7e5d65b2a 17441 7ff7e5d65b42 17439->17441 19172 7ff7e5d67460 FreeLibrary 17439->19172 17441->16997 17443->17439 19171 7ff7e5d67460 FreeLibrary 17443->19171 19173 7ff7e5d64d70 17444->19173 17447 7ff7e5d62279 17453 7ff7e5d62560 17447->17453 17449 7ff7e5d62261 17449->17447 19243 7ff7e5d64a80 17449->19243 17451 7ff7e5d6226d 17451->17447 19252 7ff7e5d64c10 17451->19252 17454 7ff7e5d6256e 17453->17454 17455 7ff7e5d6257f 17454->17455 19461 7ff7e5d67460 FreeLibrary 17454->19461 17455->17009 17464 7ff7e5d7522c EnterCriticalSection 17457->17464 17466 7ff7e5d625ac GetModuleFileNameW 17465->17466 17466->17182 17466->17183 17468 7ff7e5d679cf FindClose 17467->17468 17469 7ff7e5d679e2 17467->17469 17468->17469 17470 7ff7e5d6ac60 _log10_special 8 API calls 17469->17470 17471 7ff7e5d62602 17470->17471 17471->17187 17471->17188 17473 7ff7e5d61f0b 17472->17473 17493 7ff7e5d748f0 17473->17493 17475 7ff7e5d61f29 FormatMessageW 17476 7ff7e5d61f73 17475->17476 17500 7ff7e5d61d60 17476->17500 17480 7ff7e5d62618 17479->17480 17481 7ff7e5d67a50 GetFinalPathNameByHandleW CloseHandle 17479->17481 17480->17195 17480->17196 17481->17480 17483 7ff7e5d61e70 17482->17483 17484 7ff7e5d61d60 78 API calls 17483->17484 17485 7ff7e5d61e8e 17484->17485 17486 7ff7e5d748f0 78 API calls 17485->17486 17487 7ff7e5d61ec0 17486->17487 17487->17200 17489 7ff7e5d67b7a WideCharToMultiByte 17488->17489 17490 7ff7e5d67ba5 17488->17490 17489->17490 17492 7ff7e5d67bbb __std_exception_copy 17489->17492 17491 7ff7e5d67bc2 WideCharToMultiByte 17490->17491 17490->17492 17491->17492 17492->17194 17495 7ff7e5d7491a 17493->17495 17494 7ff7e5d74952 17496 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17494->17496 17495->17494 17497 7ff7e5d74985 17495->17497 17499 7ff7e5d7497b 17496->17499 17504 7ff7e5d6f228 17497->17504 17499->17475 17501 7ff7e5d61d86 17500->17501 17502 7ff7e5d748f0 78 API calls 17501->17502 17503 7ff7e5d61d9c 17502->17503 17503->17200 17511 7ff7e5d7522c EnterCriticalSection 17504->17511 17513 7ff7e5d6edac 17512->17513 17530 7ff7e5d6eb0c 17513->17530 17515 7ff7e5d6edc5 17515->17211 17542 7ff7e5d6ea64 17516->17542 17556 7ff7e5d61c30 17519->17556 17525 7ff7e5d6e7c1 17524->17525 17527 7ff7e5d61ae6 17524->17527 17526 7ff7e5d7b598 _set_fmode 11 API calls 17525->17526 17528 7ff7e5d6e7c6 17526->17528 17527->17239 17527->17240 17529 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17528->17529 17529->17527 17531 7ff7e5d6eb76 17530->17531 17532 7ff7e5d6eb36 17530->17532 17531->17532 17534 7ff7e5d6eb82 17531->17534 17533 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17532->17533 17536 7ff7e5d6eb5d 17533->17536 17541 7ff7e5d7522c EnterCriticalSection 17534->17541 17536->17515 17543 7ff7e5d6ea8e 17542->17543 17554 7ff7e5d61999 17542->17554 17544 7ff7e5d6ea9d memcpy_s 17543->17544 17545 7ff7e5d6eada 17543->17545 17543->17554 17547 7ff7e5d7b598 _set_fmode 11 API calls 17544->17547 17555 7ff7e5d7522c EnterCriticalSection 17545->17555 17549 7ff7e5d6eab2 17547->17549 17551 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17549->17551 17551->17554 17554->17217 17554->17219 17557 7ff7e5d61c40 17556->17557 17573 7ff7e5d74a14 17557->17573 17560 7ff7e5d67aa0 2 API calls 17561 7ff7e5d61ca0 17560->17561 17562 7ff7e5d61cc8 17561->17562 17563 7ff7e5d61caa 17561->17563 17591 7ff7e5d61d10 17562->17591 17565 7ff7e5d61d60 78 API calls 17563->17565 17566 7ff7e5d61cc6 17565->17566 17567 7ff7e5d6ac60 _log10_special 8 API calls 17566->17567 17568 7ff7e5d61cf1 17567->17568 17569 7ff7e5d75380 17568->17569 17570 7ff7e5d753ab 17569->17570 17876 7ff7e5d75244 17570->17876 17574 7ff7e5d74a6e 17573->17574 17575 7ff7e5d74a93 17574->17575 17577 7ff7e5d74acf 17574->17577 17576 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17575->17576 17590 7ff7e5d74abd 17576->17590 17595 7ff7e5d71908 17577->17595 17580 7ff7e5d6ac60 _log10_special 8 API calls 17582 7ff7e5d61c88 17580->17582 17581 7ff7e5d7a574 __free_lconv_num 11 API calls 17581->17590 17582->17560 17583 7ff7e5d74bac 17583->17581 17584 7ff7e5d74b81 17587 7ff7e5d7a574 __free_lconv_num 11 API calls 17584->17587 17585 7ff7e5d74bd0 17585->17583 17586 7ff7e5d74bda 17585->17586 17589 7ff7e5d7a574 __free_lconv_num 11 API calls 17586->17589 17587->17590 17588 7ff7e5d74b78 17588->17583 17588->17584 17589->17590 17590->17580 17592 7ff7e5d61d36 17591->17592 17861 7ff7e5d747cc 17592->17861 17594 7ff7e5d61d4c 17594->17566 17596 7ff7e5d71946 17595->17596 17597 7ff7e5d71936 17595->17597 17598 7ff7e5d7194f 17596->17598 17605 7ff7e5d7197d 17596->17605 17599 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17597->17599 17600 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17598->17600 17601 7ff7e5d71975 17599->17601 17600->17601 17601->17583 17601->17584 17601->17585 17601->17588 17604 7ff7e5d71c2c 17607 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17604->17607 17605->17597 17605->17601 17605->17604 17609 7ff7e5d72cd8 17605->17609 17635 7ff7e5d723b8 17605->17635 17665 7ff7e5d71450 17605->17665 17668 7ff7e5d743c0 17605->17668 17607->17597 17610 7ff7e5d72d8d 17609->17610 17611 7ff7e5d72d1a 17609->17611 17614 7ff7e5d72de7 17610->17614 17615 7ff7e5d72d92 17610->17615 17612 7ff7e5d72db7 17611->17612 17613 7ff7e5d72d20 17611->17613 17692 7ff7e5d70278 17612->17692 17620 7ff7e5d72d25 17613->17620 17623 7ff7e5d72df6 17613->17623 17614->17612 17614->17623 17633 7ff7e5d72d50 17614->17633 17616 7ff7e5d72dc7 17615->17616 17617 7ff7e5d72d94 17615->17617 17699 7ff7e5d6fe68 17616->17699 17619 7ff7e5d72d35 17617->17619 17626 7ff7e5d72da3 17617->17626 17634 7ff7e5d72e25 17619->17634 17674 7ff7e5d73b00 17619->17674 17620->17619 17624 7ff7e5d72d68 17620->17624 17620->17633 17623->17634 17706 7ff7e5d70688 17623->17706 17624->17634 17684 7ff7e5d73fbc 17624->17684 17626->17612 17627 7ff7e5d72da8 17626->17627 17627->17634 17688 7ff7e5d74154 17627->17688 17629 7ff7e5d6ac60 _log10_special 8 API calls 17631 7ff7e5d730bb 17629->17631 17631->17605 17633->17634 17713 7ff7e5d7eb30 17633->17713 17634->17629 17636 7ff7e5d723d9 17635->17636 17637 7ff7e5d723c3 17635->17637 17638 7ff7e5d72417 17636->17638 17641 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17636->17641 17637->17638 17639 7ff7e5d72d8d 17637->17639 17640 7ff7e5d72d1a 17637->17640 17638->17605 17644 7ff7e5d72de7 17639->17644 17645 7ff7e5d72d92 17639->17645 17642 7ff7e5d72db7 17640->17642 17643 7ff7e5d72d20 17640->17643 17641->17638 17648 7ff7e5d70278 38 API calls 17642->17648 17650 7ff7e5d72d25 17643->17650 17653 7ff7e5d72df6 17643->17653 17644->17642 17644->17653 17660 7ff7e5d72d50 17644->17660 17646 7ff7e5d72dc7 17645->17646 17647 7ff7e5d72d94 17645->17647 17651 7ff7e5d6fe68 38 API calls 17646->17651 17649 7ff7e5d72d35 17647->17649 17656 7ff7e5d72da3 17647->17656 17648->17660 17652 7ff7e5d73b00 47 API calls 17649->17652 17664 7ff7e5d72e25 17649->17664 17650->17649 17654 7ff7e5d72d68 17650->17654 17650->17660 17651->17660 17652->17660 17655 7ff7e5d70688 38 API calls 17653->17655 17653->17664 17657 7ff7e5d73fbc 47 API calls 17654->17657 17654->17664 17655->17660 17656->17642 17658 7ff7e5d72da8 17656->17658 17657->17660 17661 7ff7e5d74154 37 API calls 17658->17661 17658->17664 17659 7ff7e5d6ac60 _log10_special 8 API calls 17662 7ff7e5d730bb 17659->17662 17663 7ff7e5d7eb30 47 API calls 17660->17663 17660->17664 17661->17660 17662->17605 17663->17660 17664->17659 17798 7ff7e5d6f43c 17665->17798 17669 7ff7e5d743d7 17668->17669 17815 7ff7e5d7dc90 17669->17815 17675 7ff7e5d73b22 17674->17675 17723 7ff7e5d6f2a8 17675->17723 17680 7ff7e5d743c0 45 API calls 17682 7ff7e5d73c5f 17680->17682 17681 7ff7e5d743c0 45 API calls 17683 7ff7e5d73ce8 17681->17683 17682->17681 17682->17682 17682->17683 17683->17633 17685 7ff7e5d73fd4 17684->17685 17687 7ff7e5d7403c 17684->17687 17686 7ff7e5d7eb30 47 API calls 17685->17686 17685->17687 17686->17687 17687->17633 17691 7ff7e5d74175 17688->17691 17689 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17690 7ff7e5d741a6 17689->17690 17690->17633 17691->17689 17691->17690 17694 7ff7e5d702ab 17692->17694 17693 7ff7e5d702da 17695 7ff7e5d6f2a8 12 API calls 17693->17695 17698 7ff7e5d70317 17693->17698 17694->17693 17696 7ff7e5d70397 17694->17696 17695->17698 17697 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17696->17697 17697->17698 17698->17633 17701 7ff7e5d6fe9b 17699->17701 17700 7ff7e5d6feca 17702 7ff7e5d6f2a8 12 API calls 17700->17702 17705 7ff7e5d6ff07 17700->17705 17701->17700 17703 7ff7e5d6ff87 17701->17703 17702->17705 17704 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17703->17704 17704->17705 17705->17633 17707 7ff7e5d706bb 17706->17707 17708 7ff7e5d706ea 17707->17708 17711 7ff7e5d707a7 17707->17711 17709 7ff7e5d70727 17708->17709 17710 7ff7e5d6f2a8 12 API calls 17708->17710 17709->17633 17710->17709 17712 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17711->17712 17712->17709 17714 7ff7e5d7eb58 17713->17714 17716 7ff7e5d743c0 45 API calls 17714->17716 17717 7ff7e5d7eb9d 17714->17717 17719 7ff7e5d7eb5d memcpy_s 17714->17719 17721 7ff7e5d7eb86 memcpy_s 17714->17721 17715 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17715->17719 17716->17717 17717->17719 17717->17721 17795 7ff7e5d80b78 17717->17795 17719->17633 17721->17715 17721->17719 17724 7ff7e5d6f2df 17723->17724 17725 7ff7e5d6f2ce 17723->17725 17724->17725 17726 7ff7e5d7d8d4 _fread_nolock 12 API calls 17724->17726 17731 7ff7e5d7e848 17725->17731 17727 7ff7e5d6f30c 17726->17727 17728 7ff7e5d6f320 17727->17728 17729 7ff7e5d7a574 __free_lconv_num 11 API calls 17727->17729 17730 7ff7e5d7a574 __free_lconv_num 11 API calls 17728->17730 17729->17728 17730->17725 17732 7ff7e5d7e898 17731->17732 17733 7ff7e5d7e865 17731->17733 17732->17733 17736 7ff7e5d7e8ca 17732->17736 17734 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17733->17734 17735 7ff7e5d73c3d 17734->17735 17735->17680 17735->17682 17742 7ff7e5d7e9dd 17736->17742 17746 7ff7e5d7e912 17736->17746 17737 7ff7e5d7eacf 17786 7ff7e5d7dd34 17737->17786 17739 7ff7e5d7ea95 17779 7ff7e5d7e0cc 17739->17779 17741 7ff7e5d7ea64 17772 7ff7e5d7e3ac 17741->17772 17742->17737 17742->17739 17742->17741 17743 7ff7e5d7ea27 17742->17743 17745 7ff7e5d7ea1d 17742->17745 17762 7ff7e5d7e5dc 17743->17762 17745->17739 17748 7ff7e5d7ea22 17745->17748 17746->17735 17753 7ff7e5d7a4bc 17746->17753 17748->17741 17748->17743 17751 7ff7e5d7a954 _isindst 17 API calls 17752 7ff7e5d7eb2c 17751->17752 17754 7ff7e5d7a4c9 17753->17754 17755 7ff7e5d7a4d3 17753->17755 17754->17755 17760 7ff7e5d7a4ee 17754->17760 17756 7ff7e5d7b598 _set_fmode 11 API calls 17755->17756 17757 7ff7e5d7a4da 17756->17757 17758 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17757->17758 17759 7ff7e5d7a4e6 17758->17759 17759->17735 17759->17751 17760->17759 17761 7ff7e5d7b598 _set_fmode 11 API calls 17760->17761 17761->17757 17763 7ff7e5d8443c 38 API calls 17762->17763 17764 7ff7e5d7e629 17763->17764 17765 7ff7e5d83e84 37 API calls 17764->17765 17766 7ff7e5d7e684 17765->17766 17767 7ff7e5d7e6d9 17766->17767 17769 7ff7e5d7e6a4 17766->17769 17771 7ff7e5d7e688 17766->17771 17768 7ff7e5d7e1c8 45 API calls 17767->17768 17768->17771 17770 7ff7e5d7e484 45 API calls 17769->17770 17770->17771 17771->17735 17773 7ff7e5d8443c 38 API calls 17772->17773 17774 7ff7e5d7e3f6 17773->17774 17775 7ff7e5d83e84 37 API calls 17774->17775 17776 7ff7e5d7e446 17775->17776 17777 7ff7e5d7e44a 17776->17777 17778 7ff7e5d7e484 45 API calls 17776->17778 17777->17735 17778->17777 17780 7ff7e5d8443c 38 API calls 17779->17780 17781 7ff7e5d7e117 17780->17781 17782 7ff7e5d83e84 37 API calls 17781->17782 17783 7ff7e5d7e16f 17782->17783 17784 7ff7e5d7e173 17783->17784 17785 7ff7e5d7e1c8 45 API calls 17783->17785 17784->17735 17785->17784 17787 7ff7e5d7ddac 17786->17787 17788 7ff7e5d7dd79 17786->17788 17790 7ff7e5d7ddc4 17787->17790 17792 7ff7e5d7de45 17787->17792 17789 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17788->17789 17794 7ff7e5d7dda5 memcpy_s 17789->17794 17791 7ff7e5d7e0cc 46 API calls 17790->17791 17791->17794 17793 7ff7e5d743c0 45 API calls 17792->17793 17792->17794 17793->17794 17794->17735 17797 7ff7e5d80b9c WideCharToMultiByte 17795->17797 17799 7ff7e5d6f47b 17798->17799 17800 7ff7e5d6f469 17798->17800 17802 7ff7e5d6f488 17799->17802 17807 7ff7e5d6f4c5 17799->17807 17801 7ff7e5d7b598 _set_fmode 11 API calls 17800->17801 17803 7ff7e5d6f46e 17801->17803 17805 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17802->17805 17804 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17803->17804 17806 7ff7e5d6f479 17804->17806 17805->17806 17806->17605 17808 7ff7e5d6f56e 17807->17808 17809 7ff7e5d7b598 _set_fmode 11 API calls 17807->17809 17808->17806 17810 7ff7e5d7b598 _set_fmode 11 API calls 17808->17810 17811 7ff7e5d6f563 17809->17811 17812 7ff7e5d6f618 17810->17812 17813 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17811->17813 17814 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17812->17814 17813->17808 17814->17806 17816 7ff7e5d7dca9 17815->17816 17817 7ff7e5d743ff 17815->17817 17816->17817 17823 7ff7e5d83694 17816->17823 17819 7ff7e5d7dcfc 17817->17819 17820 7ff7e5d7440f 17819->17820 17821 7ff7e5d7dd15 17819->17821 17820->17605 17821->17820 17858 7ff7e5d829e0 17821->17858 17835 7ff7e5d7b160 GetLastError 17823->17835 17826 7ff7e5d836ee 17826->17817 17836 7ff7e5d7b184 FlsGetValue 17835->17836 17837 7ff7e5d7b1a1 FlsSetValue 17835->17837 17838 7ff7e5d7b191 17836->17838 17840 7ff7e5d7b19b 17836->17840 17837->17838 17839 7ff7e5d7b1b3 17837->17839 17841 7ff7e5d7b20d SetLastError 17838->17841 17842 7ff7e5d7f014 _set_fmode 11 API calls 17839->17842 17840->17837 17843 7ff7e5d7b22d 17841->17843 17844 7ff7e5d7b21a 17841->17844 17845 7ff7e5d7b1c2 17842->17845 17846 7ff7e5d7a51c __CxxCallCatchBlock 38 API calls 17843->17846 17844->17826 17857 7ff7e5d80668 EnterCriticalSection 17844->17857 17847 7ff7e5d7b1e0 FlsSetValue 17845->17847 17848 7ff7e5d7b1d0 FlsSetValue 17845->17848 17849 7ff7e5d7b232 17846->17849 17851 7ff7e5d7b1fe 17847->17851 17852 7ff7e5d7b1ec FlsSetValue 17847->17852 17850 7ff7e5d7b1d9 17848->17850 17853 7ff7e5d7a574 __free_lconv_num 11 API calls 17850->17853 17854 7ff7e5d7af0c _set_fmode 11 API calls 17851->17854 17852->17850 17853->17838 17855 7ff7e5d7b206 17854->17855 17856 7ff7e5d7a574 __free_lconv_num 11 API calls 17855->17856 17856->17841 17859 7ff7e5d7b160 __CxxCallCatchBlock 45 API calls 17858->17859 17860 7ff7e5d829e9 17859->17860 17862 7ff7e5d747f6 17861->17862 17863 7ff7e5d7482e 17862->17863 17865 7ff7e5d74861 17862->17865 17864 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17863->17864 17867 7ff7e5d74857 17864->17867 17868 7ff7e5d6f268 17865->17868 17867->17594 17875 7ff7e5d7522c EnterCriticalSection 17868->17875 17889 7ff7e5d7845c EnterCriticalSection 17876->17889 17891 7ff7e5d782a4 17890->17891 17892 7ff7e5d78291 17890->17892 17900 7ff7e5d77f08 17891->17900 17893 7ff7e5d7b598 _set_fmode 11 API calls 17892->17893 17895 7ff7e5d78296 17893->17895 17897 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 17895->17897 17898 7ff7e5d782a2 17897->17898 17898->17258 17907 7ff7e5d80668 EnterCriticalSection 17900->17907 17909 7ff7e5d66e93 __std_exception_copy 17908->17909 17910 7ff7e5d66e11 GetTokenInformation 17908->17910 17913 7ff7e5d66eac 17909->17913 17914 7ff7e5d66ea6 CloseHandle 17909->17914 17911 7ff7e5d66e3d 17910->17911 17912 7ff7e5d66e32 GetLastError 17910->17912 17911->17909 17915 7ff7e5d66e59 GetTokenInformation 17911->17915 17912->17909 17912->17911 17913->17267 17914->17913 17915->17909 17916 7ff7e5d66e7c 17915->17916 17916->17909 17917 7ff7e5d66e86 ConvertSidToStringSidW 17916->17917 17917->17909 17919 7ff7e5d66ee5 17918->17919 17922 7ff7e5d74c68 17919->17922 17924 7ff7e5d74cc2 17922->17924 17923 7ff7e5d74ce7 17926 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17923->17926 17924->17923 17925 7ff7e5d74d23 17924->17925 17940 7ff7e5d71f58 17925->17940 17928 7ff7e5d74d11 17926->17928 17929 7ff7e5d6ac60 _log10_special 8 API calls 17928->17929 17932 7ff7e5d66f08 17929->17932 17930 7ff7e5d7a574 __free_lconv_num 11 API calls 17930->17928 17932->17273 17933 7ff7e5d74dd9 17937 7ff7e5d7a574 __free_lconv_num 11 API calls 17933->17937 17934 7ff7e5d74e2a 17936 7ff7e5d74e34 17934->17936 17938 7ff7e5d74e04 17934->17938 17935 7ff7e5d74dd0 17935->17933 17935->17938 17939 7ff7e5d7a574 __free_lconv_num 11 API calls 17936->17939 17937->17928 17938->17930 17939->17928 17941 7ff7e5d71f96 17940->17941 17942 7ff7e5d71f86 17940->17942 17943 7ff7e5d71f9f 17941->17943 17948 7ff7e5d71fcd 17941->17948 17944 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17942->17944 17945 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17943->17945 17946 7ff7e5d71fc5 17944->17946 17945->17946 17946->17933 17946->17934 17946->17935 17946->17938 17948->17942 17948->17946 17951 7ff7e5d735a0 17948->17951 17984 7ff7e5d726f0 17948->17984 18021 7ff7e5d714e0 17948->18021 17952 7ff7e5d73653 17951->17952 17953 7ff7e5d735e2 17951->17953 17956 7ff7e5d736ac 17952->17956 17957 7ff7e5d73658 17952->17957 17954 7ff7e5d7367d 17953->17954 17955 7ff7e5d735e8 17953->17955 18040 7ff7e5d7047c 17954->18040 17958 7ff7e5d735ed 17955->17958 17959 7ff7e5d7361c 17955->17959 17962 7ff7e5d736b6 17956->17962 17963 7ff7e5d736c3 17956->17963 17968 7ff7e5d736bb 17956->17968 17960 7ff7e5d7368d 17957->17960 17961 7ff7e5d7365a 17957->17961 17958->17963 17965 7ff7e5d735f3 17958->17965 17959->17965 17959->17968 18047 7ff7e5d7006c 17960->18047 17966 7ff7e5d735fc 17961->17966 17972 7ff7e5d73669 17961->17972 17962->17954 17962->17968 18054 7ff7e5d742a8 17963->18054 17965->17966 17970 7ff7e5d73617 17965->17970 17973 7ff7e5d7362e 17965->17973 17982 7ff7e5d736ec 17966->17982 18024 7ff7e5d73d54 17966->18024 17968->17982 18058 7ff7e5d7088c 17968->18058 17980 7ff7e5d743c0 45 API calls 17970->17980 17970->17982 17983 7ff7e5d738d8 17970->17983 17972->17954 17975 7ff7e5d7366e 17972->17975 17973->17982 18034 7ff7e5d74090 17973->18034 17978 7ff7e5d74154 37 API calls 17975->17978 17975->17982 17977 7ff7e5d6ac60 _log10_special 8 API calls 17979 7ff7e5d739e6 17977->17979 17978->17970 17979->17948 17980->17983 17982->17977 17983->17982 18065 7ff7e5d7ece0 17983->18065 17985 7ff7e5d726fe 17984->17985 17986 7ff7e5d72714 17984->17986 17987 7ff7e5d73653 17985->17987 17988 7ff7e5d735e2 17985->17988 17990 7ff7e5d72754 17985->17990 17989 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 17986->17989 17986->17990 17993 7ff7e5d736ac 17987->17993 17994 7ff7e5d73658 17987->17994 17991 7ff7e5d7367d 17988->17991 17992 7ff7e5d735e8 17988->17992 17989->17990 17990->17948 18001 7ff7e5d7047c 38 API calls 17991->18001 17995 7ff7e5d735ed 17992->17995 17996 7ff7e5d7361c 17992->17996 17999 7ff7e5d736b6 17993->17999 18000 7ff7e5d736c3 17993->18000 18006 7ff7e5d736bb 17993->18006 17997 7ff7e5d7368d 17994->17997 17998 7ff7e5d7365a 17994->17998 17995->18000 18002 7ff7e5d735f3 17995->18002 17996->18002 17996->18006 18004 7ff7e5d7006c 38 API calls 17997->18004 18003 7ff7e5d735fc 17998->18003 18008 7ff7e5d73669 17998->18008 17999->17991 17999->18006 18007 7ff7e5d742a8 45 API calls 18000->18007 18017 7ff7e5d73617 18001->18017 18002->18003 18009 7ff7e5d7362e 18002->18009 18002->18017 18005 7ff7e5d73d54 47 API calls 18003->18005 18019 7ff7e5d736ec 18003->18019 18004->18017 18005->18017 18010 7ff7e5d7088c 38 API calls 18006->18010 18006->18019 18007->18017 18008->17991 18011 7ff7e5d7366e 18008->18011 18012 7ff7e5d74090 46 API calls 18009->18012 18009->18019 18010->18017 18014 7ff7e5d74154 37 API calls 18011->18014 18011->18019 18012->18017 18013 7ff7e5d6ac60 _log10_special 8 API calls 18015 7ff7e5d739e6 18013->18015 18014->18017 18015->17948 18016 7ff7e5d743c0 45 API calls 18020 7ff7e5d738d8 18016->18020 18017->18016 18017->18019 18017->18020 18018 7ff7e5d7ece0 46 API calls 18018->18020 18019->18013 18020->18018 18020->18019 18099 7ff7e5d6f6f0 18021->18099 18025 7ff7e5d73d7a 18024->18025 18026 7ff7e5d6f2a8 12 API calls 18025->18026 18027 7ff7e5d73dca 18026->18027 18028 7ff7e5d7e848 46 API calls 18027->18028 18029 7ff7e5d73e9d 18028->18029 18030 7ff7e5d73ebf 18029->18030 18031 7ff7e5d743c0 45 API calls 18029->18031 18032 7ff7e5d743c0 45 API calls 18030->18032 18033 7ff7e5d73f4d 18030->18033 18031->18030 18032->18033 18033->17970 18036 7ff7e5d740c5 18034->18036 18035 7ff7e5d7410a 18035->17970 18036->18035 18037 7ff7e5d740e3 18036->18037 18038 7ff7e5d743c0 45 API calls 18036->18038 18039 7ff7e5d7ece0 46 API calls 18037->18039 18038->18037 18039->18035 18041 7ff7e5d704af 18040->18041 18042 7ff7e5d704de 18041->18042 18044 7ff7e5d7059b 18041->18044 18046 7ff7e5d7051b 18042->18046 18077 7ff7e5d6f350 18042->18077 18045 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 18044->18045 18045->18046 18046->17970 18049 7ff7e5d7009f 18047->18049 18048 7ff7e5d700ce 18050 7ff7e5d6f350 12 API calls 18048->18050 18053 7ff7e5d7010b 18048->18053 18049->18048 18051 7ff7e5d7018b 18049->18051 18050->18053 18052 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 18051->18052 18052->18053 18053->17970 18055 7ff7e5d742eb 18054->18055 18057 7ff7e5d742ef __crtLCMapStringW 18055->18057 18085 7ff7e5d74344 18055->18085 18057->17970 18059 7ff7e5d708bf 18058->18059 18060 7ff7e5d708ee 18059->18060 18062 7ff7e5d709ab 18059->18062 18061 7ff7e5d6f350 12 API calls 18060->18061 18064 7ff7e5d7092b 18060->18064 18061->18064 18063 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 18062->18063 18063->18064 18064->17970 18066 7ff7e5d7ed11 18065->18066 18072 7ff7e5d7ed1f 18065->18072 18067 7ff7e5d7ed3f 18066->18067 18068 7ff7e5d743c0 45 API calls 18066->18068 18066->18072 18069 7ff7e5d7ed77 18067->18069 18070 7ff7e5d7ed50 18067->18070 18068->18067 18069->18072 18073 7ff7e5d7ee02 18069->18073 18074 7ff7e5d7eda1 18069->18074 18089 7ff7e5d80430 18070->18089 18072->17983 18075 7ff7e5d7fc30 _fread_nolock MultiByteToWideChar 18073->18075 18074->18072 18092 7ff7e5d7fc30 18074->18092 18075->18072 18078 7ff7e5d6f376 18077->18078 18079 7ff7e5d6f387 18077->18079 18078->18046 18079->18078 18080 7ff7e5d7d8d4 _fread_nolock 12 API calls 18079->18080 18081 7ff7e5d6f3b8 18080->18081 18082 7ff7e5d6f3cc 18081->18082 18084 7ff7e5d7a574 __free_lconv_num 11 API calls 18081->18084 18083 7ff7e5d7a574 __free_lconv_num 11 API calls 18082->18083 18083->18078 18084->18082 18086 7ff7e5d74362 18085->18086 18088 7ff7e5d7436a 18085->18088 18087 7ff7e5d743c0 45 API calls 18086->18087 18087->18088 18088->18057 18095 7ff7e5d87118 18089->18095 18094 7ff7e5d7fc39 MultiByteToWideChar 18092->18094 18097 7ff7e5d8717c 18095->18097 18096 7ff7e5d6ac60 _log10_special 8 API calls 18098 7ff7e5d8044d 18096->18098 18097->18096 18098->18072 18100 7ff7e5d6f737 18099->18100 18101 7ff7e5d6f725 18099->18101 18104 7ff7e5d6f745 18100->18104 18108 7ff7e5d6f781 18100->18108 18102 7ff7e5d7b598 _set_fmode 11 API calls 18101->18102 18103 7ff7e5d6f72a 18102->18103 18105 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18103->18105 18106 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 18104->18106 18107 7ff7e5d6f735 18105->18107 18106->18107 18107->17948 18109 7ff7e5d6fafd 18108->18109 18111 7ff7e5d7b598 _set_fmode 11 API calls 18108->18111 18109->18107 18110 7ff7e5d7b598 _set_fmode 11 API calls 18109->18110 18112 7ff7e5d6fd91 18110->18112 18113 7ff7e5d6faf2 18111->18113 18114 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18112->18114 18115 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18113->18115 18114->18107 18115->18109 18117 7ff7e5d678d5 18116->18117 18118 7ff7e5d74c68 48 API calls 18117->18118 18119 7ff7e5d678f4 18118->18119 18119->17293 18155 7ff7e5d787e8 18120->18155 18124 7ff7e5d66a5c 18123->18124 18125 7ff7e5d67aa0 2 API calls 18124->18125 18126 7ff7e5d66a7b 18125->18126 18127 7ff7e5d66a83 18126->18127 18128 7ff7e5d66a96 ExpandEnvironmentStringsW 18126->18128 18129 7ff7e5d61e50 78 API calls 18127->18129 18130 7ff7e5d66abc __std_exception_copy 18128->18130 18131 7ff7e5d66a8f __std_exception_copy 18129->18131 18132 7ff7e5d66ad3 18130->18132 18133 7ff7e5d66ac0 18130->18133 18134 7ff7e5d6ac60 _log10_special 8 API calls 18131->18134 18137 7ff7e5d66b3f 18132->18137 18140 7ff7e5d66ae1 18132->18140 18135 7ff7e5d61e50 78 API calls 18133->18135 18136 7ff7e5d66c27 18134->18136 18135->18131 18136->17291 18136->17294 18293 7ff7e5d77e54 18137->18293 18138 7ff7e5d66b05 GetDriveTypeW 18141 7ff7e5d66b15 18138->18141 18142 7ff7e5d66b30 18138->18142 18140->18138 18140->18140 18145 7ff7e5d61e50 78 API calls 18141->18145 18286 7ff7e5d779b8 18142->18286 18143 7ff7e5d66b51 18145->18131 18196 7ff7e5d818e8 18155->18196 18255 7ff7e5d81660 18196->18255 18276 7ff7e5d80668 EnterCriticalSection 18255->18276 18287 7ff7e5d779d6 18286->18287 18290 7ff7e5d77a09 18286->18290 18288 7ff7e5d80804 37 API calls 18287->18288 18287->18290 18289 7ff7e5d77a05 18288->18289 18289->18290 18291 7ff7e5d7a954 _isindst 17 API calls 18289->18291 18290->18131 18292 7ff7e5d77a39 18291->18292 18294 7ff7e5d77ede 18293->18294 18295 7ff7e5d77e70 18293->18295 18330 7ff7e5d80b50 18294->18330 18295->18294 18297 7ff7e5d77e75 18295->18297 18298 7ff7e5d77e8d 18297->18298 18299 7ff7e5d77eaa 18297->18299 18305 7ff7e5d77c24 GetFullPathNameW 18298->18305 18313 7ff7e5d77c98 GetFullPathNameW 18299->18313 18304 7ff7e5d77ea2 __std_exception_copy 18304->18143 18306 7ff7e5d77c4a GetLastError 18305->18306 18307 7ff7e5d77c60 18305->18307 18308 7ff7e5d7b50c _fread_nolock 11 API calls 18306->18308 18311 7ff7e5d7b598 _set_fmode 11 API calls 18307->18311 18312 7ff7e5d77c5c 18307->18312 18309 7ff7e5d77c57 18308->18309 18310 7ff7e5d7b598 _set_fmode 11 API calls 18309->18310 18310->18312 18311->18312 18312->18304 18314 7ff7e5d77ccb GetLastError 18313->18314 18317 7ff7e5d77ce1 __std_exception_copy 18313->18317 18315 7ff7e5d7b50c _fread_nolock 11 API calls 18314->18315 18316 7ff7e5d77cd8 18315->18316 18319 7ff7e5d7b598 _set_fmode 11 API calls 18316->18319 18318 7ff7e5d77cdd 18317->18318 18320 7ff7e5d77d3b GetFullPathNameW 18317->18320 18321 7ff7e5d77d70 18318->18321 18319->18318 18320->18314 18320->18318 18325 7ff7e5d77de4 memcpy_s 18321->18325 18326 7ff7e5d77d99 memcpy_s 18321->18326 18325->18304 18326->18325 18333 7ff7e5d80960 18330->18333 18334 7ff7e5d8098b 18333->18334 18335 7ff7e5d809a2 18333->18335 18336 7ff7e5d7b598 _set_fmode 11 API calls 18334->18336 18337 7ff7e5d809c7 18335->18337 18338 7ff7e5d809a6 18335->18338 18340 7ff7e5d80990 18336->18340 18371 7ff7e5d7f948 18337->18371 18359 7ff7e5d80acc 18338->18359 18344 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18340->18344 18358 7ff7e5d8099b __std_exception_copy 18344->18358 18360 7ff7e5d80b16 18359->18360 18361 7ff7e5d80ae6 18359->18361 18363 7ff7e5d80b21 GetDriveTypeW 18360->18363 18364 7ff7e5d80b01 18360->18364 18362 7ff7e5d7b578 _fread_nolock 11 API calls 18361->18362 18363->18364 18385 7ff7e5d8a860 18371->18385 18374 7ff7e5d7f9bc 18375 7ff7e5d7f995 18386 7ff7e5d7f97e GetCurrentDirectoryW 18385->18386 18386->18374 18386->18375 18388 7ff7e5d631c0 108 API calls 18387->18388 18389 7ff7e5d61443 18388->18389 18390 7ff7e5d6146c 18389->18390 18391 7ff7e5d6144b 18389->18391 18392 7ff7e5d6ed7c 73 API calls 18390->18392 18393 7ff7e5d61df0 81 API calls 18391->18393 18395 7ff7e5d61481 18392->18395 18394 7ff7e5d6145b 18393->18394 18394->17326 18396 7ff7e5d61485 18395->18396 18397 7ff7e5d614a1 18395->18397 18398 7ff7e5d61db0 80 API calls 18396->18398 18399 7ff7e5d614d1 18397->18399 18400 7ff7e5d614b1 18397->18400 18409 7ff7e5d6149c __std_exception_copy 18398->18409 18403 7ff7e5d614d7 18399->18403 18404 7ff7e5d614ea 18399->18404 18401 7ff7e5d61db0 80 API calls 18400->18401 18401->18409 18402 7ff7e5d6e6f4 74 API calls 18405 7ff7e5d61564 18402->18405 18411 7ff7e5d611d0 18403->18411 18407 7ff7e5d6ea44 _fread_nolock 53 API calls 18404->18407 18408 7ff7e5d61576 18404->18408 18404->18409 18405->17326 18407->18404 18410 7ff7e5d61db0 80 API calls 18408->18410 18409->18402 18410->18409 18412 7ff7e5d61228 18411->18412 18413 7ff7e5d61257 18412->18413 18414 7ff7e5d6122f 18412->18414 18417 7ff7e5d6128d 18413->18417 18418 7ff7e5d61271 18413->18418 18415 7ff7e5d61df0 81 API calls 18414->18415 18416 7ff7e5d61242 18415->18416 18416->18409 18420 7ff7e5d6129f 18417->18420 18427 7ff7e5d612bb memcpy_s 18417->18427 18419 7ff7e5d61db0 80 API calls 18418->18419 18423 7ff7e5d61288 __std_exception_copy 18419->18423 18421 7ff7e5d61db0 80 API calls 18420->18421 18421->18423 18422 7ff7e5d6ea44 _fread_nolock 53 API calls 18422->18427 18423->18409 18424 7ff7e5d6137f 18425 7ff7e5d61df0 81 API calls 18424->18425 18425->18423 18427->18422 18427->18423 18427->18424 18428 7ff7e5d6e7b8 37 API calls 18427->18428 18429 7ff7e5d6f184 18427->18429 18428->18427 18430 7ff7e5d6f1b4 18429->18430 18433 7ff7e5d6eed4 18430->18433 18432 7ff7e5d6f1d2 18432->18427 18434 7ff7e5d6eef4 18433->18434 18439 7ff7e5d6ef21 18433->18439 18435 7ff7e5d6eefe 18434->18435 18436 7ff7e5d6ef29 18434->18436 18434->18439 18438 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 18435->18438 18440 7ff7e5d6ee14 18436->18440 18438->18439 18439->18432 18447 7ff7e5d7522c EnterCriticalSection 18440->18447 18449 7ff7e5d6316a 18448->18449 18450 7ff7e5d67aa0 2 API calls 18449->18450 18451 7ff7e5d6318f 18450->18451 18452 7ff7e5d6ac60 _log10_special 8 API calls 18451->18452 18453 7ff7e5d631b7 18452->18453 18453->17346 18455 7ff7e5d667be 18454->18455 18456 7ff7e5d668e2 18455->18456 18457 7ff7e5d61bd0 49 API calls 18455->18457 18458 7ff7e5d6ac60 _log10_special 8 API calls 18456->18458 18462 7ff7e5d66845 18457->18462 18459 7ff7e5d66913 18458->18459 18459->17346 18460 7ff7e5d61bd0 49 API calls 18460->18462 18461 7ff7e5d63160 10 API calls 18461->18462 18462->18456 18462->18460 18462->18461 18463 7ff7e5d67aa0 2 API calls 18462->18463 18464 7ff7e5d668b3 CreateDirectoryW 18463->18464 18464->18456 18464->18462 18466 7ff7e5d615d7 18465->18466 18467 7ff7e5d615b3 18465->18467 18468 7ff7e5d631c0 108 API calls 18466->18468 18554 7ff7e5d61030 18467->18554 18470 7ff7e5d615eb 18468->18470 18473 7ff7e5d6161b 18470->18473 18474 7ff7e5d615f3 18470->18474 18471 7ff7e5d615b8 18472 7ff7e5d615ce 18471->18472 18475 7ff7e5d61df0 81 API calls 18471->18475 18472->17346 18477 7ff7e5d631c0 108 API calls 18473->18477 18476 7ff7e5d61db0 80 API calls 18474->18476 18475->18472 18478 7ff7e5d6160a 18476->18478 18479 7ff7e5d6162f 18477->18479 18478->17346 18480 7ff7e5d61637 18479->18480 18481 7ff7e5d61651 18479->18481 18483 7ff7e5d61df0 81 API calls 18480->18483 18482 7ff7e5d6ed7c 73 API calls 18481->18482 18484 7ff7e5d61666 18482->18484 18485 7ff7e5d61647 18483->18485 18486 7ff7e5d6168b 18484->18486 18487 7ff7e5d6166a 18484->18487 18491 7ff7e5d6e6f4 74 API calls 18485->18491 18489 7ff7e5d616a9 18486->18489 18490 7ff7e5d61691 18486->18490 18488 7ff7e5d61db0 80 API calls 18487->18488 18497 7ff7e5d61681 __std_exception_copy 18488->18497 18495 7ff7e5d616cb 18489->18495 18499 7ff7e5d616ec 18489->18499 18492 7ff7e5d611d0 89 API calls 18490->18492 18493 7ff7e5d617ad 18491->18493 18492->18497 18493->17346 18494 7ff7e5d6e6f4 74 API calls 18494->18485 18496 7ff7e5d61db0 80 API calls 18495->18496 18496->18497 18497->18494 18498 7ff7e5d6ea44 _fread_nolock 53 API calls 18498->18499 18499->18497 18499->18498 18500 7ff7e5d6f184 76 API calls 18499->18500 18502 7ff7e5d61755 18499->18502 18500->18499 18501 7ff7e5d61db0 80 API calls 18501->18497 18502->18501 18504 7ff7e5d65bcb 18503->18504 18506 7ff7e5d65b84 18503->18506 18504->17346 18506->18504 18593 7ff7e5d74fc0 18506->18593 18508 7ff7e5d62da1 18507->18508 18509 7ff7e5d630e0 49 API calls 18508->18509 18510 7ff7e5d62ddb 18509->18510 18511 7ff7e5d630e0 49 API calls 18510->18511 18512 7ff7e5d62deb 18511->18512 18513 7ff7e5d62e3c 18512->18513 18514 7ff7e5d62e0d 18512->18514 18516 7ff7e5d62d10 51 API calls 18513->18516 18624 7ff7e5d62d10 18514->18624 18517 7ff7e5d62e3a 18516->18517 18518 7ff7e5d62e9c 18517->18518 18519 7ff7e5d62e67 18517->18519 18521 7ff7e5d62d10 51 API calls 18518->18521 18631 7ff7e5d66680 18519->18631 18523 7ff7e5d62ec0 18521->18523 18526 7ff7e5d62d10 51 API calls 18523->18526 18531 7ff7e5d62f12 18523->18531 18524 7ff7e5d62f93 18530 7ff7e5d618d0 114 API calls 18524->18530 18525 7ff7e5d61df0 81 API calls 18527 7ff7e5d62e97 18525->18527 18529 7ff7e5d62ee9 18526->18529 18528 7ff7e5d6ac60 _log10_special 8 API calls 18527->18528 18532 7ff7e5d63035 18528->18532 18529->18531 18536 7ff7e5d62d10 51 API calls 18529->18536 18533 7ff7e5d62f9d 18530->18533 18531->18524 18537 7ff7e5d62f8c 18531->18537 18539 7ff7e5d62f17 18531->18539 18542 7ff7e5d62f7b 18531->18542 18532->17346 18534 7ff7e5d62ffe 18533->18534 18535 7ff7e5d62fa5 18533->18535 18538 7ff7e5d61df0 81 API calls 18534->18538 18657 7ff7e5d617c0 18535->18657 18536->18531 18537->18535 18537->18539 18538->18539 18543 7ff7e5d61df0 81 API calls 18539->18543 18546 7ff7e5d61df0 81 API calls 18542->18546 18543->18527 18544 7ff7e5d62fbc 18547 7ff7e5d61df0 81 API calls 18544->18547 18545 7ff7e5d62fd2 18548 7ff7e5d615a0 115 API calls 18545->18548 18546->18539 18547->18527 18549 7ff7e5d62fe0 18548->18549 18549->18527 18550 7ff7e5d61df0 81 API calls 18549->18550 18550->18527 18552 7ff7e5d61bd0 49 API calls 18551->18552 18553 7ff7e5d63074 18552->18553 18553->17346 18555 7ff7e5d631c0 108 API calls 18554->18555 18556 7ff7e5d6106b 18555->18556 18557 7ff7e5d61088 18556->18557 18558 7ff7e5d61073 18556->18558 18560 7ff7e5d6ed7c 73 API calls 18557->18560 18559 7ff7e5d61df0 81 API calls 18558->18559 18565 7ff7e5d61083 __std_exception_copy 18559->18565 18561 7ff7e5d6109d 18560->18561 18562 7ff7e5d610bd 18561->18562 18563 7ff7e5d610a1 18561->18563 18566 7ff7e5d610ed 18562->18566 18567 7ff7e5d610cd 18562->18567 18564 7ff7e5d61db0 80 API calls 18563->18564 18573 7ff7e5d610b8 __std_exception_copy 18564->18573 18565->18471 18570 7ff7e5d610f3 18566->18570 18576 7ff7e5d61106 18566->18576 18568 7ff7e5d61db0 80 API calls 18567->18568 18568->18573 18569 7ff7e5d6e6f4 74 API calls 18571 7ff7e5d61174 18569->18571 18572 7ff7e5d611d0 89 API calls 18570->18572 18571->18565 18579 7ff7e5d632f0 18571->18579 18572->18573 18573->18569 18574 7ff7e5d6ea44 _fread_nolock 53 API calls 18574->18576 18576->18573 18576->18574 18577 7ff7e5d611ac 18576->18577 18578 7ff7e5d61db0 80 API calls 18577->18578 18578->18573 18580 7ff7e5d63300 18579->18580 18581 7ff7e5d67aa0 2 API calls 18580->18581 18582 7ff7e5d6332b 18581->18582 18583 7ff7e5d6339e 18582->18583 18584 7ff7e5d67aa0 2 API calls 18582->18584 18585 7ff7e5d6ac60 _log10_special 8 API calls 18583->18585 18586 7ff7e5d63346 18584->18586 18587 7ff7e5d633b9 18585->18587 18586->18583 18588 7ff7e5d6334b CreateSymbolicLinkW 18586->18588 18587->18565 18588->18583 18589 7ff7e5d63375 18588->18589 18589->18583 18590 7ff7e5d6337e GetLastError 18589->18590 18590->18583 18591 7ff7e5d63389 18590->18591 18592 7ff7e5d632f0 10 API calls 18591->18592 18592->18583 18594 7ff7e5d74fcd 18593->18594 18595 7ff7e5d74ffa 18593->18595 18597 7ff7e5d7b598 _set_fmode 11 API calls 18594->18597 18605 7ff7e5d74f84 18594->18605 18596 7ff7e5d7501d 18595->18596 18599 7ff7e5d75039 18595->18599 18598 7ff7e5d7b598 _set_fmode 11 API calls 18596->18598 18600 7ff7e5d74fd7 18597->18600 18601 7ff7e5d75022 18598->18601 18608 7ff7e5d74ee8 18599->18608 18603 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18600->18603 18604 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18601->18604 18606 7ff7e5d74fe2 18603->18606 18607 7ff7e5d7502d 18604->18607 18605->18506 18606->18506 18607->18506 18609 7ff7e5d74f0c 18608->18609 18610 7ff7e5d74f07 18608->18610 18609->18610 18611 7ff7e5d7b160 __CxxCallCatchBlock 45 API calls 18609->18611 18610->18607 18612 7ff7e5d74f27 18611->18612 18616 7ff7e5d7dc5c 18612->18616 18617 7ff7e5d74f4a 18616->18617 18618 7ff7e5d7dc71 18616->18618 18620 7ff7e5d7dcc8 18617->18620 18618->18617 18619 7ff7e5d83694 45 API calls 18618->18619 18619->18617 18621 7ff7e5d7dcdd 18620->18621 18622 7ff7e5d7dcf0 18620->18622 18621->18622 18623 7ff7e5d829e0 45 API calls 18621->18623 18622->18610 18623->18622 18625 7ff7e5d62d36 18624->18625 18626 7ff7e5d74a14 49 API calls 18625->18626 18627 7ff7e5d62d5c 18626->18627 18628 7ff7e5d62d6d 18627->18628 18629 7ff7e5d63160 10 API calls 18627->18629 18628->18517 18630 7ff7e5d62d7f 18629->18630 18630->18517 18632 7ff7e5d66695 18631->18632 18633 7ff7e5d631c0 108 API calls 18632->18633 18634 7ff7e5d666bb 18633->18634 18635 7ff7e5d666e2 18634->18635 18636 7ff7e5d631c0 108 API calls 18634->18636 18638 7ff7e5d6ac60 _log10_special 8 API calls 18635->18638 18637 7ff7e5d666d2 18636->18637 18639 7ff7e5d666ec 18637->18639 18640 7ff7e5d666dd 18637->18640 18641 7ff7e5d62e77 18638->18641 18661 7ff7e5d6e78c 18639->18661 18642 7ff7e5d6e6f4 74 API calls 18640->18642 18641->18525 18641->18527 18642->18635 18644 7ff7e5d6674f 18645 7ff7e5d6e6f4 74 API calls 18644->18645 18646 7ff7e5d66777 18645->18646 18648 7ff7e5d6e6f4 74 API calls 18646->18648 18647 7ff7e5d6ea44 _fread_nolock 53 API calls 18655 7ff7e5d666f1 18647->18655 18648->18635 18649 7ff7e5d66756 18651 7ff7e5d6e7b8 37 API calls 18649->18651 18650 7ff7e5d6f184 76 API calls 18650->18655 18652 7ff7e5d66751 18651->18652 18652->18644 18667 7ff7e5d77364 18652->18667 18653 7ff7e5d6e7b8 37 API calls 18653->18655 18655->18644 18655->18647 18655->18649 18655->18650 18655->18652 18655->18653 18656 7ff7e5d6e78c 37 API calls 18655->18656 18656->18655 18659 7ff7e5d617e5 18657->18659 18660 7ff7e5d61855 18657->18660 18658 7ff7e5d74fc0 45 API calls 18658->18659 18659->18658 18659->18660 18660->18544 18660->18545 18662 7ff7e5d6e7a5 18661->18662 18663 7ff7e5d6e795 18661->18663 18662->18655 18664 7ff7e5d7b598 _set_fmode 11 API calls 18663->18664 18665 7ff7e5d6e79a 18664->18665 18666 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18665->18666 18666->18662 18668 7ff7e5d7736c 18667->18668 18669 7ff7e5d773a9 18668->18669 18670 7ff7e5d77388 18668->18670 18686 7ff7e5d7522c EnterCriticalSection 18669->18686 18671 7ff7e5d7b598 _set_fmode 11 API calls 18670->18671 18673 7ff7e5d7738d 18671->18673 18675 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18673->18675 18689 7ff7e5d75f98 18687->18689 18688 7ff7e5d75fbe 18690 7ff7e5d7b598 _set_fmode 11 API calls 18688->18690 18689->18688 18691 7ff7e5d75ff1 18689->18691 18692 7ff7e5d75fc3 18690->18692 18693 7ff7e5d75ff7 18691->18693 18694 7ff7e5d76004 18691->18694 18695 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 18692->18695 18696 7ff7e5d7b598 _set_fmode 11 API calls 18693->18696 18706 7ff7e5d7ac40 18694->18706 18698 7ff7e5d63216 18695->18698 18696->18698 18698->17363 18719 7ff7e5d80668 EnterCriticalSection 18706->18719 19079 7ff7e5d77944 19078->19079 19082 7ff7e5d77420 19079->19082 19081 7ff7e5d7795d 19081->17373 19083 7ff7e5d7743b 19082->19083 19084 7ff7e5d7746a 19082->19084 19086 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 19083->19086 19092 7ff7e5d7522c EnterCriticalSection 19084->19092 19088 7ff7e5d7745b 19086->19088 19088->19081 19094 7ff7e5d6e4eb 19093->19094 19095 7ff7e5d6e519 19093->19095 19096 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 19094->19096 19102 7ff7e5d6e50b 19095->19102 19103 7ff7e5d7522c EnterCriticalSection 19095->19103 19096->19102 19102->17377 19105 7ff7e5d67aa0 2 API calls 19104->19105 19106 7ff7e5d67494 LoadLibraryExW 19105->19106 19107 7ff7e5d674b3 __std_exception_copy 19106->19107 19107->17423 19109 7ff7e5d66149 19108->19109 19110 7ff7e5d66173 GetProcAddress 19108->19110 19113 7ff7e5d61ed0 80 API calls 19109->19113 19110->19109 19111 7ff7e5d66198 GetProcAddress 19110->19111 19111->19109 19112 7ff7e5d661bd GetProcAddress 19111->19112 19112->19109 19114 7ff7e5d661e5 GetProcAddress 19112->19114 19115 7ff7e5d66163 19113->19115 19114->19109 19116 7ff7e5d6620d GetProcAddress 19114->19116 19115->17430 19116->19109 19117 7ff7e5d66235 GetProcAddress 19116->19117 19118 7ff7e5d6625d GetProcAddress 19117->19118 19119 7ff7e5d66251 19117->19119 19120 7ff7e5d66279 19118->19120 19121 7ff7e5d66285 GetProcAddress 19118->19121 19119->19118 19120->19121 19122 7ff7e5d662ad GetProcAddress 19121->19122 19123 7ff7e5d662a1 19121->19123 19124 7ff7e5d662c9 19122->19124 19125 7ff7e5d662d5 GetProcAddress 19122->19125 19123->19122 19124->19125 19126 7ff7e5d662fd GetProcAddress 19125->19126 19127 7ff7e5d662f1 19125->19127 19128 7ff7e5d66319 19126->19128 19129 7ff7e5d66325 GetProcAddress 19126->19129 19127->19126 19128->19129 19130 7ff7e5d6634d GetProcAddress 19129->19130 19131 7ff7e5d66341 19129->19131 19132 7ff7e5d66369 19130->19132 19133 7ff7e5d66375 GetProcAddress 19130->19133 19131->19130 19132->19133 19134 7ff7e5d6639d GetProcAddress 19133->19134 19135 7ff7e5d66391 19133->19135 19136 7ff7e5d663b9 19134->19136 19137 7ff7e5d663c5 GetProcAddress 19134->19137 19135->19134 19136->19137 19138 7ff7e5d663ed GetProcAddress 19137->19138 19139 7ff7e5d663e1 19137->19139 19140 7ff7e5d66409 19138->19140 19141 7ff7e5d66415 GetProcAddress 19138->19141 19139->19138 19140->19141 19142 7ff7e5d6643d GetProcAddress 19141->19142 19143 7ff7e5d66431 19141->19143 19144 7ff7e5d66459 19142->19144 19145 7ff7e5d66465 GetProcAddress 19142->19145 19143->19142 19144->19145 19171->17439 19172->17441 19174 7ff7e5d64d85 19173->19174 19175 7ff7e5d61bd0 49 API calls 19174->19175 19176 7ff7e5d64dc1 19175->19176 19177 7ff7e5d64ded 19176->19177 19178 7ff7e5d64dca 19176->19178 19180 7ff7e5d63230 49 API calls 19177->19180 19179 7ff7e5d61df0 81 API calls 19178->19179 19182 7ff7e5d64de3 19179->19182 19181 7ff7e5d64e05 19180->19181 19183 7ff7e5d64e23 19181->19183 19184 7ff7e5d61df0 81 API calls 19181->19184 19186 7ff7e5d6ac60 _log10_special 8 API calls 19182->19186 19185 7ff7e5d63160 10 API calls 19183->19185 19184->19183 19187 7ff7e5d64e2d 19185->19187 19188 7ff7e5d6224e 19186->19188 19189 7ff7e5d64e3b 19187->19189 19190 7ff7e5d67480 3 API calls 19187->19190 19188->17447 19204 7ff7e5d64f00 19188->19204 19191 7ff7e5d63230 49 API calls 19189->19191 19190->19189 19192 7ff7e5d64e54 19191->19192 19193 7ff7e5d64e79 19192->19193 19194 7ff7e5d64e59 19192->19194 19196 7ff7e5d67480 3 API calls 19193->19196 19195 7ff7e5d61df0 81 API calls 19194->19195 19195->19182 19197 7ff7e5d64e86 19196->19197 19198 7ff7e5d64ec9 19197->19198 19199 7ff7e5d64e92 19197->19199 19258 7ff7e5d64300 GetProcAddress 19198->19258 19200 7ff7e5d67aa0 2 API calls 19199->19200 19202 7ff7e5d64eaa 19200->19202 19203 7ff7e5d61ed0 80 API calls 19202->19203 19203->19182 19343 7ff7e5d63ed0 19204->19343 19206 7ff7e5d64f3a 19207 7ff7e5d64f53 19206->19207 19208 7ff7e5d64f42 19206->19208 19350 7ff7e5d636a0 19207->19350 19209 7ff7e5d61df0 81 API calls 19208->19209 19215 7ff7e5d64f4e 19209->19215 19212 7ff7e5d64f70 19216 7ff7e5d64f90 19212->19216 19217 7ff7e5d64f7f 19212->19217 19213 7ff7e5d64f5f 19214 7ff7e5d61df0 81 API calls 19213->19214 19214->19215 19215->17449 19354 7ff7e5d63950 19216->19354 19218 7ff7e5d61df0 81 API calls 19217->19218 19218->19215 19220 7ff7e5d64fab 19221 7ff7e5d64fc0 19220->19221 19222 7ff7e5d64faf 19220->19222 19224 7ff7e5d64fe0 19221->19224 19225 7ff7e5d64fcf 19221->19225 19223 7ff7e5d61df0 81 API calls 19222->19223 19223->19215 19361 7ff7e5d637f0 19224->19361 19226 7ff7e5d61df0 81 API calls 19225->19226 19226->19215 19244 7ff7e5d64aa0 19243->19244 19244->19244 19245 7ff7e5d64ac9 19244->19245 19251 7ff7e5d64ae0 __std_exception_copy 19244->19251 19246 7ff7e5d61df0 81 API calls 19245->19246 19247 7ff7e5d64ad5 19246->19247 19247->17451 19248 7ff7e5d64beb 19248->17451 19249 7ff7e5d61420 113 API calls 19249->19251 19250 7ff7e5d61df0 81 API calls 19250->19251 19251->19248 19251->19249 19251->19250 19253 7ff7e5d64d37 19252->19253 19256 7ff7e5d64c46 19252->19256 19253->17447 19254 7ff7e5d64d52 19255 7ff7e5d61df0 81 API calls 19254->19255 19255->19253 19256->19253 19256->19254 19257 7ff7e5d61df0 81 API calls 19256->19257 19257->19256 19259 7ff7e5d64347 GetProcAddress 19258->19259 19260 7ff7e5d64322 19258->19260 19259->19260 19261 7ff7e5d6436c GetProcAddress 19259->19261 19262 7ff7e5d61ed0 80 API calls 19260->19262 19261->19260 19263 7ff7e5d64391 GetProcAddress 19261->19263 19264 7ff7e5d6433c 19262->19264 19263->19260 19265 7ff7e5d643b9 GetProcAddress 19263->19265 19264->19182 19265->19260 19266 7ff7e5d643e1 GetProcAddress 19265->19266 19266->19260 19267 7ff7e5d64409 GetProcAddress 19266->19267 19268 7ff7e5d64425 19267->19268 19269 7ff7e5d64431 GetProcAddress 19267->19269 19268->19269 19270 7ff7e5d6444d 19269->19270 19271 7ff7e5d64459 GetProcAddress 19269->19271 19270->19271 19272 7ff7e5d64475 19271->19272 19273 7ff7e5d64481 GetProcAddress 19271->19273 19272->19273 19274 7ff7e5d6449d 19273->19274 19275 7ff7e5d644a9 GetProcAddress 19273->19275 19274->19275 19276 7ff7e5d644c5 19275->19276 19277 7ff7e5d644d1 GetProcAddress 19275->19277 19276->19277 19278 7ff7e5d644ed 19277->19278 19279 7ff7e5d644f9 GetProcAddress 19277->19279 19278->19279 19280 7ff7e5d64515 19279->19280 19281 7ff7e5d64521 GetProcAddress 19279->19281 19280->19281 19282 7ff7e5d6453d 19281->19282 19283 7ff7e5d64549 GetProcAddress 19281->19283 19282->19283 19284 7ff7e5d64565 19283->19284 19345 7ff7e5d63efc 19343->19345 19344 7ff7e5d63f04 19344->19206 19345->19344 19348 7ff7e5d640a4 19345->19348 19381 7ff7e5d76b74 19345->19381 19346 7ff7e5d64267 __std_exception_copy 19346->19206 19347 7ff7e5d633d0 47 API calls 19347->19348 19348->19346 19348->19347 19351 7ff7e5d636d0 19350->19351 19352 7ff7e5d6ac60 _log10_special 8 API calls 19351->19352 19353 7ff7e5d6373a 19352->19353 19353->19212 19353->19213 19355 7ff7e5d639bf 19354->19355 19357 7ff7e5d6396b 19354->19357 19356 7ff7e5d63550 2 API calls 19355->19356 19358 7ff7e5d639cc 19356->19358 19360 7ff7e5d639aa 19357->19360 19439 7ff7e5d63550 19357->19439 19358->19220 19360->19220 19362 7ff7e5d63805 19361->19362 19363 7ff7e5d61bd0 49 API calls 19362->19363 19364 7ff7e5d63851 19363->19364 19365 7ff7e5d638d7 __std_exception_copy 19364->19365 19366 7ff7e5d61bd0 49 API calls 19364->19366 19368 7ff7e5d6ac60 _log10_special 8 API calls 19365->19368 19367 7ff7e5d63890 19366->19367 19367->19365 19382 7ff7e5d76ba4 19381->19382 19385 7ff7e5d76070 19382->19385 19384 7ff7e5d76bd4 19384->19345 19386 7ff7e5d760b3 19385->19386 19387 7ff7e5d760a1 19385->19387 19389 7ff7e5d760fd 19386->19389 19392 7ff7e5d760c0 19386->19392 19388 7ff7e5d7b598 _set_fmode 11 API calls 19387->19388 19391 7ff7e5d760a6 19388->19391 19390 7ff7e5d76118 19389->19390 19394 7ff7e5d743c0 45 API calls 19389->19394 19397 7ff7e5d7613a 19390->19397 19406 7ff7e5d76afc 19390->19406 19396 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19391->19396 19393 7ff7e5d7a868 _invalid_parameter_noinfo 37 API calls 19392->19393 19403 7ff7e5d760b1 19393->19403 19394->19390 19396->19403 19398 7ff7e5d761db 19397->19398 19399 7ff7e5d7b598 _set_fmode 11 API calls 19397->19399 19400 7ff7e5d7b598 _set_fmode 11 API calls 19398->19400 19398->19403 19401 7ff7e5d761d0 19399->19401 19402 7ff7e5d76286 19400->19402 19404 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19401->19404 19405 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 19402->19405 19403->19384 19404->19398 19405->19403 19407 7ff7e5d76b1f 19406->19407 19409 7ff7e5d76b36 19406->19409 19412 7ff7e5d802f8 19407->19412 19410 7ff7e5d76b24 19409->19410 19417 7ff7e5d80328 19409->19417 19410->19390 19413 7ff7e5d7b160 __CxxCallCatchBlock 45 API calls 19412->19413 19414 7ff7e5d80301 19413->19414 19415 7ff7e5d7dc5c 45 API calls 19414->19415 19416 7ff7e5d8031a 19415->19416 19416->19410 19418 7ff7e5d74ee8 45 API calls 19417->19418 19420 7ff7e5d80361 19418->19420 19419 7ff7e5d8036d 19421 7ff7e5d6ac60 _log10_special 8 API calls 19419->19421 19420->19419 19424 7ff7e5d831d0 19420->19424 19423 7ff7e5d80417 19421->19423 19423->19410 19425 7ff7e5d74ee8 45 API calls 19424->19425 19426 7ff7e5d83212 19425->19426 19427 7ff7e5d7fc30 _fread_nolock MultiByteToWideChar 19426->19427 19429 7ff7e5d83248 19427->19429 19428 7ff7e5d8324f 19431 7ff7e5d6ac60 _log10_special 8 API calls 19428->19431 19429->19428 19430 7ff7e5d7d8d4 _fread_nolock 12 API calls 19429->19430 19433 7ff7e5d8330c 19429->19433 19435 7ff7e5d83278 memcpy_s 19429->19435 19430->19435 19432 7ff7e5d83345 19431->19432 19432->19419 19433->19428 19434 7ff7e5d7a574 __free_lconv_num 11 API calls 19433->19434 19434->19428 19435->19433 19436 7ff7e5d7fc30 _fread_nolock MultiByteToWideChar 19435->19436 19437 7ff7e5d832ee 19436->19437 19437->19433 19438 7ff7e5d832f2 GetStringTypeW 19437->19438 19438->19433 19440 7ff7e5d67aa0 2 API calls 19439->19440 19441 7ff7e5d63575 __std_exception_copy 19440->19441 19441->19360 19461->17455 19463 7ff7e5d7b160 __CxxCallCatchBlock 45 API calls 19462->19463 19464 7ff7e5d7a471 19463->19464 19467 7ff7e5d7a51c 19464->19467 19476 7ff7e5d839e0 19467->19476 19502 7ff7e5d83998 19476->19502 19507 7ff7e5d80668 EnterCriticalSection 19502->19507 19986 7ff7e5d751d0 19987 7ff7e5d751db 19986->19987 19995 7ff7e5d7f624 19987->19995 20008 7ff7e5d80668 EnterCriticalSection 19995->20008 16703 7ff7e5d7fd1c 16704 7ff7e5d7ff0e 16703->16704 16706 7ff7e5d7fd5e _isindst 16703->16706 16755 7ff7e5d7b598 16704->16755 16706->16704 16709 7ff7e5d7fdde _isindst 16706->16709 16724 7ff7e5d86524 16709->16724 16714 7ff7e5d7ff3a 16767 7ff7e5d7a954 IsProcessorFeaturePresent 16714->16767 16721 7ff7e5d7fe3b 16723 7ff7e5d7fefe 16721->16723 16748 7ff7e5d86568 16721->16748 16758 7ff7e5d6ac60 16723->16758 16725 7ff7e5d86533 16724->16725 16726 7ff7e5d7fdfc 16724->16726 16771 7ff7e5d80668 EnterCriticalSection 16725->16771 16730 7ff7e5d85928 16726->16730 16731 7ff7e5d85931 16730->16731 16733 7ff7e5d7fe11 16730->16733 16732 7ff7e5d7b598 _set_fmode 11 API calls 16731->16732 16734 7ff7e5d85936 16732->16734 16733->16714 16736 7ff7e5d85958 16733->16736 16772 7ff7e5d7a934 16734->16772 16737 7ff7e5d7fe22 16736->16737 16738 7ff7e5d85961 16736->16738 16737->16714 16742 7ff7e5d85988 16737->16742 16739 7ff7e5d7b598 _set_fmode 11 API calls 16738->16739 16740 7ff7e5d85966 16739->16740 16741 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 16740->16741 16741->16737 16743 7ff7e5d7fe33 16742->16743 16744 7ff7e5d85991 16742->16744 16743->16714 16743->16721 16745 7ff7e5d7b598 _set_fmode 11 API calls 16744->16745 16746 7ff7e5d85996 16745->16746 16747 7ff7e5d7a934 _invalid_parameter_noinfo 37 API calls 16746->16747 16747->16743 16856 7ff7e5d80668 EnterCriticalSection 16748->16856 16857 7ff7e5d7b2d8 GetLastError 16755->16857 16757 7ff7e5d7b5a1 16757->16723 16759 7ff7e5d6ac69 16758->16759 16760 7ff7e5d6ac74 16759->16760 16761 7ff7e5d6aff0 IsProcessorFeaturePresent 16759->16761 16762 7ff7e5d6b008 16761->16762 16874 7ff7e5d6b1e8 RtlCaptureContext 16762->16874 16768 7ff7e5d7a967 16767->16768 16879 7ff7e5d7a668 16768->16879 16775 7ff7e5d7a7cc 16772->16775 16774 7ff7e5d7a94d 16774->16733 16776 7ff7e5d7a7f7 16775->16776 16779 7ff7e5d7a868 16776->16779 16778 7ff7e5d7a81e 16778->16774 16789 7ff7e5d7a5b0 16779->16789 16782 7ff7e5d7a8a3 16782->16778 16785 7ff7e5d7a954 _isindst 17 API calls 16786 7ff7e5d7a933 16785->16786 16787 7ff7e5d7a7cc _invalid_parameter_noinfo 37 API calls 16786->16787 16788 7ff7e5d7a94d 16787->16788 16788->16778 16790 7ff7e5d7a5cc GetLastError 16789->16790 16791 7ff7e5d7a607 16789->16791 16792 7ff7e5d7a5dc 16790->16792 16791->16782 16795 7ff7e5d7a61c 16791->16795 16798 7ff7e5d7b3a0 16792->16798 16796 7ff7e5d7a638 GetLastError SetLastError 16795->16796 16797 7ff7e5d7a650 16795->16797 16796->16797 16797->16782 16797->16785 16799 7ff7e5d7b3da FlsSetValue 16798->16799 16800 7ff7e5d7b3bf FlsGetValue 16798->16800 16801 7ff7e5d7b3e7 16799->16801 16812 7ff7e5d7a5f7 SetLastError 16799->16812 16802 7ff7e5d7b3d4 16800->16802 16800->16812 16815 7ff7e5d7f014 16801->16815 16802->16799 16805 7ff7e5d7b414 FlsSetValue 16808 7ff7e5d7b432 16805->16808 16809 7ff7e5d7b420 FlsSetValue 16805->16809 16806 7ff7e5d7b404 FlsSetValue 16807 7ff7e5d7b40d 16806->16807 16822 7ff7e5d7a574 16807->16822 16828 7ff7e5d7af0c 16808->16828 16809->16807 16812->16791 16820 7ff7e5d7f025 _set_fmode 16815->16820 16816 7ff7e5d7f076 16818 7ff7e5d7b598 _set_fmode 10 API calls 16816->16818 16817 7ff7e5d7f05a RtlAllocateHeap 16819 7ff7e5d7b3f6 16817->16819 16817->16820 16818->16819 16819->16805 16819->16806 16820->16816 16820->16817 16833 7ff7e5d83920 16820->16833 16823 7ff7e5d7a579 RtlRestoreThreadPreferredUILanguages 16822->16823 16824 7ff7e5d7a5a8 16822->16824 16823->16824 16825 7ff7e5d7a594 GetLastError 16823->16825 16824->16812 16826 7ff7e5d7a5a1 __free_lconv_num 16825->16826 16827 7ff7e5d7b598 _set_fmode 9 API calls 16826->16827 16827->16824 16842 7ff7e5d7ade4 16828->16842 16836 7ff7e5d83960 16833->16836 16841 7ff7e5d80668 EnterCriticalSection 16836->16841 16854 7ff7e5d80668 EnterCriticalSection 16842->16854 16858 7ff7e5d7b319 FlsSetValue 16857->16858 16863 7ff7e5d7b2fc 16857->16863 16859 7ff7e5d7b32b 16858->16859 16862 7ff7e5d7b309 16858->16862 16861 7ff7e5d7f014 _set_fmode 5 API calls 16859->16861 16860 7ff7e5d7b385 SetLastError 16860->16757 16864 7ff7e5d7b33a 16861->16864 16862->16860 16863->16858 16863->16862 16865 7ff7e5d7b358 FlsSetValue 16864->16865 16866 7ff7e5d7b348 FlsSetValue 16864->16866 16868 7ff7e5d7b376 16865->16868 16869 7ff7e5d7b364 FlsSetValue 16865->16869 16867 7ff7e5d7b351 16866->16867 16870 7ff7e5d7a574 __free_lconv_num 5 API calls 16867->16870 16871 7ff7e5d7af0c _set_fmode 5 API calls 16868->16871 16869->16867 16870->16862 16872 7ff7e5d7b37e 16871->16872 16873 7ff7e5d7a574 __free_lconv_num 5 API calls 16872->16873 16873->16860 16875 7ff7e5d6b202 RtlLookupFunctionEntry 16874->16875 16876 7ff7e5d6b218 RtlVirtualUnwind 16875->16876 16877 7ff7e5d6b01b 16875->16877 16876->16875 16876->16877 16878 7ff7e5d6afb0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16877->16878 16880 7ff7e5d7a6a2 __CxxCallCatchBlock memcpy_s 16879->16880 16881 7ff7e5d7a6ca RtlCaptureContext RtlLookupFunctionEntry 16880->16881 16882 7ff7e5d7a73a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16881->16882 16883 7ff7e5d7a704 RtlVirtualUnwind 16881->16883 16884 7ff7e5d7a78c __CxxCallCatchBlock 16882->16884 16883->16882 16885 7ff7e5d6ac60 _log10_special 8 API calls 16884->16885 16886 7ff7e5d7a7ab GetCurrentProcess TerminateProcess 16885->16886 20109 7ff7e5d8b1a7 20110 7ff7e5d8b1c0 20109->20110 20111 7ff7e5d8b1b6 20109->20111 20113 7ff7e5d806c8 LeaveCriticalSection 20111->20113 19624 7ff7e5d799b1 19625 7ff7e5d7a468 45 API calls 19624->19625 19626 7ff7e5d799b6 19625->19626 19627 7ff7e5d799dd GetModuleHandleW 19626->19627 19628 7ff7e5d79a27 19626->19628 19627->19628 19634 7ff7e5d799ea 19627->19634 19636 7ff7e5d798b4 19628->19636 19634->19628 19650 7ff7e5d79ad8 GetModuleHandleExW 19634->19650 19656 7ff7e5d80668 EnterCriticalSection 19636->19656 19651 7ff7e5d79b0c GetProcAddress 19650->19651 19652 7ff7e5d79b35 19650->19652 19655 7ff7e5d79b1e 19651->19655 19653 7ff7e5d79b3a FreeLibrary 19652->19653 19654 7ff7e5d79b41 19652->19654 19653->19654 19654->19628 19655->19652 20117 7ff7e5d87fb0 20120 7ff7e5d82980 20117->20120 20121 7ff7e5d8298d 20120->20121 20122 7ff7e5d829d2 20120->20122 20126 7ff7e5d7b234 20121->20126 20127 7ff7e5d7b245 FlsGetValue 20126->20127 20128 7ff7e5d7b260 FlsSetValue 20126->20128 20129 7ff7e5d7b25a 20127->20129 20130 7ff7e5d7b252 20127->20130 20128->20130 20131 7ff7e5d7b26d 20128->20131 20129->20128 20132 7ff7e5d7b258 20130->20132 20133 7ff7e5d7a51c __CxxCallCatchBlock 45 API calls 20130->20133 20134 7ff7e5d7f014 _set_fmode 11 API calls 20131->20134 20146 7ff7e5d82654 20132->20146 20135 7ff7e5d7b2d5 20133->20135 20136 7ff7e5d7b27c 20134->20136 20137 7ff7e5d7b29a FlsSetValue 20136->20137 20138 7ff7e5d7b28a FlsSetValue 20136->20138 20140 7ff7e5d7b2b8 20137->20140 20141 7ff7e5d7b2a6 FlsSetValue 20137->20141 20139 7ff7e5d7b293 20138->20139 20142 7ff7e5d7a574 __free_lconv_num 11 API calls 20139->20142 20143 7ff7e5d7af0c _set_fmode 11 API calls 20140->20143 20141->20139 20142->20130 20144 7ff7e5d7b2c0 20143->20144 20145 7ff7e5d7a574 __free_lconv_num 11 API calls 20144->20145 20145->20132 20169 7ff7e5d828c4 20146->20169 20148 7ff7e5d82689 20184 7ff7e5d82354 20148->20184 20151 7ff7e5d7d8d4 _fread_nolock 12 API calls 20152 7ff7e5d826b7 20151->20152 20153 7ff7e5d826bf 20152->20153 20155 7ff7e5d826ce 20152->20155 20154 7ff7e5d7a574 __free_lconv_num 11 API calls 20153->20154 20167 7ff7e5d826a6 20154->20167 20155->20155 20191 7ff7e5d829fc 20155->20191 20158 7ff7e5d827ca 20159 7ff7e5d7b598 _set_fmode 11 API calls 20158->20159 20161 7ff7e5d827cf 20159->20161 20160 7ff7e5d827e4 20162 7ff7e5d82825 20160->20162 20168 7ff7e5d7a574 __free_lconv_num 11 API calls 20160->20168 20164 7ff7e5d7a574 __free_lconv_num 11 API calls 20161->20164 20163 7ff7e5d8288c 20162->20163 20202 7ff7e5d82184 20162->20202 20166 7ff7e5d7a574 __free_lconv_num 11 API calls 20163->20166 20164->20167 20166->20167 20167->20122 20168->20162 20170 7ff7e5d828e7 20169->20170 20171 7ff7e5d828f1 20170->20171 20217 7ff7e5d80668 EnterCriticalSection 20170->20217 20173 7ff7e5d82963 20171->20173 20174 7ff7e5d7a51c __CxxCallCatchBlock 45 API calls 20171->20174 20173->20148 20178 7ff7e5d8297b 20174->20178 20179 7ff7e5d829d2 20178->20179 20181 7ff7e5d7b234 50 API calls 20178->20181 20179->20148 20182 7ff7e5d829bc 20181->20182 20183 7ff7e5d82654 65 API calls 20182->20183 20183->20179 20185 7ff7e5d74ee8 45 API calls 20184->20185 20186 7ff7e5d82368 20185->20186 20187 7ff7e5d82386 20186->20187 20188 7ff7e5d82374 GetOEMCP 20186->20188 20189 7ff7e5d8239b 20187->20189 20190 7ff7e5d8238b GetACP 20187->20190 20188->20189 20189->20151 20189->20167 20190->20189 20192 7ff7e5d82354 47 API calls 20191->20192 20193 7ff7e5d82a29 20192->20193 20194 7ff7e5d82b7f 20193->20194 20195 7ff7e5d82a66 IsValidCodePage 20193->20195 20201 7ff7e5d82a80 memcpy_s 20193->20201 20196 7ff7e5d6ac60 _log10_special 8 API calls 20194->20196 20195->20194 20197 7ff7e5d82a77 20195->20197 20198 7ff7e5d827c1 20196->20198 20199 7ff7e5d82aa6 GetCPInfo 20197->20199 20197->20201 20198->20158 20198->20160 20199->20194 20199->20201 20218 7ff7e5d8246c 20201->20218 20274 7ff7e5d80668 EnterCriticalSection 20202->20274 20219 7ff7e5d824a9 GetCPInfo 20218->20219 20220 7ff7e5d8259f 20218->20220 20219->20220 20225 7ff7e5d824bc 20219->20225 20221 7ff7e5d6ac60 _log10_special 8 API calls 20220->20221 20223 7ff7e5d8263e 20221->20223 20222 7ff7e5d831d0 48 API calls 20224 7ff7e5d82533 20222->20224 20223->20194 20229 7ff7e5d87f14 20224->20229 20225->20222 20228 7ff7e5d87f14 54 API calls 20228->20220 20230 7ff7e5d74ee8 45 API calls 20229->20230 20231 7ff7e5d87f39 20230->20231 20234 7ff7e5d87be0 20231->20234 20235 7ff7e5d87c21 20234->20235 20236 7ff7e5d7fc30 _fread_nolock MultiByteToWideChar 20235->20236 20239 7ff7e5d87c6b 20236->20239 20237 7ff7e5d87ee9 20238 7ff7e5d6ac60 _log10_special 8 API calls 20237->20238 20240 7ff7e5d82566 20238->20240 20239->20237 20241 7ff7e5d7d8d4 _fread_nolock 12 API calls 20239->20241 20243 7ff7e5d87ca3 20239->20243 20254 7ff7e5d87da1 20239->20254 20240->20228 20241->20243 20242 7ff7e5d7a574 __free_lconv_num 11 API calls 20242->20237 20244 7ff7e5d7fc30 _fread_nolock MultiByteToWideChar 20243->20244 20243->20254 20245 7ff7e5d87d16 20244->20245 20245->20254 20265 7ff7e5d7f460 20245->20265 20248 7ff7e5d87d61 20251 7ff7e5d7f460 __crtLCMapStringW 6 API calls 20248->20251 20248->20254 20249 7ff7e5d87db2 20250 7ff7e5d7d8d4 _fread_nolock 12 API calls 20249->20250 20252 7ff7e5d87e84 20249->20252 20253 7ff7e5d87dd0 20249->20253 20250->20253 20251->20254 20252->20254 20255 7ff7e5d7a574 __free_lconv_num 11 API calls 20252->20255 20253->20254 20256 7ff7e5d7f460 __crtLCMapStringW 6 API calls 20253->20256 20254->20237 20254->20242 20255->20254 20257 7ff7e5d87e50 20256->20257 20257->20252 20258 7ff7e5d87e86 20257->20258 20259 7ff7e5d87e70 20257->20259 20260 7ff7e5d80b78 WideCharToMultiByte 20258->20260 20261 7ff7e5d80b78 WideCharToMultiByte 20259->20261 20262 7ff7e5d87e7e 20260->20262 20261->20262 20262->20252 20263 7ff7e5d87e9e 20262->20263 20263->20254 20264 7ff7e5d7a574 __free_lconv_num 11 API calls 20263->20264 20264->20254 20266 7ff7e5d7f08c __crtLCMapStringW 5 API calls 20265->20266 20267 7ff7e5d7f49e 20266->20267 20268 7ff7e5d7f4a6 20267->20268 20271 7ff7e5d7f54c 20267->20271 20268->20248 20268->20249 20268->20254 20270 7ff7e5d7f50f LCMapStringW 20270->20268 20272 7ff7e5d7f08c __crtLCMapStringW 5 API calls 20271->20272 20273 7ff7e5d7f57a __crtLCMapStringW 20272->20273 20273->20270

                                                                Executed Functions

                                                                Function 00007FF7E5D85F90 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 335 7ff7e5d85f90-7ff7e5d85fcb call 7ff7e5d85918 call 7ff7e5d85920 call 7ff7e5d85988 342 7ff7e5d861f5-7ff7e5d86241 call 7ff7e5d7a954 call 7ff7e5d85918 call 7ff7e5d85920 call 7ff7e5d85988 335->342 343 7ff7e5d85fd1-7ff7e5d85fdc call 7ff7e5d85928 335->343 369 7ff7e5d86247-7ff7e5d86252 call 7ff7e5d85928 342->369 370 7ff7e5d8637f-7ff7e5d863ed call 7ff7e5d7a954 call 7ff7e5d81908 342->370 343->342 349 7ff7e5d85fe2-7ff7e5d85fec 343->349 351 7ff7e5d8600e-7ff7e5d86012 349->351 352 7ff7e5d85fee-7ff7e5d85ff1 349->352 353 7ff7e5d86015-7ff7e5d8601d 351->353 355 7ff7e5d85ff4-7ff7e5d85fff 352->355 353->353 356 7ff7e5d8601f-7ff7e5d86032 call 7ff7e5d7d8d4 353->356 358 7ff7e5d8600a-7ff7e5d8600c 355->358 359 7ff7e5d86001-7ff7e5d86008 355->359 365 7ff7e5d8604a-7ff7e5d86056 call 7ff7e5d7a574 356->365 366 7ff7e5d86034-7ff7e5d86036 call 7ff7e5d7a574 356->366 358->351 360 7ff7e5d8603b-7ff7e5d86049 358->360 359->355 359->358 375 7ff7e5d8605d-7ff7e5d86065 365->375 366->360 369->370 378 7ff7e5d86258-7ff7e5d86263 call 7ff7e5d85958 369->378 389 7ff7e5d863fb-7ff7e5d863fe 370->389 390 7ff7e5d863ef-7ff7e5d863f6 370->390 375->375 379 7ff7e5d86067-7ff7e5d86078 call 7ff7e5d80804 375->379 378->370 387 7ff7e5d86269-7ff7e5d8628c call 7ff7e5d7a574 GetTimeZoneInformation 378->387 379->342 388 7ff7e5d8607e-7ff7e5d860d4 call 7ff7e5d8a860 * 4 call 7ff7e5d85eac 379->388 403 7ff7e5d86354-7ff7e5d8637e call 7ff7e5d85910 call 7ff7e5d85900 call 7ff7e5d85908 387->403 404 7ff7e5d86292-7ff7e5d862b3 387->404 447 7ff7e5d860d6-7ff7e5d860da 388->447 391 7ff7e5d86435-7ff7e5d86448 call 7ff7e5d7d8d4 389->391 392 7ff7e5d86400 389->392 395 7ff7e5d8648b-7ff7e5d8648e 390->395 413 7ff7e5d8644a 391->413 414 7ff7e5d86453-7ff7e5d8646e call 7ff7e5d81908 391->414 396 7ff7e5d86403 392->396 395->396 400 7ff7e5d86494-7ff7e5d8649c call 7ff7e5d85f90 395->400 401 7ff7e5d86408-7ff7e5d86434 call 7ff7e5d7a574 call 7ff7e5d6ac60 396->401 402 7ff7e5d86403 call 7ff7e5d8620c 396->402 400->401 402->401 409 7ff7e5d862be-7ff7e5d862c5 404->409 410 7ff7e5d862b5-7ff7e5d862bb 404->410 416 7ff7e5d862d9 409->416 417 7ff7e5d862c7-7ff7e5d862cf 409->417 410->409 420 7ff7e5d8644c-7ff7e5d86451 call 7ff7e5d7a574 413->420 430 7ff7e5d86475-7ff7e5d86487 call 7ff7e5d7a574 414->430 431 7ff7e5d86470-7ff7e5d86473 414->431 427 7ff7e5d862db-7ff7e5d8634f call 7ff7e5d8a860 * 4 call 7ff7e5d82eec call 7ff7e5d864a4 * 2 416->427 417->416 424 7ff7e5d862d1-7ff7e5d862d7 417->424 420->392 424->427 427->403 430->395 431->420 449 7ff7e5d860dc 447->449 450 7ff7e5d860e0-7ff7e5d860e4 447->450 449->450 450->447 452 7ff7e5d860e6-7ff7e5d8610b call 7ff7e5d76c28 450->452 458 7ff7e5d8610e-7ff7e5d86112 452->458 460 7ff7e5d86114-7ff7e5d8611f 458->460 461 7ff7e5d86121-7ff7e5d86125 458->461 460->461 463 7ff7e5d86127-7ff7e5d8612b 460->463 461->458 466 7ff7e5d8612d-7ff7e5d86155 call 7ff7e5d76c28 463->466 467 7ff7e5d861ac-7ff7e5d861b0 463->467 475 7ff7e5d86157 466->475 476 7ff7e5d86173-7ff7e5d86177 466->476 468 7ff7e5d861b7-7ff7e5d861c4 467->468 469 7ff7e5d861b2-7ff7e5d861b4 467->469 471 7ff7e5d861c6-7ff7e5d861dc call 7ff7e5d85eac 468->471 472 7ff7e5d861df-7ff7e5d861ee call 7ff7e5d85910 call 7ff7e5d85900 468->472 469->468 471->472 472->342 480 7ff7e5d8615a-7ff7e5d86161 475->480 476->467 478 7ff7e5d86179-7ff7e5d86197 call 7ff7e5d76c28 476->478 487 7ff7e5d861a3-7ff7e5d861aa 478->487 480->476 484 7ff7e5d86163-7ff7e5d86171 480->484 484->476 484->480 487->467 488 7ff7e5d86199-7ff7e5d8619d 487->488 488->467 489 7ff7e5d8619f 488->489 489->487
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D85FD5
                                                                  • Part of subcall function 00007FF7E5D85928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8593C
                                                                  • Part of subcall function 00007FF7E5D7A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                  • Part of subcall function 00007FF7E5D7A574: GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                  • Part of subcall function 00007FF7E5D7A954: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E5D7A933,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7A95D
                                                                  • Part of subcall function 00007FF7E5D7A954: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E5D7A933,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7A982
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D85FC4
                                                                  • Part of subcall function 00007FF7E5D85988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8599C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8623A
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8624B
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8625C
                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E5D8649C), ref: 00007FF7E5D86283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureInformationLanguagesLastPreferredPresentProcessProcessorRestoreThreadTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 1458651798-239921721
                                                                • Opcode ID: 5d8ca302bc24518753303e1de9637dda799bc5a6da56782543b675025544b69d
                                                                • Instruction ID: 1d8aa4930c3a64a11fdde48458f28e214c433d3ba20f0995045280f60047b630
                                                                • Opcode Fuzzy Hash: 5d8ca302bc24518753303e1de9637dda799bc5a6da56782543b675025544b69d
                                                                • Instruction Fuzzy Hash: 37D1A326E0821A85EB10FF25D4E03B9A661EB54FA4FC44137EA4DCB686DE3CE441C762
                                                                Function 00007FF7E5D86CF4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 579 7ff7e5d86cf4-7ff7e5d86d67 call 7ff7e5d86a28 582 7ff7e5d86d69-7ff7e5d86d72 call 7ff7e5d7b578 579->582 583 7ff7e5d86d81-7ff7e5d86d8b call 7ff7e5d7856c 579->583 590 7ff7e5d86d75-7ff7e5d86d7c call 7ff7e5d7b598 582->590 588 7ff7e5d86d8d-7ff7e5d86da4 call 7ff7e5d7b578 call 7ff7e5d7b598 583->588 589 7ff7e5d86da6-7ff7e5d86e0f CreateFileW 583->589 588->590 592 7ff7e5d86e8c-7ff7e5d86e97 GetFileType 589->592 593 7ff7e5d86e11-7ff7e5d86e17 589->593 601 7ff7e5d870c2-7ff7e5d870e2 590->601 596 7ff7e5d86eea-7ff7e5d86ef1 592->596 597 7ff7e5d86e99-7ff7e5d86ed4 GetLastError call 7ff7e5d7b50c CloseHandle 592->597 599 7ff7e5d86e59-7ff7e5d86e87 GetLastError call 7ff7e5d7b50c 593->599 600 7ff7e5d86e19-7ff7e5d86e1d 593->600 604 7ff7e5d86ef9-7ff7e5d86efc 596->604 605 7ff7e5d86ef3-7ff7e5d86ef7 596->605 597->590 613 7ff7e5d86eda-7ff7e5d86ee5 call 7ff7e5d7b598 597->613 599->590 600->599 606 7ff7e5d86e1f-7ff7e5d86e57 CreateFileW 600->606 610 7ff7e5d86f02-7ff7e5d86f57 call 7ff7e5d78484 604->610 611 7ff7e5d86efe 604->611 605->610 606->592 606->599 618 7ff7e5d86f59-7ff7e5d86f65 call 7ff7e5d86c30 610->618 619 7ff7e5d86f76-7ff7e5d86fa7 call 7ff7e5d867a8 610->619 611->610 613->590 618->619 624 7ff7e5d86f67 618->624 625 7ff7e5d86fad-7ff7e5d86fef 619->625 626 7ff7e5d86fa9-7ff7e5d86fab 619->626 627 7ff7e5d86f69-7ff7e5d86f71 call 7ff7e5d7aad8 624->627 628 7ff7e5d87011-7ff7e5d8701c 625->628 629 7ff7e5d86ff1-7ff7e5d86ff5 625->629 626->627 627->601 632 7ff7e5d87022-7ff7e5d87026 628->632 633 7ff7e5d870c0 628->633 629->628 631 7ff7e5d86ff7-7ff7e5d8700c 629->631 631->628 632->633 635 7ff7e5d8702c-7ff7e5d87071 CloseHandle CreateFileW 632->635 633->601 636 7ff7e5d870a6-7ff7e5d870bb 635->636 637 7ff7e5d87073-7ff7e5d870a1 GetLastError call 7ff7e5d7b50c call 7ff7e5d786ac 635->637 636->633 637->636
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction ID: 84bb2e2ef4f60f4c9833d1c1e054364cd258cc40cbf93a89c79e1bf8e0c05d80
                                                                • Opcode Fuzzy Hash: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction Fuzzy Hash: E4C1C132B28A4985EB10EF64D4E16AC7771E749FA8B814236DB1EDB794DF38E051C311
                                                                Function 00007FF7E5D66C30 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                • String ID: %s\*
                                                                • API String ID: 1057558799-766152087
                                                                • Opcode ID: 06e408feea88f4fa5bbf8880914eb6697307b1059d5c84f9f3493ba60dd80eca
                                                                • Instruction ID: 5d9ab014bf62b70268c30551e4e33366abaa8272ccfa74eed2716b7c4c4fa249
                                                                • Opcode Fuzzy Hash: 06e408feea88f4fa5bbf8880914eb6697307b1059d5c84f9f3493ba60dd80eca
                                                                • Instruction Fuzzy Hash: E741A161A0CD5A81EA20EB25E4E43B9A360FB94F94FC10333D65DC6694DF7CD94ACB12
                                                                Function 00007FF7E5D8620C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 7ff7e5d8620c-7ff7e5d86241 call 7ff7e5d85918 call 7ff7e5d85920 call 7ff7e5d85988 875 7ff7e5d86247-7ff7e5d86252 call 7ff7e5d85928 868->875 876 7ff7e5d8637f-7ff7e5d863ed call 7ff7e5d7a954 call 7ff7e5d81908 868->876 875->876 881 7ff7e5d86258-7ff7e5d86263 call 7ff7e5d85958 875->881 888 7ff7e5d863fb-7ff7e5d863fe 876->888 889 7ff7e5d863ef-7ff7e5d863f6 876->889 881->876 887 7ff7e5d86269-7ff7e5d8628c call 7ff7e5d7a574 GetTimeZoneInformation 881->887 900 7ff7e5d86354-7ff7e5d8637e call 7ff7e5d85910 call 7ff7e5d85900 call 7ff7e5d85908 887->900 901 7ff7e5d86292-7ff7e5d862b3 887->901 890 7ff7e5d86435-7ff7e5d86448 call 7ff7e5d7d8d4 888->890 891 7ff7e5d86400 888->891 893 7ff7e5d8648b-7ff7e5d8648e 889->893 908 7ff7e5d8644a 890->908 909 7ff7e5d86453-7ff7e5d8646e call 7ff7e5d81908 890->909 894 7ff7e5d86403 891->894 893->894 897 7ff7e5d86494-7ff7e5d8649c call 7ff7e5d85f90 893->897 898 7ff7e5d86408-7ff7e5d86434 call 7ff7e5d7a574 call 7ff7e5d6ac60 894->898 899 7ff7e5d86403 call 7ff7e5d8620c 894->899 897->898 899->898 905 7ff7e5d862be-7ff7e5d862c5 901->905 906 7ff7e5d862b5-7ff7e5d862bb 901->906 911 7ff7e5d862d9 905->911 912 7ff7e5d862c7-7ff7e5d862cf 905->912 906->905 914 7ff7e5d8644c-7ff7e5d86451 call 7ff7e5d7a574 908->914 923 7ff7e5d86475-7ff7e5d86487 call 7ff7e5d7a574 909->923 924 7ff7e5d86470-7ff7e5d86473 909->924 920 7ff7e5d862db-7ff7e5d8634f call 7ff7e5d8a860 * 4 call 7ff7e5d82eec call 7ff7e5d864a4 * 2 911->920 912->911 918 7ff7e5d862d1-7ff7e5d862d7 912->918 914->891 918->920 920->900 923->893 924->914
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8623A
                                                                  • Part of subcall function 00007FF7E5D85988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8599C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8624B
                                                                  • Part of subcall function 00007FF7E5D85928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8593C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8625C
                                                                  • Part of subcall function 00007FF7E5D85958: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8596C
                                                                  • Part of subcall function 00007FF7E5D7A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                  • Part of subcall function 00007FF7E5D7A574: GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E5D8649C), ref: 00007FF7E5D86283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 2248164782-239921721
                                                                • Opcode ID: d2e7218d2b32ac445d8d3c687af5ad0aa8287f8229169f051b9e9ef0101c51cb
                                                                • Instruction ID: 8ee27bd43ee17b89b6dceec69bd9670fda615cb6b330dfc06c800c7eeef1add9
                                                                • Opcode Fuzzy Hash: d2e7218d2b32ac445d8d3c687af5ad0aa8287f8229169f051b9e9ef0101c51cb
                                                                • Instruction Fuzzy Hash: CF516F22E1864A86E710FF25E4E02A9A760FB58B94FC44137EA5DCB796DF3CE401C761
                                                                Function 00007FF7E5D67990 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction ID: bd70c973abb893a7a30716a83dd9b85d020a6e973b80047431b01720e5325092
                                                                • Opcode Fuzzy Hash: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction Fuzzy Hash: 08F0C872A1C64AC6F760DB64B4E8366B390BB44B74F800337EAAE466D4DF7CD0498B01
                                                                Function 00007FF7E5D61000 Relevance: 40.6, APIs: 1, Strings: 22, Instructions: 364COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 0 7ff7e5d61000-7ff7e5d626f6 call 7ff7e5d6af60 call 7ff7e5d751b0 call 7ff7e5d754d0 call 7ff7e5d625a0 10 7ff7e5d626f8-7ff7e5d626ff 0->10 11 7ff7e5d62704-7ff7e5d62726 call 7ff7e5d618d0 0->11 12 7ff7e5d62a5e-7ff7e5d62a79 call 7ff7e5d6ac60 10->12 16 7ff7e5d6272c-7ff7e5d62743 call 7ff7e5d61bd0 11->16 17 7ff7e5d62836-7ff7e5d6284c call 7ff7e5d631c0 11->17 21 7ff7e5d62748-7ff7e5d6278c 16->21 25 7ff7e5d6284e-7ff7e5d6287b call 7ff7e5d66920 17->25 26 7ff7e5d62885-7ff7e5d6289a call 7ff7e5d61df0 17->26 23 7ff7e5d62792-7ff7e5d6279a 21->23 24 7ff7e5d62981-7ff7e5d62992 21->24 28 7ff7e5d627a0-7ff7e5d627a4 23->28 30 7ff7e5d6299b-7ff7e5d6299d 24->30 31 7ff7e5d62994-7ff7e5d62999 call 7ff7e5d676e0 24->31 45 7ff7e5d6287d-7ff7e5d62880 call 7ff7e5d6e6f4 25->45 46 7ff7e5d6289f-7ff7e5d628be call 7ff7e5d61bd0 25->46 41 7ff7e5d62a56 26->41 35 7ff7e5d6295e-7ff7e5d62973 call 7ff7e5d618c0 28->35 36 7ff7e5d627aa-7ff7e5d627c2 call 7ff7e5d75450 28->36 32 7ff7e5d629a4-7ff7e5d629b6 call 7ff7e5d670f0 30->32 33 7ff7e5d6299f call 7ff7e5d67850 30->33 31->32 53 7ff7e5d629dd-7ff7e5d629ec 32->53 54 7ff7e5d629b8-7ff7e5d629be 32->54 33->32 35->28 55 7ff7e5d62979 35->55 56 7ff7e5d627c4-7ff7e5d627c8 36->56 57 7ff7e5d627cf-7ff7e5d627e7 call 7ff7e5d75450 36->57 41->12 45->26 58 7ff7e5d628c1-7ff7e5d628ca 46->58 61 7ff7e5d62ab3-7ff7e5d62ad2 call 7ff7e5d630e0 53->61 62 7ff7e5d629f2-7ff7e5d62a10 call 7ff7e5d670f0 call 7ff7e5d67260 53->62 59 7ff7e5d629ca-7ff7e5d629d8 call 7ff7e5d74ecc 54->59 60 7ff7e5d629c0-7ff7e5d629c8 54->60 55->24 56->57 69 7ff7e5d627e9-7ff7e5d627ed 57->69 70 7ff7e5d627f4-7ff7e5d6280c call 7ff7e5d75450 57->70 58->58 65 7ff7e5d628cc-7ff7e5d628e9 call 7ff7e5d618d0 58->65 59->53 60->59 76 7ff7e5d62ad4-7ff7e5d62ade call 7ff7e5d63230 61->76 77 7ff7e5d62ae0-7ff7e5d62af1 call 7ff7e5d61bd0 61->77 85 7ff7e5d62a84-7ff7e5d62a93 call 7ff7e5d67730 62->85 86 7ff7e5d62a12-7ff7e5d62a15 62->86 65->21 81 7ff7e5d628ef-7ff7e5d62900 call 7ff7e5d61df0 65->81 69->70 70->35 87 7ff7e5d62812-7ff7e5d62824 call 7ff7e5d75510 70->87 84 7ff7e5d62af6-7ff7e5d62b10 call 7ff7e5d67aa0 76->84 77->84 81->41 99 7ff7e5d62b1e-7ff7e5d62b30 SetDllDirectoryW 84->99 100 7ff7e5d62b12-7ff7e5d62b19 84->100 101 7ff7e5d62a9e-7ff7e5d62aa1 call 7ff7e5d66f20 85->101 102 7ff7e5d62a95-7ff7e5d62a9c 85->102 86->85 92 7ff7e5d62a17-7ff7e5d62a3e call 7ff7e5d61bd0 86->92 104 7ff7e5d6282a-7ff7e5d62831 87->104 105 7ff7e5d62905-7ff7e5d62917 call 7ff7e5d75510 87->105 110 7ff7e5d62a7a-7ff7e5d62a82 call 7ff7e5d74ecc 92->110 111 7ff7e5d62a40 92->111 107 7ff7e5d62b3f-7ff7e5d62b5b call 7ff7e5d657e0 call 7ff7e5d65d80 99->107 108 7ff7e5d62b32-7ff7e5d62b39 99->108 106 7ff7e5d62a47 call 7ff7e5d61df0 100->106 115 7ff7e5d62aa6-7ff7e5d62aa8 101->115 102->106 104->35 119 7ff7e5d62919-7ff7e5d62920 105->119 120 7ff7e5d62922-7ff7e5d62934 call 7ff7e5d75510 105->120 124 7ff7e5d62a4c-7ff7e5d62a4e 106->124 139 7ff7e5d62b5d-7ff7e5d62b63 107->139 140 7ff7e5d62bb6-7ff7e5d62bb9 call 7ff7e5d65790 107->140 108->107 114 7ff7e5d62cad-7ff7e5d62cb6 108->114 110->84 111->106 121 7ff7e5d62cb8-7ff7e5d62cbd call 7ff7e5d676e0 114->121 122 7ff7e5d62cbf-7ff7e5d62cc1 114->122 115->84 123 7ff7e5d62aaa-7ff7e5d62ab1 115->123 119->35 137 7ff7e5d62936-7ff7e5d6293d 120->137 138 7ff7e5d6293f-7ff7e5d62958 call 7ff7e5d75510 120->138 130 7ff7e5d62cc8-7ff7e5d62cfa call 7ff7e5d62590 call 7ff7e5d62240 call 7ff7e5d62560 call 7ff7e5d65a00 call 7ff7e5d65790 121->130 122->130 131 7ff7e5d62cc3 call 7ff7e5d67850 122->131 123->106 124->41 131->130 137->35 138->35 144 7ff7e5d62b7d-7ff7e5d62b87 call 7ff7e5d65bf0 139->144 145 7ff7e5d62b65-7ff7e5d62b72 call 7ff7e5d65820 139->145 151 7ff7e5d62bbe-7ff7e5d62bc5 140->151 158 7ff7e5d62b89-7ff7e5d62b90 144->158 159 7ff7e5d62b92-7ff7e5d62ba0 call 7ff7e5d65f50 144->159 145->144 160 7ff7e5d62b74-7ff7e5d62b7b 145->160 151->114 155 7ff7e5d62bcb-7ff7e5d62bd5 call 7ff7e5d622a0 151->155 155->124 165 7ff7e5d62bdb-7ff7e5d62bf0 call 7ff7e5d676c0 155->165 161 7ff7e5d62ba9-7ff7e5d62bb1 call 7ff7e5d61df0 call 7ff7e5d65a00 158->161 159->151 171 7ff7e5d62ba2 159->171 160->161 161->140 176 7ff7e5d62bf9-7ff7e5d62bfb 165->176 177 7ff7e5d62bf2-7ff7e5d62bf7 call 7ff7e5d676e0 165->177 171->161 179 7ff7e5d62bfd call 7ff7e5d67850 176->179 180 7ff7e5d62c02-7ff7e5d62c3e call 7ff7e5d67200 call 7ff7e5d672a0 call 7ff7e5d65a00 call 7ff7e5d65790 call 7ff7e5d671a0 176->180 177->180 179->180 192 7ff7e5d62c43-7ff7e5d62c45 180->192 193 7ff7e5d62c47-7ff7e5d62c5d call 7ff7e5d674d0 call 7ff7e5d671a0 192->193 194 7ff7e5d62c9a-7ff7e5d62ca8 call 7ff7e5d61880 192->194 193->194 201 7ff7e5d62c5f-7ff7e5d62c6d 193->201 194->124 202 7ff7e5d62c8e-7ff7e5d62c95 call 7ff7e5d61df0 201->202 203 7ff7e5d62c6f-7ff7e5d62c89 call 7ff7e5d61df0 call 7ff7e5d61880 201->203 202->194 203->124
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-560148345
                                                                • Opcode ID: 89f297846431eaa45ed7b160866f470024b357e96d8d12602c9828768cf20f43
                                                                • Instruction ID: 80bb78816ac5842a7accb053fd8f9cb1ccb3faa5b08846ffe1cbba63402f27d8
                                                                • Opcode Fuzzy Hash: 89f297846431eaa45ed7b160866f470024b357e96d8d12602c9828768cf20f43
                                                                • Instruction Fuzzy Hash: D5024321A08A8B90EB11FB2594B43B99351AF54F84FC44273DA4DC66D6EFBCE546C332
                                                                Function 00007FF7E5D618D0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 209 7ff7e5d618d0-7ff7e5d6190b call 7ff7e5d631c0 212 7ff7e5d61ba1-7ff7e5d61bc5 call 7ff7e5d6ac60 209->212 213 7ff7e5d61911-7ff7e5d61951 call 7ff7e5d66920 209->213 218 7ff7e5d61b8e-7ff7e5d61b91 call 7ff7e5d6e6f4 213->218 219 7ff7e5d61957-7ff7e5d61967 call 7ff7e5d6ed7c 213->219 223 7ff7e5d61b96-7ff7e5d61b9e 218->223 224 7ff7e5d61969-7ff7e5d6197c call 7ff7e5d61db0 219->224 225 7ff7e5d61981-7ff7e5d6199d call 7ff7e5d6ea44 219->225 223->212 224->218 230 7ff7e5d619b7-7ff7e5d619cc call 7ff7e5d74ec4 225->230 231 7ff7e5d6199f-7ff7e5d619b2 call 7ff7e5d61db0 225->231 236 7ff7e5d619ce-7ff7e5d619e1 call 7ff7e5d61db0 230->236 237 7ff7e5d619e6-7ff7e5d61a67 call 7ff7e5d61bd0 * 2 call 7ff7e5d6ed7c 230->237 231->218 236->218 245 7ff7e5d61a6c-7ff7e5d61a7f call 7ff7e5d74ee0 237->245 248 7ff7e5d61a99-7ff7e5d61ab2 call 7ff7e5d6ea44 245->248 249 7ff7e5d61a81-7ff7e5d61a94 call 7ff7e5d61db0 245->249 254 7ff7e5d61acc-7ff7e5d61ae8 call 7ff7e5d6e7b8 248->254 255 7ff7e5d61ab4-7ff7e5d61ac7 call 7ff7e5d61db0 248->255 249->218 260 7ff7e5d61afb-7ff7e5d61b09 254->260 261 7ff7e5d61aea-7ff7e5d61af6 call 7ff7e5d61df0 254->261 255->218 260->218 263 7ff7e5d61b0f-7ff7e5d61b1e 260->263 261->218 265 7ff7e5d61b20-7ff7e5d61b26 263->265 266 7ff7e5d61b28-7ff7e5d61b35 265->266 267 7ff7e5d61b40-7ff7e5d61b4f 265->267 268 7ff7e5d61b51-7ff7e5d61b5a 266->268 267->267 267->268 269 7ff7e5d61b5c-7ff7e5d61b5f 268->269 270 7ff7e5d61b6f 268->270 269->270 271 7ff7e5d61b61-7ff7e5d61b64 269->271 272 7ff7e5d61b71-7ff7e5d61b8c 270->272 271->270 273 7ff7e5d61b66-7ff7e5d61b69 271->273 272->218 272->265 273->270 274 7ff7e5d61b6b-7ff7e5d61b6d 273->274 274->272
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 840049012-3497178890
                                                                • Opcode ID: 35b129b812a0a2966b30bf5c49142a2709d60bba369b49f2dcb000f42a06eae3
                                                                • Instruction ID: 07fa5c2ae3ade51ee55d144f5f55c2b0031b820dca9ee26c0f16a8f322b93139
                                                                • Opcode Fuzzy Hash: 35b129b812a0a2966b30bf5c49142a2709d60bba369b49f2dcb000f42a06eae3
                                                                • Instruction Fuzzy Hash: 7371D931A08A4AC9EB50FB54D4B03B9A360EB45F80F804233D54DCB755DEBCE1468762
                                                                Function 00007FF7E5D615A0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 275 7ff7e5d615a0-7ff7e5d615b1 276 7ff7e5d615d7-7ff7e5d615f1 call 7ff7e5d631c0 275->276 277 7ff7e5d615b3-7ff7e5d615bc call 7ff7e5d61030 275->277 284 7ff7e5d6161b-7ff7e5d61635 call 7ff7e5d631c0 276->284 285 7ff7e5d615f3-7ff7e5d6161a call 7ff7e5d61db0 276->285 282 7ff7e5d615ce-7ff7e5d615d6 277->282 283 7ff7e5d615be-7ff7e5d615c9 call 7ff7e5d61df0 277->283 283->282 291 7ff7e5d61637-7ff7e5d6164c call 7ff7e5d61df0 284->291 292 7ff7e5d61651-7ff7e5d61668 call 7ff7e5d6ed7c 284->292 299 7ff7e5d617a5-7ff7e5d617a8 call 7ff7e5d6e6f4 291->299 297 7ff7e5d6168b-7ff7e5d6168f 292->297 298 7ff7e5d6166a-7ff7e5d61686 call 7ff7e5d61db0 292->298 301 7ff7e5d616a9-7ff7e5d616c9 call 7ff7e5d74ee0 297->301 302 7ff7e5d61691-7ff7e5d6169d call 7ff7e5d611d0 297->302 308 7ff7e5d6179d-7ff7e5d617a0 call 7ff7e5d6e6f4 298->308 306 7ff7e5d617ad-7ff7e5d617bf 299->306 312 7ff7e5d616ec-7ff7e5d616f7 301->312 313 7ff7e5d616cb-7ff7e5d616e7 call 7ff7e5d61db0 301->313 309 7ff7e5d616a2-7ff7e5d616a4 302->309 308->299 309->308 314 7ff7e5d616fd-7ff7e5d61706 312->314 315 7ff7e5d61786-7ff7e5d6178e call 7ff7e5d74ecc 312->315 322 7ff7e5d61793-7ff7e5d61798 313->322 318 7ff7e5d61710-7ff7e5d61732 call 7ff7e5d6ea44 314->318 315->322 324 7ff7e5d61734-7ff7e5d6174c call 7ff7e5d6f184 318->324 325 7ff7e5d61765-7ff7e5d6176c 318->325 322->308 330 7ff7e5d6174e-7ff7e5d61751 324->330 331 7ff7e5d61755-7ff7e5d61763 324->331 327 7ff7e5d61773-7ff7e5d6177c call 7ff7e5d61db0 325->327 334 7ff7e5d61781 327->334 330->318 333 7ff7e5d61753 330->333 331->327 333->334 334->315
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                • API String ID: 2050909247-1550345328
                                                                • Opcode ID: 115fde3aed781621350e5dce5a054658506e0732fc83d747eb2cfbdbf4a04440
                                                                • Instruction ID: 795f0a6463f604fa0c7dfb82880dacfd38cc38344daec2bc1daf192905835ce7
                                                                • Opcode Fuzzy Hash: 115fde3aed781621350e5dce5a054658506e0732fc83d747eb2cfbdbf4a04440
                                                                • Instruction Fuzzy Hash: 08519161B08E4B91EA10FB5598A03B5A360FF44F94FC44233DA0D8B795DFBCE5568362
                                                                Function 00007FF7E5D66F20 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetTempPathW.KERNEL32(?,00000000,FFFFFFFF,00007FF7E5D62AA6), ref: 00007FF7E5D66FC4
                                                                • GetCurrentProcessId.KERNEL32(?,00000000,FFFFFFFF,00007FF7E5D62AA6), ref: 00007FF7E5D66FCA
                                                                • CreateDirectoryW.KERNELBASE(?,00000000,FFFFFFFF,00007FF7E5D62AA6), ref: 00007FF7E5D6700C
                                                                  • Part of subcall function 00007FF7E5D670F0: GetEnvironmentVariableW.KERNEL32(00007FF7E5D629B0), ref: 00007FF7E5D67127
                                                                  • Part of subcall function 00007FF7E5D670F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7E5D67149
                                                                  • Part of subcall function 00007FF7E5D78284: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D7829D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                • API String ID: 365913792-1339014028
                                                                • Opcode ID: 1449b93aaa976a4ce71a53240a133fe27ef9bf9782ccbfe34c5de52202063f60
                                                                • Instruction ID: 674f375f4228f0b33538d9e0610d1a0e4d06f864330ffeb9b4c43b43aef62a97
                                                                • Opcode Fuzzy Hash: 1449b93aaa976a4ce71a53240a133fe27ef9bf9782ccbfe34c5de52202063f60
                                                                • Instruction Fuzzy Hash: B6418D11A08A4B81EA51F76599F03B9D351AF44F90FC01233EE0EC7696EE7CE5468762
                                                                Function 00007FF7E5D672A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                • String ID: CreateProcessW$Failed to create child process!
                                                                • API String ID: 2895956056-699529898
                                                                • Opcode ID: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction ID: 16a7d280481c8bef8cc812e5f39aa63b6f62124d67e72a9c80903c0bf66edffc
                                                                • Opcode Fuzzy Hash: ca2372baf2d8f4dd250c5c8e9e09b2c8f3e265623af2668934e9e1f2c31000e5
                                                                • Instruction Fuzzy Hash: 6A414731A08B8682DA20EB24F4A53AAF360FB84764FD00736E6AD877D5DF7CD0558B51
                                                                Function 00007FF7E5D611D0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 642 7ff7e5d611d0-7ff7e5d6122d call 7ff7e5d6a490 645 7ff7e5d61257-7ff7e5d6126f call 7ff7e5d74ee0 642->645 646 7ff7e5d6122f-7ff7e5d61256 call 7ff7e5d61df0 642->646 651 7ff7e5d6128d-7ff7e5d6129d call 7ff7e5d74ee0 645->651 652 7ff7e5d61271-7ff7e5d61288 call 7ff7e5d61db0 645->652 658 7ff7e5d612bb-7ff7e5d612cd 651->658 659 7ff7e5d6129f-7ff7e5d612b6 call 7ff7e5d61db0 651->659 657 7ff7e5d613e9-7ff7e5d613fe call 7ff7e5d6a170 call 7ff7e5d74ecc * 2 652->657 674 7ff7e5d61403-7ff7e5d6141d 657->674 661 7ff7e5d612d0-7ff7e5d612f5 call 7ff7e5d6ea44 658->661 659->657 668 7ff7e5d612fb-7ff7e5d61305 call 7ff7e5d6e7b8 661->668 669 7ff7e5d613e1 661->669 668->669 675 7ff7e5d6130b-7ff7e5d61317 668->675 669->657 676 7ff7e5d61320-7ff7e5d61348 call 7ff7e5d688d0 675->676 679 7ff7e5d6134a-7ff7e5d6134d 676->679 680 7ff7e5d613c6-7ff7e5d613dc call 7ff7e5d61df0 676->680 681 7ff7e5d6134f-7ff7e5d61359 679->681 682 7ff7e5d613c1 679->682 680->669 684 7ff7e5d6135b-7ff7e5d61369 call 7ff7e5d6f184 681->684 685 7ff7e5d61384-7ff7e5d61387 681->685 682->680 690 7ff7e5d6136e-7ff7e5d61371 684->690 687 7ff7e5d6139a-7ff7e5d6139f 685->687 688 7ff7e5d61389-7ff7e5d61397 call 7ff7e5d8a1c0 685->688 687->676 689 7ff7e5d613a5-7ff7e5d613a8 687->689 688->687 692 7ff7e5d613bc-7ff7e5d613bf 689->692 693 7ff7e5d613aa-7ff7e5d613ad 689->693 694 7ff7e5d61373-7ff7e5d6137d call 7ff7e5d6e7b8 690->694 695 7ff7e5d6137f-7ff7e5d61382 690->695 692->669 693->680 697 7ff7e5d613af-7ff7e5d613b7 693->697 694->687 694->695 695->680 697->661
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2050909247-2813020118
                                                                • Opcode ID: 5f8f63999e10081a225424873084ffbe5f1b59f7a0f6780628ccd4fd4ef40fa2
                                                                • Instruction ID: 51a695f167d61901357dd67956f5360947df1af5b271fba7dcd51a59c37b4751
                                                                • Opcode Fuzzy Hash: 5f8f63999e10081a225424873084ffbe5f1b59f7a0f6780628ccd4fd4ef40fa2
                                                                • Instruction Fuzzy Hash: 8551F722A08A4A81E660FB51A4E03BAA291BB44F94FC44337DD4EC7BD5EF7CD406C711
                                                                Function 00007FF7E5D7F08C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF7E5D7F426,?,?,-00000018,00007FF7E5D7AD6B,?,?,?,00007FF7E5D7AC62,?,?,?,00007FF7E5D7600E), ref: 00007FF7E5D7F208
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7E5D7F426,?,?,-00000018,00007FF7E5D7AD6B,?,?,?,00007FF7E5D7AC62,?,?,?,00007FF7E5D7600E), ref: 00007FF7E5D7F214
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeLibraryProc
                                                                • String ID: api-ms-$ext-ms-
                                                                • API String ID: 3013587201-537541572
                                                                • Opcode ID: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction ID: 843b80cfe0b7aa34f6f4e513cc3c0990333bd605157fcefc6591afd957b2f6d1
                                                                • Opcode Fuzzy Hash: 4d69cc593bfb997158b6c0c0c10d0034b2900934994469889e9651ec028d1562
                                                                • Instruction Fuzzy Hash: EE41D421B19A0A81EA25EB16D8A0775A395BF44FE0FC98137DD0DCB785EE3CE4458722
                                                                Function 00007FF7E5D7BB60 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 755 7ff7e5d7bb60-7ff7e5d7bb86 756 7ff7e5d7bb88-7ff7e5d7bb9c call 7ff7e5d7b578 call 7ff7e5d7b598 755->756 757 7ff7e5d7bba1-7ff7e5d7bba5 755->757 773 7ff7e5d7bf92 756->773 759 7ff7e5d7bf7b-7ff7e5d7bf87 call 7ff7e5d7b578 call 7ff7e5d7b598 757->759 760 7ff7e5d7bbab-7ff7e5d7bbb2 757->760 776 7ff7e5d7bf8d call 7ff7e5d7a934 759->776 760->759 762 7ff7e5d7bbb8-7ff7e5d7bbe6 760->762 762->759 765 7ff7e5d7bbec-7ff7e5d7bbf3 762->765 768 7ff7e5d7bc0c-7ff7e5d7bc0f 765->768 769 7ff7e5d7bbf5-7ff7e5d7bc07 call 7ff7e5d7b578 call 7ff7e5d7b598 765->769 771 7ff7e5d7bf77-7ff7e5d7bf79 768->771 772 7ff7e5d7bc15-7ff7e5d7bc1b 768->772 769->776 777 7ff7e5d7bf95-7ff7e5d7bfac 771->777 772->771 778 7ff7e5d7bc21-7ff7e5d7bc24 772->778 773->777 776->773 778->769 782 7ff7e5d7bc26-7ff7e5d7bc4b 778->782 784 7ff7e5d7bc7e-7ff7e5d7bc85 782->784 785 7ff7e5d7bc4d-7ff7e5d7bc4f 782->785 786 7ff7e5d7bc5a-7ff7e5d7bc71 call 7ff7e5d7b578 call 7ff7e5d7b598 call 7ff7e5d7a934 784->786 787 7ff7e5d7bc87-7ff7e5d7bcaf call 7ff7e5d7d8d4 call 7ff7e5d7a574 * 2 784->787 788 7ff7e5d7bc76-7ff7e5d7bc7c 785->788 789 7ff7e5d7bc51-7ff7e5d7bc58 785->789 821 7ff7e5d7be04 786->821 816 7ff7e5d7bccc-7ff7e5d7bcf7 call 7ff7e5d7c388 787->816 817 7ff7e5d7bcb1-7ff7e5d7bcc7 call 7ff7e5d7b598 call 7ff7e5d7b578 787->817 790 7ff7e5d7bcfc-7ff7e5d7bd13 788->790 789->786 789->788 793 7ff7e5d7bd8e-7ff7e5d7bd98 call 7ff7e5d83cac 790->793 794 7ff7e5d7bd15-7ff7e5d7bd1d 790->794 807 7ff7e5d7bd9e-7ff7e5d7bdb3 793->807 808 7ff7e5d7be22 793->808 794->793 797 7ff7e5d7bd1f-7ff7e5d7bd21 794->797 797->793 801 7ff7e5d7bd23-7ff7e5d7bd39 797->801 801->793 805 7ff7e5d7bd3b-7ff7e5d7bd47 801->805 805->793 810 7ff7e5d7bd49-7ff7e5d7bd4b 805->810 807->808 813 7ff7e5d7bdb5-7ff7e5d7bdc7 GetConsoleMode 807->813 812 7ff7e5d7be27-7ff7e5d7be47 ReadFile 808->812 810->793 815 7ff7e5d7bd4d-7ff7e5d7bd65 810->815 818 7ff7e5d7be4d-7ff7e5d7be55 812->818 819 7ff7e5d7bf41-7ff7e5d7bf4a GetLastError 812->819 813->808 820 7ff7e5d7bdc9-7ff7e5d7bdd1 813->820 815->793 826 7ff7e5d7bd67-7ff7e5d7bd73 815->826 816->790 817->821 818->819 828 7ff7e5d7be5b 818->828 823 7ff7e5d7bf4c-7ff7e5d7bf62 call 7ff7e5d7b598 call 7ff7e5d7b578 819->823 824 7ff7e5d7bf67-7ff7e5d7bf6a 819->824 820->812 822 7ff7e5d7bdd3-7ff7e5d7bdf5 ReadConsoleW 820->822 825 7ff7e5d7be07-7ff7e5d7be11 call 7ff7e5d7a574 821->825 830 7ff7e5d7bdf7 GetLastError 822->830 831 7ff7e5d7be16-7ff7e5d7be20 822->831 823->821 835 7ff7e5d7bdfd-7ff7e5d7bdff call 7ff7e5d7b50c 824->835 836 7ff7e5d7bf70-7ff7e5d7bf72 824->836 825->777 826->793 834 7ff7e5d7bd75-7ff7e5d7bd77 826->834 838 7ff7e5d7be62-7ff7e5d7be77 828->838 830->835 831->838 834->793 843 7ff7e5d7bd79-7ff7e5d7bd89 834->843 835->821 836->825 838->825 845 7ff7e5d7be79-7ff7e5d7be84 838->845 843->793 848 7ff7e5d7beab-7ff7e5d7beb3 845->848 849 7ff7e5d7be86-7ff7e5d7be9f call 7ff7e5d7b778 845->849 851 7ff7e5d7beb5-7ff7e5d7bec7 848->851 852 7ff7e5d7bf2f-7ff7e5d7bf3c call 7ff7e5d7b5b8 848->852 855 7ff7e5d7bea4-7ff7e5d7bea6 849->855 856 7ff7e5d7bec9 851->856 857 7ff7e5d7bf22-7ff7e5d7bf2a 851->857 852->855 855->825 859 7ff7e5d7bece-7ff7e5d7bed5 856->859 857->825 860 7ff7e5d7bed7-7ff7e5d7bedb 859->860 861 7ff7e5d7bf11-7ff7e5d7bf1c 859->861 862 7ff7e5d7bedd-7ff7e5d7bee4 860->862 863 7ff7e5d7bef7 860->863 861->857 862->863 864 7ff7e5d7bee6-7ff7e5d7beea 862->864 865 7ff7e5d7befd-7ff7e5d7bf0d 863->865 864->863 866 7ff7e5d7beec-7ff7e5d7bef5 864->866 865->859 867 7ff7e5d7bf0f 865->867 866->865 867->857
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: a7237f40ba55fbfcfd7203fc6e89763ccd47b5f3d6f0ac254d51dd75cb3de353
                                                                • Instruction ID: 01258c459f189981fe8f91295d2fcfa7a7af43e00fbb02bff0f1fd171c994737
                                                                • Opcode Fuzzy Hash: a7237f40ba55fbfcfd7203fc6e89763ccd47b5f3d6f0ac254d51dd75cb3de353
                                                                • Instruction Fuzzy Hash: 2DC1D722A0C68A81F760EB15D4E43BDF760EB81F80FD54132DA4E87791EE7DE8458722
                                                                Function 00007FF7E5D66DD0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID:
                                                                • API String ID: 995526605-0
                                                                • Opcode ID: 8f9891b798483f92caab1560084f17c35a3d2f20a9512cd4f17cf036ff63b230
                                                                • Instruction ID: b5da16eb7ef3b17f9dcaf9105e49667af0e68695ae5c75c9281c7f4cd9319265
                                                                • Opcode Fuzzy Hash: 8f9891b798483f92caab1560084f17c35a3d2f20a9512cd4f17cf036ff63b230
                                                                • Instruction Fuzzy Hash: 8A217521A0CA4681EB10EB55E4D0729E3A1EF81BA0F904736D66DC7AE9DFBCD845C711
                                                                Function 00007FF7E5D625A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF7E5D626F4), ref: 00007FF7E5D625D1
                                                                  • Part of subcall function 00007FF7E5D61ED0: GetLastError.KERNEL32 ref: 00007FF7E5D61EEC
                                                                  • Part of subcall function 00007FF7E5D61ED0: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E5D625EE,?,00007FF7E5D626F4), ref: 00007FF7E5D61F56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFormatLastMessageModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 1234058594-2863816727
                                                                • Opcode ID: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction ID: 8ad491b3e1a303de3165155a8f6276a08e7878babfc67b5bc1ffdb7b3ceb333a
                                                                • Opcode Fuzzy Hash: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction Fuzzy Hash: E1219761B1894B81FA20F724E8F43B99251AF58B94FC00337E65DC65E6EEBCD5068722
                                                                Function 00007FF7E5D67730 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00007FF7E5D66DD0: GetCurrentProcess.KERNEL32 ref: 00007FF7E5D66DF0
                                                                  • Part of subcall function 00007FF7E5D66DD0: OpenProcessToken.ADVAPI32 ref: 00007FF7E5D66E03
                                                                  • Part of subcall function 00007FF7E5D66DD0: GetTokenInformation.KERNELBASE ref: 00007FF7E5D66E28
                                                                  • Part of subcall function 00007FF7E5D66DD0: GetLastError.KERNEL32 ref: 00007FF7E5D66E32
                                                                  • Part of subcall function 00007FF7E5D66DD0: GetTokenInformation.KERNELBASE ref: 00007FF7E5D66E72
                                                                  • Part of subcall function 00007FF7E5D66DD0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7E5D66E8E
                                                                  • Part of subcall function 00007FF7E5D66DD0: CloseHandle.KERNEL32 ref: 00007FF7E5D66EA6
                                                                • LocalFree.KERNEL32(00000000,00007FF7E5D62A89), ref: 00007FF7E5D677BC
                                                                • LocalFree.KERNEL32 ref: 00007FF7E5D677C5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                • API String ID: 6828938-1529539262
                                                                • Opcode ID: 556c69a12eea041b70645f2e07fe6d8c8337e702e53c411469b4cd7cd588f294
                                                                • Instruction ID: 93f3314cc534eb442ca093aa97d64c06b040b11971646d347083ee3ecb5d0898
                                                                • Opcode Fuzzy Hash: 556c69a12eea041b70645f2e07fe6d8c8337e702e53c411469b4cd7cd588f294
                                                                • Instruction Fuzzy Hash: 34217361A08A4A81F610FB10E8A03E9E355EF84B80FC44133EA4DC7796DF7CD845C7A2
                                                                Function 00007FF7E5D667B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7E5D6240C,?,?,00007FF7E5D62BD3), ref: 00007FF7E5D668C2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory
                                                                • String ID: %.*s$%s%c$\
                                                                • API String ID: 4241100979-1685191245
                                                                • Opcode ID: d2cc5cc4e3729b854815d16a88e1e58836d9ed8a05899cce8d8ad2b010cc0ecc
                                                                • Instruction ID: c244ed97746432f0837931b509743e31d5c1033817432ecaa27ff634e910d530
                                                                • Opcode Fuzzy Hash: d2cc5cc4e3729b854815d16a88e1e58836d9ed8a05899cce8d8ad2b010cc0ecc
                                                                • Instruction Fuzzy Hash: 5531C961A19EC945EA21EB25E4B03E6A354EB44FE0F800332EA5DC77C5DE7CD246C711
                                                                Function 00007FF7E5D7D070 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D7D05B), ref: 00007FF7E5D7D18C
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D7D05B), ref: 00007FF7E5D7D217
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ConsoleErrorLastMode
                                                                • String ID:
                                                                • API String ID: 953036326-0
                                                                • Opcode ID: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction ID: ca9cea58be3a92489ca4b6aab5eb19df1647c0788b4d4729c5aac56cd6f44cd5
                                                                • Opcode Fuzzy Hash: b8176ab0cd2342035d827acca107fdd4b2b6aaa1559c88639dfb2f89f9c6514b
                                                                • Instruction Fuzzy Hash: 0191B532B0865985F750FF6594E037DABA0FB44F88F94413ADE0E97695DE38E482C322
                                                                Function 00007FF7E5D7FD1C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_isindst
                                                                • String ID:
                                                                • API String ID: 4170891091-0
                                                                • Opcode ID: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction ID: 52e4d0fc4e3a1b484f7fb02ef641a2cab7aacc78db1fe57eb946b48cf26e75d3
                                                                • Opcode Fuzzy Hash: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction Fuzzy Hash: 01510572F0415A8AEB24EB2498E17BCE7A1AB01B58FD00137DD2ED2AD5DF38A406C711
                                                                Function 00007FF7E5D75848 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                • String ID:
                                                                • API String ID: 2780335769-0
                                                                • Opcode ID: c8443f222f7955abaccbd633dd6c0c22e009ea4c1ae81d7bc85d106a4d3da070
                                                                • Instruction ID: a59e641068627cf8044d5e84e4d0572f518067f47636c008b4aca1b618e6afa4
                                                                • Opcode Fuzzy Hash: c8443f222f7955abaccbd633dd6c0c22e009ea4c1ae81d7bc85d106a4d3da070
                                                                • Instruction Fuzzy Hash: AE518022E08645CAF710EF70D4A03BDA3A1EB48F58F948536DE4D9B689DF38D4818762
                                                                Function 00007FF7E5D756F4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction ID: b41b8078646817d050b7b0494476512e79bded1f2fdf5a9101a16107430dbffa
                                                                • Opcode Fuzzy Hash: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction Fuzzy Hash: 4541C932D1874683F750EB20D5A0379A360FB95B94F509336E65C47AD5EF7CA4E08712
                                                                Function 00007FF7E5D79A80 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction ID: 8738c7caec70a2ce43ecf0ac8f8c8e9f8d601cc13cc7dfb246650bfd4ff8fdb3
                                                                • Opcode Fuzzy Hash: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction Fuzzy Hash: 9DD06711B09A0A82EA54FB7158E527893519F48F41F90143AC90E9A7A3DD3DA44D4322
                                                                Function 00007FF7E5D6E7E4 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction ID: 36e9fc17dbc5c8a8a14236c195034bd1519fd7f3e2a804523b7263f780c0c2d8
                                                                • Opcode Fuzzy Hash: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction Fuzzy Hash: 4C511B61A09A4985FA64EA25D4A077BE395FF84FA4F844733DD6C873C5CE7CE4028623
                                                                Function 00007FF7E5D6B34C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 1236291503-0
                                                                • Opcode ID: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction ID: bb06c77d0b068aae47c222dec58b1ee92c332d2b7d1ebfd99fb31e2d717bf95d
                                                                • Opcode Fuzzy Hash: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction Fuzzy Hash: 84310C21A0890A41FA10FB6594F13B99391AF45F84FC40237EA0DCB697DEBDE4068733
                                                                Function 00007FF7E5D7C51C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction ID: 20d7e1fcdb42c568aebb9b76a4652e811f424277b428323c85735526b3a6bfc8
                                                                • Opcode Fuzzy Hash: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction Fuzzy Hash: B8318622A18B4A85DB64DB1495E4278A750FB45FB0BA4133ADB6F973F0CF39E461C312
                                                                Function 00007FF7E5D7AB70 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF7E5D7A9ED,?,?,00000000,00007FF7E5D7AAA2), ref: 00007FF7E5D7ABDE
                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E5D7A9ED,?,?,00000000,00007FF7E5D7AAA2), ref: 00007FF7E5D7ABE8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                • String ID:
                                                                • API String ID: 1687624791-0
                                                                • Opcode ID: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction ID: bb38d8d9627652b323903c953e6964eb6a845ee33388cb88f18b2e7f4fc491c5
                                                                • Opcode Fuzzy Hash: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction Fuzzy Hash: 75218021B1864A41EE50F71595E03BD93829F44FA0F884277EA1FC63D6DE7CA4408322
                                                                Function 00007FF7E5D7C238 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7E5D7C224,?,?,?,00000000,?,00007FF7E5D7C32D), ref: 00007FF7E5D7C284
                                                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF7E5D7C224,?,?,?,00000000,?,00007FF7E5D7C32D), ref: 00007FF7E5D7C28E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction ID: ab790ea5212036ddf3ff685b11882b1f518d11cc284b7d035df233ff9b72e31b
                                                                • Opcode Fuzzy Hash: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction Fuzzy Hash: 12110421708B4585DA10EB65A890269B361AB45FF0F944332EF7E8B7F9CE3CD0548301
                                                                Function 00007FF7E5D759F0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D75905), ref: 00007FF7E5D75A23
                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D75905), ref: 00007FF7E5D75A39
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Time$System$FileLocalSpecific
                                                                • String ID:
                                                                • API String ID: 1707611234-0
                                                                • Opcode ID: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction ID: 88a2b113beec132d9060e1ae12630e8ecbdceb0f929e1016bbaa4f34e4db20fb
                                                                • Opcode Fuzzy Hash: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction Fuzzy Hash: 0B11C43160CA47C2EA50EB50A4A123BF3A0FB80B64F900237E69DC59E4EF7CE014CB11
                                                                Function 00007FF7E5D7A574 Relevance: 3.0, APIs: 2, Instructions: 19threadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                • String ID:
                                                                • API String ID: 588628887-0
                                                                • Opcode ID: 092f6e47d3cc2889ea351a036a35bb30039a98c0d818eb03a693ca50e7a47cf5
                                                                • Instruction ID: 55c12baa7988cbe376c8cc0ed5b8ea5e8a084ecf60dc306298a29ecf506dc68f
                                                                • Opcode Fuzzy Hash: 092f6e47d3cc2889ea351a036a35bb30039a98c0d818eb03a693ca50e7a47cf5
                                                                • Instruction Fuzzy Hash: 22E0BF51F0950A86FA14FBB194E5275A7515F44F50FC44436DA0DCB2A6EE3C64458332
                                                                Function 00007FF7E5D7BFB0 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: c44693da0f6aa4155cda53195200957f732adcd81b2643866b30557884f1ba75
                                                                • Instruction ID: e649007bf089f39f780ecdc6575de7680b3a64027ecc315f4919987ca4c2fc40
                                                                • Opcode Fuzzy Hash: c44693da0f6aa4155cda53195200957f732adcd81b2643866b30557884f1ba75
                                                                • Instruction Fuzzy Hash: 7F41A23290820947EA34EB19E5A0379F7A0EB55F84F900132E79EC7691DF7DE4428B62
                                                                Function 00007FF7E5D66920 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: 3d293fc62481c92273e3278902cb633a71502ffff1dd2a0829246746ba51dedf
                                                                • Instruction ID: b44e74e4cdd5e6167fef009561d08621196f67ab34df33db47234438e10d1f6c
                                                                • Opcode Fuzzy Hash: 3d293fc62481c92273e3278902cb633a71502ffff1dd2a0829246746ba51dedf
                                                                • Instruction Fuzzy Hash: D321F515B08A9545FA10FB1264A03B6D655BF45FD4FCC5132DD0CCB786CEBCE002C211
                                                                Function 00007FF7E5D7BA40 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction ID: 060e359b53ea74a89029151b7caba7d62548b4faa1025cee738e813131d9a72e
                                                                • Opcode Fuzzy Hash: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction Fuzzy Hash: 4B314B31A18A1A85F651FB15C8E137DA7A0AB84F95FC10137E95D833D2EEBCE4418732
                                                                Function 00007FF7E5D799B1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                • String ID:
                                                                • API String ID: 3947729631-0
                                                                • Opcode ID: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction ID: 53dd3645560323c07f38c5bbd90eef94d996653e450535415b903c7754004667
                                                                • Opcode Fuzzy Hash: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction Fuzzy Hash: F521BC32E16A4A8AEB20EF64D0903FC33A0EB44B18F840636D71C86BC5DF38E544C761
                                                                Function 00007FF7E5D76064 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction ID: acab20d629447e40b6fc36418a9e07e146ab3954db447a62e2800b8356d25f80
                                                                • Opcode Fuzzy Hash: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction Fuzzy Hash: 26113B22A0864A82EA61FF51D4A037DE764AF85F84FD44436EB4CD7A96DF7CD4408723
                                                                Function 00007FF7E5D866E4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction ID: 5a16e5f50a988be2b83ceaa9f51f6c4cb6b1a99df5a56666b334ceedf7dc96f1
                                                                • Opcode Fuzzy Hash: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction Fuzzy Hash: 99219532618A8586EB61EF28E490379B7A0EB94F64F944236E65DCB6D9DF3CD400CB11
                                                                Function 00007FF7E5D6EA64 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction ID: c437a6fe87a684590ccf9062512332648797e325ce58314c12a44863ab715e2a
                                                                • Opcode Fuzzy Hash: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction Fuzzy Hash: 4001E525A08B4941E900EB52985026AE7A5FF85FE0F884332EE6C97BD6DE7CD0028712
                                                                Function 00007FF7E5D7F014 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7E5D7B33A,?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2), ref: 00007FF7E5D7F069
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction ID: 737d5c1b3346563be2c80bbc755e1083836b9c882698a49199e5b85e1f97f991
                                                                • Opcode Fuzzy Hash: 13c3c22db1661b05f673f30e797758779fd860c56a628e09e4eda6517155e894
                                                                • Instruction Fuzzy Hash: D3F0F954B0960F81FE64F7A199A13B597955F99F90F888436890ECA3D2EE3CE5C18232
                                                                Function 00007FF7E5D7D8D4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF7E5D7D83D,?,?,?,00007FF7E5D7130F), ref: 00007FF7E5D7D912
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction ID: f33393a323d1d32bed2dea43ef79e6a35a63c48db595b0586744881d5e4690c1
                                                                • Opcode Fuzzy Hash: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction Fuzzy Hash: 7DF0D411A0D20E81FE54BBA158A137593845F48FA0FC84632DA2FCA2D2EF3CA4808232
                                                                Function 00007FF7E5D6B52C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7E5D6B540
                                                                  • Part of subcall function 00007FF7E5D6BF68: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7E5D6BF70
                                                                  • Part of subcall function 00007FF7E5D6BF68: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7E5D6BF75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                • String ID:
                                                                • API String ID: 1208906642-0
                                                                • Opcode ID: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction ID: 4a1ba82924cbf903f4ed39b5ecf66fb5eb69ddb59fdb2b815cc36457744e5213
                                                                • Opcode Fuzzy Hash: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction Fuzzy Hash: E8E07E70D09A4B85FE64B66115F23F982401F21B04EC412BBE84DC61A3ADAEA4471633

                                                                Non-executed Functions

                                                                Function 00007FF7E5D64300 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D64310
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D64351
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D64376
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D6439B
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D643C3
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D643EB
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D64413
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D6443B
                                                                • GetProcAddress.KERNEL32(?,00007FF7E5D64ED7,?,00007FF7E5D6224E), ref: 00007FF7E5D64463
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                • API String ID: 190572456-2007157414
                                                                • Opcode ID: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction ID: cac3ca8c92ed0bdc7954ea6bc9d26d08836625cdb988641f1c4de4fed5f15098
                                                                • Opcode Fuzzy Hash: 6c7de37b86274fb3d1d716974229e230ccf8eb543657595b6ff3dc3a011d8de1
                                                                • Instruction Fuzzy Hash: AB129764A49F4BD0EA56FB04B8F07B5A3A0AF05F55BD41137C50DDA3A0EF7CB5498222
                                                                Function 00007FF7E5D8443C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 808467561-2761157908
                                                                • Opcode ID: 6a73d64f3957e79f4831cfdc60d77cefc3706dcd898f99a703ecbe0e680df747
                                                                • Instruction ID: ab5b5e0187de61741674d93dd6dd12fe52f0e7b628ddd48816e595b550406628
                                                                • Opcode Fuzzy Hash: 6a73d64f3957e79f4831cfdc60d77cefc3706dcd898f99a703ecbe0e680df747
                                                                • Instruction Fuzzy Hash: 9EB2E972E1828A8BE765DF64D4907FDB7A1FB44B48FC05136DA0D9BA84DB38A900CB51
                                                                Function 00007FF7E5D693BD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                • API String ID: 0-2665694366
                                                                • Opcode ID: 19919c9233c94dbecffabbbafd0da1bd8fe3cdfb3e337fb472f57dc76b8b5787
                                                                • Instruction ID: f70f20d7fdb2aad743a6fc800f85d54a9d461dd6f80d8aa93050794b5c7b08e2
                                                                • Opcode Fuzzy Hash: 19919c9233c94dbecffabbbafd0da1bd8fe3cdfb3e337fb472f57dc76b8b5787
                                                                • Instruction Fuzzy Hash: 6A523872A14AAA8BD754DF14C4A8B7D77E9FB44740F81423AE64AC3780DB7CD845CB12
                                                                Function 00007FF7E5D6B84C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 3140674995-0
                                                                • Opcode ID: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction ID: 81bfd3e2ecce6f4272321eebf4f08c47330cb9357aa57b033ee5bf6c0eaa973a
                                                                • Opcode Fuzzy Hash: 9b54a456cca8644e9267c01a8084384299a419a9074f18b847f9bd6aac1e9b99
                                                                • Instruction Fuzzy Hash: FB313D72609B8586EB60DF61E8903EDB364FB84B44F84403ADB4D8BB94DF78D549C721
                                                                Function 00007FF7E5D7A668 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 1239891234-0
                                                                • Opcode ID: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction ID: 28d5d4f5b4bfc5ab0a85906a26aa8915ddd949afccecdfe8ce823db7b39f9dc9
                                                                • Opcode Fuzzy Hash: 61c5fe9d8ddf1a91b68eaaf79b4512adc479ec4e583f3c08dd1815cc8eca3973
                                                                • Instruction Fuzzy Hash: 11315136608B8585EB60DF25E8903ADB3A4FB88B54F940136EA8D87B54DF3CD545CB11
                                                                Function 00007FF7E5D81C04 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 2227656907-0
                                                                • Opcode ID: 68d9696b78b2b04cbfbbadcaa10e7e272669cffb8f398423c6303c310c021837
                                                                • Instruction ID: 4a4edd60dd98b3a5424e670e07868fb30af66ce0f83bc3b3dcac8c222daf663b
                                                                • Opcode Fuzzy Hash: 68d9696b78b2b04cbfbbadcaa10e7e272669cffb8f398423c6303c310c021837
                                                                • Instruction Fuzzy Hash: 1AB1C422B186DA41EA61EB61D4A03B9E3A1EB44FD4F845233EA4D8BB85DF3CE445C711
                                                                Function 00007FF7E5D61ED0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID: %ls: %ls$<FormatMessageW failed.>
                                                                • API String ID: 3479602957-1483686772
                                                                • Opcode ID: dfb41b6bca575f417ea75a48261e7533a71cf37c967872dfe92092f08ec333e5
                                                                • Instruction ID: 93ae955de7e5d7456f6d38dac7ffa35f71c701bc495c319cf175241e540c20a9
                                                                • Opcode Fuzzy Hash: dfb41b6bca575f417ea75a48261e7533a71cf37c967872dfe92092f08ec333e5
                                                                • Instruction Fuzzy Hash: A711E372B08B8581F710EB11B890BA6A750BB88BC5F840136EF8D8BB69DF7CD5458752
                                                                Function 00007FF7E5D6B730 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction ID: 2571add4a5eaaf08e05ca1e137b0927d87ccf336eb2b72d3fc8fbb70bfb9cd16
                                                                • Opcode Fuzzy Hash: 8a4a7c5325b633a925f5c4d5ed43519da64e7124304d0c27a96c3dbccc833fe3
                                                                • Instruction Fuzzy Hash: 1D113322B15F0689FB00DF64E8943B873A4FB19B58F440E36DA5D867A4DF7CD1948351
                                                                Function 00007FF7E5D83FA0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: memcpy_s
                                                                • String ID:
                                                                • API String ID: 1502251526-0
                                                                • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                • Instruction ID: 422629a0a66608faecb1b8feaf85eafdccd09b53e0dff62441c058bb79f88bf9
                                                                • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                • Instruction Fuzzy Hash: 2EC12672B1928A87E725DF59A09476EF791F794B88F809136DB4A8B744DB3CF800CB00
                                                                Function 00007FF7E5D68B8B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                • API String ID: 0-1127688429
                                                                • Opcode ID: ec936d166140e8da51e643a4531226a3b40fe54f705dd7d388a52184c5939a5f
                                                                • Instruction ID: 82d6b06001c1e386de0602ccc92deb2ecbc8bc6f2957390db9bbb771342accda
                                                                • Opcode Fuzzy Hash: ec936d166140e8da51e643a4531226a3b40fe54f705dd7d388a52184c5939a5f
                                                                • Instruction Fuzzy Hash: C0F1E872A047C94BE791DB14C0E8B3EBAE9FF44B40F854636EA4987391CBB8D452C752
                                                                Function 00007FF7E5D89AB8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise_clrfp
                                                                • String ID:
                                                                • API String ID: 15204871-0
                                                                • Opcode ID: 592aaa1d1e24c0ca7062a383ac7c08c3456e3625a81473f514852d4ab39e7f2b
                                                                • Instruction ID: 6582253ef62a9bdda49db1e0966aee319ee67d23e53d500b656b766a47e659fd
                                                                • Opcode Fuzzy Hash: 592aaa1d1e24c0ca7062a383ac7c08c3456e3625a81473f514852d4ab39e7f2b
                                                                • Instruction Fuzzy Hash: E9B17D73600B888BEB15DF29C8963687BE0F744F88F588932DA9D8B7A4CB39D451C711
                                                                Function 00007FF7E5D735A0 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $
                                                                • API String ID: 0-227171996
                                                                • Opcode ID: 4206eb6757f2f30fe17398c19963b784f783257c512c01761c64f214e9c1497b
                                                                • Instruction ID: 390ac77330a2e9cd98f5bf79c1794a9bd95638ef8c56d651bfe9572a32cd0e71
                                                                • Opcode Fuzzy Hash: 4206eb6757f2f30fe17398c19963b784f783257c512c01761c64f214e9c1497b
                                                                • Instruction Fuzzy Hash: 03E1CB72A0864A82EB68EE2580E033DB360FF45F48F945237DA4E87794DF39D861C752
                                                                Function 00007FF7E5D689EB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: incorrect header check$invalid window size
                                                                • API String ID: 0-900081337
                                                                • Opcode ID: 2ace5609b525119006861535f088e36343376fe54f431f018f35809291a9f140
                                                                • Instruction ID: b968d87ae76f26de95529326de8a453ece7b766ad9aec8ccac924a7e6153822e
                                                                • Opcode Fuzzy Hash: 2ace5609b525119006861535f088e36343376fe54f431f018f35809291a9f140
                                                                • Instruction Fuzzy Hash: 8C91FC72A086CA87E7A4DF14C4E8B7E7BE9FB44750F41423ADA4A867C4CB78D541CB12
                                                                Function 00007FF7E5D7E1C8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: e+000$gfff
                                                                • API String ID: 0-3030954782
                                                                • Opcode ID: 1a606224f95ff019e49c69da0b246c648176fccdedc8a9ba9f88329446dd12d1
                                                                • Instruction ID: a14242114da64e8656a5832a3147df1f6542293693dcbde3644163e34145f792
                                                                • Opcode Fuzzy Hash: 1a606224f95ff019e49c69da0b246c648176fccdedc8a9ba9f88329446dd12d1
                                                                • Instruction Fuzzy Hash: 3C515B22B186D986E724DA3598A176DBB95E744F94F888233CB9C8BAC1CF3DD4448712
                                                                Function 00007FF7E5D80C58 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                • String ID:
                                                                • API String ID: 1010374628-0
                                                                • Opcode ID: d0fb9989b67aa541942f54bb816287c7d54de0d91e0301e43054967d9c7987fc
                                                                • Instruction ID: 4a1959cfb7f93158633cd4bfd7c237aea4ec3a3e8529eae157ee38cb12725326
                                                                • Opcode Fuzzy Hash: d0fb9989b67aa541942f54bb816287c7d54de0d91e0301e43054967d9c7987fc
                                                                • Instruction Fuzzy Hash: 6E028022A0D68E80FE51FB5198A1379A690AF41FA0FC44637ED5DCE7D2DE3CE4058322
                                                                Function 00007FF7E5D7DD34 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: gfffffff
                                                                • API String ID: 0-1523873471
                                                                • Opcode ID: 941045972006b9d0f1b3cc48f5e6a6d4cb79917f60820071d235da011363fb5d
                                                                • Instruction ID: 64bb32fca9525f18d48530bd172c1ee441b1e95b30f87337bda5133a2f141aa1
                                                                • Opcode Fuzzy Hash: 941045972006b9d0f1b3cc48f5e6a6d4cb79917f60820071d235da011363fb5d
                                                                • Instruction Fuzzy Hash: FBA15862B087CA87EB21EF25A0A07A9FB95EB50F84F448132DE9D87785DE3DD501C712
                                                                Function 00007FF7E5D787E8 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: TMP
                                                                • API String ID: 3215553584-3125297090
                                                                • Opcode ID: 63fbde5e6ac14910810537c58a37d506e670242249e961798800c3dd729a4cd2
                                                                • Instruction ID: 309f060513d8db8f09297e38777d580af0a3212026a41ca32ca53de29fdc7c1b
                                                                • Opcode Fuzzy Hash: 63fbde5e6ac14910810537c58a37d506e670242249e961798800c3dd729a4cd2
                                                                • Instruction Fuzzy Hash: C3518D01F0864A81FA68FA2659A137AD3906F84FC4FC84537DE1DC7796EE3CE4654223
                                                                Function 00007FF7E5D83810 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: HeapProcess
                                                                • String ID:
                                                                • API String ID: 54951025-0
                                                                • Opcode ID: 9789172150413948e0b28418eec1c8a8ccf4190bb03978cfddeadbc209c5a328
                                                                • Instruction ID: adfc361a46b2db96cd2e153fdbaaae564d1ed30c444f3d541388b37d1f9943ad
                                                                • Opcode Fuzzy Hash: 9789172150413948e0b28418eec1c8a8ccf4190bb03978cfddeadbc209c5a328
                                                                • Instruction Fuzzy Hash: 36B09224E0BA0AC2EA08BB116CD231462A4BF48F00FD4403AC20CC5330EE3C20A6D722
                                                                Function 00007FF7E5D730DC Relevance: .4, Instructions: 374COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2358e72589b6b3377ab2bad04af7216ee3f8f759d040d1f797c8fb69fb0f14ee
                                                                • Instruction ID: 471dc40af5cbde52356d51812bdd5eb0be42d53dd86fd97215f482ee77ce67e1
                                                                • Opcode Fuzzy Hash: 2358e72589b6b3377ab2bad04af7216ee3f8f759d040d1f797c8fb69fb0f14ee
                                                                • Instruction Fuzzy Hash: DAE1C526A0824A42EB69EA25C1E033DA7A1FF45F48F944137CE0D877D5CF39E865C362
                                                                Function 00007FF7E5D728A0 Relevance: .4, Instructions: 351COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7343539c04ac9af6cdeac4bc6219f2c589e776346b6eb75cb976f653d0c459b
                                                                • Instruction ID: 6658a4fdd3b534747b5e92fb4fd77e4a7abc36c373a0cf444b07052a3d0a02bf
                                                                • Opcode Fuzzy Hash: a7343539c04ac9af6cdeac4bc6219f2c589e776346b6eb75cb976f653d0c459b
                                                                • Instruction Fuzzy Hash: 99E1E832A0868A85E764EA28C1E537DA791EB45F44FD84237CE0DC76D9CFB8D841C322
                                                                Function 00007FF7E5D72CD8 Relevance: .3, Instructions: 327COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cca83ff74b263ce5c295529228f557388dca03720ded2e523bfa844f5f5f9ddc
                                                                • Instruction ID: 10d46692dd6aa590f8618c0839da39b25c8af905ec564bd73c93dbd65cf639cf
                                                                • Opcode Fuzzy Hash: cca83ff74b263ce5c295529228f557388dca03720ded2e523bfa844f5f5f9ddc
                                                                • Instruction Fuzzy Hash: 9BD1F722A0868A85EB69EE2584B037DA7A0EF05F48F941237CE0D877D5CF7DD951C362
                                                                Function 00007FF7E5D67F10 Relevance: .3, Instructions: 287COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 109faad2390431b91b5756b2411542da641bcf6ba28d728522257e2b87dbd1f6
                                                                • Instruction ID: 7ae8491fe824f177c1d717c2a0093a4c5938f3a3e94f2e7f7f8b021edaff6a6a
                                                                • Opcode Fuzzy Hash: 109faad2390431b91b5756b2411542da641bcf6ba28d728522257e2b87dbd1f6
                                                                • Instruction Fuzzy Hash: 55C1F7722181F24BD289EB29E46947A73E0F798349BC4413AEB8747FC5C63CE015D7A1
                                                                Function 00007FF7E5D71570 Relevance: .2, Instructions: 250COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ec59dfd8bcd7bcec265e8b5b2cbfbb381f6a605a6ab24caa1a9331ef77a952b4
                                                                • Instruction ID: e2ca72d09cbc4fd44e6ca89e60b41167dc7005219397b936a8b1d0c656cdcb68
                                                                • Opcode Fuzzy Hash: ec59dfd8bcd7bcec265e8b5b2cbfbb381f6a605a6ab24caa1a9331ef77a952b4
                                                                • Instruction Fuzzy Hash: CFB1AE72A0865985E764EFB9C0A033CBBA0EB45F48F984336CA4D87399CF39D440C766
                                                                Function 00007FF7E5D71908 Relevance: .2, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c6a950e7996a4960caf206d6760023a42f3c60125d50f0e74594167b1f1f849
                                                                • Instruction ID: f9258cbdd8379d91fa2caf95d84bae98bb25817ca0a3067581076997e76e93fb
                                                                • Opcode Fuzzy Hash: 5c6a950e7996a4960caf206d6760023a42f3c60125d50f0e74594167b1f1f849
                                                                • Instruction Fuzzy Hash: 6DB17F72A08B4985E765DF79C0A033DBBA0E746F48FA40236CA4E87395DF39D442C762
                                                                Function 00007FF7E5D7E848 Relevance: .2, Instructions: 198COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7110a39ce98c36f7cd450fec5ec8b7d5e4d2d3d1afbc802f151aa1d1f40819fd
                                                                • Instruction ID: f41502e8cdbc628729c6aea8e1dda74f63398c789ed8aa5f836ca91452bdf6bd
                                                                • Opcode Fuzzy Hash: 7110a39ce98c36f7cd450fec5ec8b7d5e4d2d3d1afbc802f151aa1d1f40819fd
                                                                • Instruction Fuzzy Hash: AA811C72A0878585EB74DB25D4D0379FB95FB85B94F944236DA8D83B95CF3CE4008B12
                                                                Function 00007FF7E5D867A8 Relevance: .2, Instructions: 183COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 76841ffac59fb1aa117661ef60ddab495c3918d3b22b784fc25b9aee43533823
                                                                • Instruction ID: 493db845784c5f8b95d86a44b17947dc61b299142d699b3f716873322f568c9d
                                                                • Opcode Fuzzy Hash: 76841ffac59fb1aa117661ef60ddab495c3918d3b22b784fc25b9aee43533823
                                                                • Instruction Fuzzy Hash: DF61EC22E0829686F764FA28A4A4739D690EF60B70F954237D66DCE6D0DE3DD840C723
                                                                Function 00007FF7E5D7088C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction ID: fee257968afaef22215046f75f6af1e8f67ce80df3444eb4ed623fb60378d6be
                                                                • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                • Instruction Fuzzy Hash: 40518876A14A5DC5E724DB29C0A0328B3A0EB54F58F688132CE4D977D5DB3AE843CB91
                                                                Function 00007FF7E5D7006C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction ID: cd388d7a1c04a2ea3fef57b290f8d9120f4fcaf5f4929e462a493d098fba5f68
                                                                • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                • Instruction Fuzzy Hash: 0951B532A1565D82E724DB29C0A032CB7A0EB45F68FA48136CE4C977D4DB3AE853CB51
                                                                Function 00007FF7E5D7047C Relevance: .1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction ID: e1aabebd8b9883a3ac181611335bd5643448a6228b5dabf9b8b2777493324996
                                                                • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                • Instruction Fuzzy Hash: 36517276A1865DC6E724DB29C0A0738B3A0EB48F6CF645132CA4D977D4CB3AE853CB51
                                                                Function 00007FF7E5D70688 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                • Instruction ID: cfce39edbb018aa2a23fe31046c01ad984895520d66ed02bedefed91f1f598f3
                                                                • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                • Instruction Fuzzy Hash: 8A518936A1865D86E724DB29C0A433DB7A0EB44F58FA44132CE4D977D4CB3AE842CF91
                                                                Function 00007FF7E5D6FE68 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                • Instruction ID: 003c1d2d805c86edcf61db0a84bd0b6318dc426ce282199c93145c742740e6d1
                                                                • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                • Instruction Fuzzy Hash: 1F51DB32A18E5B81E724DB28C0A0338B7A0EB45F58F645132DE4C87799DF7AE843C751
                                                                Function 00007FF7E5D70278 Relevance: .1, Instructions: 145COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                • Instruction ID: 12bf447254bdfe09f3cae5a22b842509974877c1622b21ed5894adaf0b46defd
                                                                • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                • Instruction Fuzzy Hash: 91519537A1865D86E764DB29C0A4339A7A0EB48F5CFA44132CE4C977D5CB3AF842CB51
                                                                Function 00007FF7E5D75E00 Relevance: .1, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction ID: 9e8348ac103e60c69d7d924644db7c93cfa1f1243a9061f5f0dad298b37441ee
                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                • Instruction Fuzzy Hash: 4B41EA62C09B8E4BE9A5D91805707B8D7809F23FA1DD852B3DDA9D73C7CE2C75468223
                                                                Function 00007FF7E5D79F30 Relevance: .1, Instructions: 126COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                • String ID:
                                                                • API String ID: 588628887-0
                                                                • Opcode ID: 0fd7490daaa7e0a19248f3b6b42aaed158052786efd0fd22baea32bbfaf7da08
                                                                • Instruction ID: 54e1601a033de0a32df9d6c4c1be6d9237fb5e0169f526a1e3491a26fbf01a76
                                                                • Opcode Fuzzy Hash: 0fd7490daaa7e0a19248f3b6b42aaed158052786efd0fd22baea32bbfaf7da08
                                                                • Instruction Fuzzy Hash: C041D662714A5981EF04DF2AD9A42A9B3A1F748FD0B899437EE0DD7B58EE3DD0918301
                                                                Function 00007FF7E5D78130 Relevance: .1, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e05cbd369bc82755c7688a524d40d61e2cf24c17920e9f0f0fb44d621de31d12
                                                                • Instruction ID: 472e6e1c007d46a1204859753b143d512f5fa679a9d8f99f54f645fe9bd0a6ff
                                                                • Opcode Fuzzy Hash: e05cbd369bc82755c7688a524d40d61e2cf24c17920e9f0f0fb44d621de31d12
                                                                • Instruction Fuzzy Hash: 7631B432B09B4642E764EF25A49032EB795AF85FA0F54423AEE4D93B95DF3CD0118315
                                                                Function 00007FF7E5D89900 Relevance: .0, Instructions: 32COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b912212f63dff320ae1362ab515060f6369f9d57119dd874f3da221ba5ce9b38
                                                                • Instruction ID: 6bb0b800a2471e968c16072b4757179c8df633c82ff0928520094e425af39f1c
                                                                • Opcode Fuzzy Hash: b912212f63dff320ae1362ab515060f6369f9d57119dd874f3da221ba5ce9b38
                                                                • Instruction Fuzzy Hash: 0FF06871B18295CADBA4DF69A45272AB7D0F708780F84803EE58DC3B04D63D9051CF15
                                                                Function 00007FF7E5D6B9F0 Relevance: .0, Instructions: 2COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5fbf2b8d2d826e568a869ab6bdb6ddabbcfa6ae68d1c00615c4c18dff71faf79
                                                                • Instruction ID: 78942b6e273efbb388764a915a63feece600a78f3b09fb541bed71d765519450
                                                                • Opcode Fuzzy Hash: 5fbf2b8d2d826e568a869ab6bdb6ddabbcfa6ae68d1c00615c4c18dff71faf79
                                                                • Instruction Fuzzy Hash: F0A00125909C4ED0E654EF00A8E0230A320BB54B04BC00132D24E894A09EBCB4458322
                                                                Function 00007FF7E5D66120 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AddressProc
                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                • API String ID: 190572456-3427451314
                                                                • Opcode ID: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction ID: 9928a16ac1358f40097a46c1b5594c8a5d32736230cfa8b5202f8cf756d44ebb
                                                                • Opcode Fuzzy Hash: da50994291d5d7417a1c3587fda7f6ee83bafe1361d694791fd4061e6410b693
                                                                • Instruction Fuzzy Hash: E1E1A3A090AF0B90FA15EB44B8A03B5E3A4AF05F49BD41537C80DDA365EFBCB545C762
                                                                Function 00007FF7E5D66A50 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF7E5D67AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E5D631F4,00000000,00007FF7E5D61905), ref: 00007FF7E5D67AD9
                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7E5D66F77,?,00000000,FFFFFFFF,00007FF7E5D62AA6), ref: 00007FF7E5D66AAC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                • API String ID: 2001182103-930877121
                                                                • Opcode ID: 575a631697603eb4a9eb36166bd6d4e279ab7f46c3e8e9ef1e3954877c5b476e
                                                                • Instruction ID: 77c25eb6eac61b09f308acf47053e8f2b538acab2a8ba798bd5bc6870e99bd00
                                                                • Opcode Fuzzy Hash: 575a631697603eb4a9eb36166bd6d4e279ab7f46c3e8e9ef1e3954877c5b476e
                                                                • Instruction Fuzzy Hash: 04418F60A18A4A81FA50F724D4F17BAE351EF84F80FC44533E60EC6696EE7CE545C762
                                                                Function 00007FF7E5D76360 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: -$:$f$p$p
                                                                • API String ID: 3215553584-2013873522
                                                                • Opcode ID: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction ID: dc2381043a5e10e529163f4d56e52645911275c6a3d3ad73ed436c89418cb6b2
                                                                • Opcode Fuzzy Hash: 56519bff4440c9db1085a76ccf4a032d998a7c787b27cd0bdd7cdefd46c8a644
                                                                • Instruction Fuzzy Hash: 7B127261E0815B86FB24FA15D1A47B9F791EB80F54FD84137D689C6AC4EB3CE580CB22
                                                                Function 00007FF7E5D6F6F0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: f$f$p$p$f
                                                                • API String ID: 3215553584-1325933183
                                                                • Opcode ID: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction ID: 1e27e41da10cc4d62b4f2a9c2620be358810190c10872c4905bc5464d5fb94ea
                                                                • Opcode Fuzzy Hash: 2761c62bb11862c53203c4a1c44b9eb9fed40e0afa0247b40f2c3f0b102f2d4b
                                                                • Instruction Fuzzy Hash: 6C126462A08D4B85FB20FA14D0F43B9F651EB50B54FD44237D699866CCDEBCE5828B22
                                                                Function 00007FF7E5D61030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: f39caea26cc73b71d0c15adbece88b9418682ee1559bcd835a771f2d1593829f
                                                                • Instruction ID: 7b3e96b712207cb3c3c053879a0f1712e6c48ea46b3a6c1722f80ed9282ecda9
                                                                • Opcode Fuzzy Hash: f39caea26cc73b71d0c15adbece88b9418682ee1559bcd835a771f2d1593829f
                                                                • Instruction Fuzzy Hash: A141A721B08A4A81EA14FB55A9A07B6E351FF04FD4FC44233DE0D8B791DE7CE4468752
                                                                Function 00007FF7E5D61420 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: c09fcfe999fef20416984afe8f6c252e160c56447ffe0a007e47058900a911af
                                                                • Instruction ID: 7f618cc36fcf15e4feaecf71b6cbd78a1b9a007a339bda92ffc41a6e37164398
                                                                • Opcode Fuzzy Hash: c09fcfe999fef20416984afe8f6c252e160c56447ffe0a007e47058900a911af
                                                                • Instruction Fuzzy Hash: F041A621B0895A81EE20FB55A8A07B6E360EF04FD0FC44133DE4D8BB55EEBCE4468712
                                                                Function 00007FF7E5D6D0E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                • String ID: csm$csm$csm
                                                                • API String ID: 849930591-393685449
                                                                • Opcode ID: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction ID: 3b5aab9bba14ed9ce6e872aca22b9f923be6359148463b346ba52f0a93074983
                                                                • Opcode Fuzzy Hash: 0bc14b43f82724757755035e8bb788fa738e65321b17f9437cbf630de17fc83d
                                                                • Instruction Fuzzy Hash: 51D19632908B4586E720FB65E4903ADB7A0FB45B88F900236DE4DD7B55DF78E542C712
                                                                Function 00007FF7E5D6C3A8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E5D6C65A,?,?,?,00007FF7E5D6C34C,?,?,?,00007FF7E5D6BF49), ref: 00007FF7E5D6C42D
                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E5D6C65A,?,?,?,00007FF7E5D6C34C,?,?,?,00007FF7E5D6BF49), ref: 00007FF7E5D6C43B
                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF7E5D6C65A,?,?,?,00007FF7E5D6C34C,?,?,?,00007FF7E5D6BF49), ref: 00007FF7E5D6C465
                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF7E5D6C65A,?,?,?,00007FF7E5D6C34C,?,?,?,00007FF7E5D6BF49), ref: 00007FF7E5D6C4D3
                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7E5D6C65A,?,?,?,00007FF7E5D6C34C,?,?,?,00007FF7E5D6BF49), ref: 00007FF7E5D6C4DF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                • String ID: api-ms-
                                                                • API String ID: 2559590344-2084034818
                                                                • Opcode ID: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction ID: d80721504a7c4b8f74b8db038ba7d19002f41c11576b2bae9d77836356fe1765
                                                                • Opcode Fuzzy Hash: 496a7ecf6f59d04b00b07dbc004f637d20d4b4784e39964ab918570cd1e35837
                                                                • Instruction Fuzzy Hash: 7C31A72170AE09C1EE11FB06A8A0775A394BF14FA4FD94636DE1D8B761EE7CF4458321
                                                                Function 00007FF7E5D7B160 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 917d90d80928c6fc8378362abee88ed752e53442152e884b24a4914503779b53
                                                                • Instruction ID: 2f8fd16bd93fff0decb9cbe525f563bd1985a683b1cd8779cddfd69cb5339d8d
                                                                • Opcode Fuzzy Hash: 917d90d80928c6fc8378362abee88ed752e53442152e884b24a4914503779b53
                                                                • Instruction Fuzzy Hash: A8213C20E0E24B41FA69F72596F1379D3529F44FA0F94463AE93EC66D6EE3CA4014722
                                                                Function 00007FF7E5D880FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                • String ID: CONOUT$
                                                                • API String ID: 3230265001-3130406586
                                                                • Opcode ID: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction ID: cc6a38648772b5b10d99bb417cd907816a698e480a3c2aaeda12672573a0972b
                                                                • Opcode Fuzzy Hash: 75dcc73177df9c890c20c0009d1351a96d786b6ac8a09940c58dca2f02eba5de
                                                                • Instruction Fuzzy Hash: 8B118421618A4686E750DB46E8E4329A3A0FB88FE4F804236DA1DCB7A4CF7CE4548751
                                                                Function 00007FF7E5D674D0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF7E5D62C4F), ref: 00007FF7E5D674FD
                                                                • K32EnumProcessModules.KERNEL32(?,00007FF7E5D62C4F), ref: 00007FF7E5D6755A
                                                                  • Part of subcall function 00007FF7E5D67AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E5D631F4,00000000,00007FF7E5D61905), ref: 00007FF7E5D67AD9
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF7E5D62C4F), ref: 00007FF7E5D675E5
                                                                • K32GetModuleFileNameExW.KERNEL32(?,00007FF7E5D62C4F), ref: 00007FF7E5D67644
                                                                • FreeLibrary.KERNEL32(?,00007FF7E5D62C4F), ref: 00007FF7E5D67655
                                                                • FreeLibrary.KERNEL32(?,00007FF7E5D62C4F), ref: 00007FF7E5D6766A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                • String ID:
                                                                • API String ID: 3462794448-0
                                                                • Opcode ID: 03b7074d898f978953d4d1084a470d0e05b12668f520811b20350f06d8902ea3
                                                                • Instruction ID: 9c631ef6ec399cc454d57ad1f4ed34365c818e0083dd5f6aa70fb399c2686eae
                                                                • Opcode Fuzzy Hash: 03b7074d898f978953d4d1084a470d0e05b12668f520811b20350f06d8902ea3
                                                                • Instruction Fuzzy Hash: 2C41EA71A19A8E81EA70EB55A5A03BAB390FB44FD0F844232DF4E97785DE7CD101C711
                                                                Function 00007FF7E5D7B2D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B2E7
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B31D
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B34A
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B35B
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B36C
                                                                • SetLastError.KERNEL32(?,?,?,00007FF7E5D7B5A1,?,?,?,?,00007FF7E5D7A4A2,?,?,?,?,00007FF7E5D771DB), ref: 00007FF7E5D7B387
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Value$ErrorLast
                                                                • String ID:
                                                                • API String ID: 2506987500-0
                                                                • Opcode ID: 8aacf979bcb0e66df657e62488df5adcc3b9183591c645a3a116bd618948e068
                                                                • Instruction ID: 15c996b8d20f85cae69c9cef6ad17cdafdf434e1f5c716df17844014914d2728
                                                                • Opcode Fuzzy Hash: 8aacf979bcb0e66df657e62488df5adcc3b9183591c645a3a116bd618948e068
                                                                • Instruction Fuzzy Hash: 88112920A0D64B42FA64F72596F137D93529F44FA0FD4073BE92EC66D6EE3CA4414722
                                                                Function 00007FF7E5D79AD8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction ID: 75dd2ff171dbbfadc439dd662783bf894b692d10c92126f7407e39a25d8616e1
                                                                • Opcode Fuzzy Hash: 74180e4fa832d38856561e4d839db25a4cf7d44bb16d70be9d308bd11a404090
                                                                • Instruction Fuzzy Hash: E8F04461A1860A81EA10EB24E4E5335A320EF48BA5F940236C66D891F4CF3CD4498721
                                                                Function 00007FF7E5D896F8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _set_statfp
                                                                • String ID:
                                                                • API String ID: 1156100317-0
                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction ID: 3a85bc7ca50dc343b0848c358f6251bc43df0cfdcc7452c4ce1eb19307b01e8d
                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                • Instruction Fuzzy Hash: A1119022E18E0F01F655BB65ECF537581406F95BA0E980636FAFE9E2D68E3C68414126
                                                                Function 00007FF7E5D7B3A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7E5D7A5F7,?,?,00000000,00007FF7E5D7A892,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7B3BF
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7A5F7,?,?,00000000,00007FF7E5D7A892,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7B3DE
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7A5F7,?,?,00000000,00007FF7E5D7A892,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7B406
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7A5F7,?,?,00000000,00007FF7E5D7A892,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7B417
                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7E5D7A5F7,?,?,00000000,00007FF7E5D7A892,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7B428
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: a56cb41f156c15a4d6e2276d4d9009eb056191f4cbd7c4a906779812fc23d362
                                                                • Instruction ID: 62769482df93bba1e14db35402f5046dffc394b9c55ae95c45aebe3d76b44909
                                                                • Opcode Fuzzy Hash: a56cb41f156c15a4d6e2276d4d9009eb056191f4cbd7c4a906779812fc23d362
                                                                • Instruction Fuzzy Hash: FE115C20E0D24B41FA68F72595F1379A3529F44BA4FD4433AE83D966D6EE3CE4428722
                                                                Function 00007FF7E5D7B234 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Value
                                                                • String ID:
                                                                • API String ID: 3702945584-0
                                                                • Opcode ID: c970022877af4cacafbb269055ba7698425e7e9d221925838a0931e6a0572288
                                                                • Instruction ID: 6f16e6cb790f791bd758c645656146f94054efa10031420b0d4c4403b2cc60c2
                                                                • Opcode Fuzzy Hash: c970022877af4cacafbb269055ba7698425e7e9d221925838a0931e6a0572288
                                                                • Instruction Fuzzy Hash: D911C510E0E24F41F969F26594F13BE93424F45B60FD4073BE93E9A2D2ED7DB4414662
                                                                Function 00007FF7E5D76070 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: verbose
                                                                • API String ID: 3215553584-579935070
                                                                • Opcode ID: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction ID: ce9ce192ebaf85732940deec49351e24258119aa709fbfaab64868db896e605d
                                                                • Opcode Fuzzy Hash: d610ef641c588f277c108bde4856d5b42c6a1526a9b3408ef7dc71a8c1851c95
                                                                • Instruction Fuzzy Hash: 3491B122A09A4A85FB61EE25D4A03BDB7A1AB44F94FC44137DA59C63C5EF3CE445C322
                                                                Function 00007FF7E5D7FF58 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                • API String ID: 3215553584-1196891531
                                                                • Opcode ID: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction ID: 727e26ff1a6651432cd99d06455e1319f79e7c1f92100c4d6037755feb5e7f13
                                                                • Opcode Fuzzy Hash: 2a6abe9d3ebc046f6c8623f50389ac56c58ca4fd7f9c577c93c606ec2c1639a6
                                                                • Instruction Fuzzy Hash: 7181A033E0924E85F775EE29C1A0378E6A0AB11F58FD59037DA09DB295DB3CB9419323
                                                                Function 00007FF7E5D6BD28 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 2395640692-1018135373
                                                                • Opcode ID: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction ID: 0d8e33d2579dcc4f851c1268d427bf28f2abdae4b41b7afda52366536d46a80d
                                                                • Opcode Fuzzy Hash: 627e2886ea4909029de1e6aee41716b715171f1193883d49ddb7c83e540dd8b9
                                                                • Instruction Fuzzy Hash: 8851D631B19A0A8AEB14EF15D4A4738B391EB44F88F844232DB4D87759DFBDE842C751
                                                                Function 00007FF7E5D6D5B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CallEncodePointerTranslator
                                                                • String ID: MOC$RCC
                                                                • API String ID: 3544855599-2084237596
                                                                • Opcode ID: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction ID: ad7be3ae7e8bad3bc951d134824b596a22c84e58afbca982dc4c9e1e4cf588d0
                                                                • Opcode Fuzzy Hash: cc3e5af3579310c0f15044b16b4c065b5d98d02129ef80afc6ac9937df3d6924
                                                                • Instruction Fuzzy Hash: 9F618172908BC985D720EF15E4903AAB7A0FB98B84F444236EB9D47B55CFBCD191CB12
                                                                Function 00007FF7E5D6D968 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                • String ID: csm$csm
                                                                • API String ID: 3896166516-3733052814
                                                                • Opcode ID: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction ID: f8e6a7f5096d9e6e0976d53cb25bfe537a806a8a92ba6692a41362701ed119de
                                                                • Opcode Fuzzy Hash: c0a76f74c02f5f9c08219b48ec89f4fd38640c03acd471a6f2cd3cbd44defde3
                                                                • Instruction Fuzzy Hash: DD51D532508B4A8ADB30FF15A4A0368B7A0EB54F85F984237DA4C87799CF7CE452C712
                                                                Function 00007FF7E5D7C6B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                • String ID:
                                                                • API String ID: 2718003287-0
                                                                • Opcode ID: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction ID: 4fbcb17f3b971647756d481c885d259806682d03f54548c886f28cdb680d5d17
                                                                • Opcode Fuzzy Hash: abc0b2a711b36b4ca2ebf077ba9d6b71990bb933ff0a79b92d2fce847f8ec71f
                                                                • Instruction Fuzzy Hash: 8FD1F472B18B898EE710DF69D4902AC77B1FB44B98B844236DF4D97BA9DE38D006C311
                                                                Function 00007FF7E5D676E0 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction ID: cba0dabaa032b104d3b81c30dc37d3e3e95c9411324b84794d0ec89d53077ebc
                                                                • Opcode Fuzzy Hash: 3208cc31caa42c1873c1a6d21fea691fbaaade434fa387f7c55649933cf3fd9f
                                                                • Instruction Fuzzy Hash: C0F03E21A19B4AC1EB54E76674D42359291FF44FD0B481031D55F8B754DE3CE4458722
                                                                Function 00007FF7E5D67850 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Window$Process$ConsoleCurrentShowThread
                                                                • String ID:
                                                                • API String ID: 242035731-0
                                                                • Opcode ID: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction ID: 17acbbe63c775f3a30336fb51f66c658a90053156a0adf77fcc01720489df39c
                                                                • Opcode Fuzzy Hash: 57d29c8d12d7fdef30ff7322895d09215f545c1cd19415f77748bb3fa77fc87e
                                                                • Instruction Fuzzy Hash: 5CF08221A18A4AC2EA50AB25A890238A750EF94F94F441031DA0B8F654DE3CF442C722
                                                                Function 00007FF7E5D85EAC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                • String ID: ?
                                                                • API String ID: 1286766494-1684325040
                                                                • Opcode ID: 251138c72b5965edf1fa1f81af5a04797616578f3cc633bdfd53ce657dc71f87
                                                                • Instruction ID: 4254c3ebeb6db0f40fa1f5389517b277350c12c89a3eb98a721856af8daf4465
                                                                • Opcode Fuzzy Hash: 251138c72b5965edf1fa1f81af5a04797616578f3cc633bdfd53ce657dc71f87
                                                                • Instruction Fuzzy Hash: D0412B12A0838A52FB21E725E4A177AD750EB90FA4F944236EE5C8BAD5DF3CD481C712
                                                                Function 00007FF7E5D79068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D7909A
                                                                  • Part of subcall function 00007FF7E5D7A574: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                  • Part of subcall function 00007FF7E5D7A574: GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E5D6B2B5), ref: 00007FF7E5D790B8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLanguagesLastModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                                                                • String ID: C:\Users\user\Desktop\LKEAHetlG6.exe
                                                                • API String ID: 2553983749-605488607
                                                                • Opcode ID: 3df4ae63d4fff12831f189b335aa218eb560bdcda4609670a69b9ecc1ff23c91
                                                                • Instruction ID: a361ce27f039bd10ec502171f0ff6e6aec4497ac87959e1d4a0b30e937b9ba34
                                                                • Opcode Fuzzy Hash: 3df4ae63d4fff12831f189b335aa218eb560bdcda4609670a69b9ecc1ff23c91
                                                                • Instruction Fuzzy Hash: 7C41A236A09B0A85EB14EF2194A02BDA7A4EB44FD4FC44037EE0E87B55DF3DE4518721
                                                                Function 00007FF7E5D80960 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                • String ID: .$:
                                                                • API String ID: 2020911589-4202072812
                                                                • Opcode ID: 9fdf0e15571f30b7c38997099fbb633568246911cf6993026fb6492d211a726f
                                                                • Instruction ID: 7969906736d56280ab3b37638cee893fed003c68d880a7897a24aa24f97b5ab0
                                                                • Opcode Fuzzy Hash: 9fdf0e15571f30b7c38997099fbb633568246911cf6993026fb6492d211a726f
                                                                • Instruction Fuzzy Hash: 9B415123F0571A88FB11FBB1D8A13BC67B46F14B58F950036DE4DABA45EF7894418322
                                                                Function 00007FF7E5D7CD48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastWrite
                                                                • String ID: U
                                                                • API String ID: 442123175-4171548499
                                                                • Opcode ID: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction ID: fd404a74e14bb13a48334e67cef8659b27ebec66ced51a68f3276b080840785c
                                                                • Opcode Fuzzy Hash: 6764b710f0a65045100584de59578b99259699ae606962c210fa940051883c42
                                                                • Instruction Fuzzy Hash: 4B41C522B18A4986DB20DF25E4943A9B7A0FB88B94F804032EF4DC7798EF7CD541C711
                                                                Function 00007FF7E5D7F948 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory
                                                                • String ID: :
                                                                • API String ID: 1611563598-336475711
                                                                • Opcode ID: 9dec074b9d91ec7ae96ccd96e392c63e7b8b71e9f9fc28a933b8ea542cd4a31c
                                                                • Instruction ID: 19b8fa0ecb52b00954fb2b78bcb06da1d65e82fe527de62ab86cb466a1e4bb1a
                                                                • Opcode Fuzzy Hash: 9dec074b9d91ec7ae96ccd96e392c63e7b8b71e9f9fc28a933b8ea542cd4a31c
                                                                • Instruction Fuzzy Hash: B421A522A0868A81EB30EB15D0A436DA3B1FB88F44FC54136D68D97685DF7CD945C762
                                                                Function 00007FF7E5D6E428 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFileHeaderRaise
                                                                • String ID: csm
                                                                • API String ID: 2573137834-1018135373
                                                                • Opcode ID: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction ID: cc0a5e59170ad077bd97ead29d00122aaeaf62156e6523c0775883bd3655e171
                                                                • Opcode Fuzzy Hash: 3f05b1905f12a1bed12f21e0207e664c2b0ec1695d98dcac3f1d84e26f90b74b
                                                                • Instruction Fuzzy Hash: FA114C32618B4482EB20DB25F45035AB7E4FB88F94F984231DB8D4BB65DF3CD5528B01
                                                                Function 00007FF7E5D80ACC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.2174982693.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000000.00000002.2174963713.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175012260.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175035046.00007FF7E5DA5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.2175070960.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                • String ID: :
                                                                • API String ID: 2595371189-336475711
                                                                • Opcode ID: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction ID: 624683cf922440fb7e73475d099a7d2d9946e735799e18bc7491d671db1546ab
                                                                • Opcode Fuzzy Hash: 174772ca82d4c258b4559b3c63bfe56a5dca8de60d86d28929754780ce6d6ae2
                                                                • Instruction Fuzzy Hash: 14017162A1820E86F720FF6094B637EA3A0EF44B49FC45537D54DCA691EE3CE544CA26

                                                                Execution Graph

                                                                Execution Coverage:1.8%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:11.2%
                                                                Total number of Nodes:1496
                                                                Total number of Limit Nodes:112
                                                                execution_graph 99830 7ff8b7ff1f46 99831 7ff8b8000510 99830->99831 99832 7ff8b8000570 99831->99832 99833 7ff8b800058a BIO_ctrl 99831->99833 99834 7ff8b80005a9 99833->99834 101089 7ff7e5d7fd1c 101090 7ff7e5d7ff0e 101089->101090 101094 7ff7e5d7fd5e _isindst 101089->101094 101135 7ff7e5d7b598 11 API calls _get_daylight 101090->101135 101092 7ff7e5d6ac60 _log10_special 8 API calls 101093 7ff7e5d7ff29 101092->101093 101094->101090 101095 7ff7e5d7fdde _isindst 101094->101095 101110 7ff7e5d86524 101095->101110 101100 7ff7e5d7ff3a 101102 7ff7e5d7a954 _isindst 17 API calls 101100->101102 101104 7ff7e5d7ff4e 101102->101104 101107 7ff7e5d7fe3b 101109 7ff7e5d7fefe 101107->101109 101134 7ff7e5d86568 37 API calls _isindst 101107->101134 101109->101092 101111 7ff7e5d86533 101110->101111 101112 7ff7e5d7fdfc 101110->101112 101136 7ff7e5d80668 EnterCriticalSection 101111->101136 101116 7ff7e5d85928 101112->101116 101114 7ff7e5d8653b 101114->101112 101115 7ff7e5d86394 55 API calls 101114->101115 101115->101112 101117 7ff7e5d7fe11 101116->101117 101118 7ff7e5d85931 101116->101118 101117->101100 101122 7ff7e5d85958 101117->101122 101137 7ff7e5d7b598 11 API calls _get_daylight 101118->101137 101120 7ff7e5d85936 101138 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 101120->101138 101123 7ff7e5d7fe22 101122->101123 101124 7ff7e5d85961 101122->101124 101123->101100 101128 7ff7e5d85988 101123->101128 101139 7ff7e5d7b598 11 API calls _get_daylight 101124->101139 101126 7ff7e5d85966 101140 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 101126->101140 101129 7ff7e5d7fe33 101128->101129 101130 7ff7e5d85991 101128->101130 101129->101100 101129->101107 101141 7ff7e5d7b598 11 API calls _get_daylight 101130->101141 101132 7ff7e5d85996 101142 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 101132->101142 101134->101109 101135->101109 101137->101120 101138->101117 101139->101126 101140->101123 101141->101132 101142->101129 99835 7ff8b8f78e7c 99836 7ff8b8f78e84 99835->99836 99837 7ff8b8f78ea8 PyWeakref_GetObject 99836->99837 99854 7ff8b8f78f5d 99836->99854 99838 7ff8b8f78ec0 99837->99838 99837->99854 99839 7ff8b8f78eef SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 99838->99839 99840 7ff8b8f78ec9 99838->99840 99845 7ff8b8f78f49 _PyDeadline_Init 99839->99845 99839->99854 99867 7ff8b8f766b0 31 API calls 99840->99867 99843 7ff8b8f78f68 PyEval_SaveThread SSL_do_handshake 99864 7ff8b8f74b9c 99843->99864 99844 7ff8b8f78eea 99845->99843 99848 7ff8b8f7908e 99850 7ff8b8f790a6 99848->99850 99852 7ff8b8f7909d _Py_Dealloc 99848->99852 99849 7ff8b8f78fe3 _PyDeadline_Get 99849->99854 99870 7ff8b8f73ea0 _PyErr_ChainExceptions1 99850->99870 99852->99850 99854->99843 99854->99849 99855 7ff8b8f79038 99854->99855 99857 7ff8b8f7906c PyErr_SetString 99854->99857 99868 7ff8b8f74434 12 API calls 99854->99868 99856 7ff8b8f79050 99855->99856 99861 7ff8b8f79047 _Py_Dealloc 99855->99861 99858 7ff8b8f7905f 99856->99858 99859 7ff8b8f790db 99856->99859 99857->99848 99869 7ff8b8f73fa4 37 API calls 99858->99869 99871 7ff8b8f73ea0 _PyErr_ChainExceptions1 99859->99871 99861->99856 99865 7ff8b8f74bc0 WSAGetLastError _errno SSL_get_error 99864->99865 99866 7ff8b8f74be1 PyEval_RestoreThread PyErr_CheckSignals 99864->99866 99865->99866 99866->99848 99866->99854 99867->99844 99868->99854 99869->99844 99870->99844 99871->99844 101143 7ff7e5d7c2e4 101144 7ff7e5d7c314 101143->101144 101147 7ff7e5d7c118 101144->101147 101146 7ff7e5d7c32d 101148 7ff7e5d7c16f 101147->101148 101157 7ff7e5d7c141 101147->101157 101149 7ff7e5d7c188 101148->101149 101150 7ff7e5d7c1df 101148->101150 101159 7ff7e5d7a868 37 API calls 2 library calls 101149->101159 101158 7ff7e5d7845c EnterCriticalSection 101150->101158 101153 7ff7e5d7c1e6 101154 7ff7e5d7c1fd 101153->101154 101155 7ff7e5d7c238 _fread_nolock 39 API calls 101153->101155 101156 7ff7e5d78544 _fread_nolock LeaveCriticalSection 101154->101156 101155->101154 101156->101157 101157->101146 101159->101157 99872 7ff8b8038810 99873 7ff8b8038834 99872->99873 99874 7ff8b8038897 CRYPTO_malloc 99873->99874 99878 7ff8b80388cc 99873->99878 99875 7ff8b80388bb ERR_new ERR_set_debug 99874->99875 99874->99878 99880 7ff8b80389a3 99875->99880 99877 7ff8b803894e CRYPTO_free 99879 7ff8b8038969 CRYPTO_malloc 99877->99879 99878->99877 99878->99879 99878->99880 99879->99875 99879->99878 101160 7ff8b8ce252e 101161 7ff8b8ce2534 101160->101161 101162 7ff8b8ce2543 101160->101162 101161->101162 101163 7ff8b8ce253a _Py_Dealloc 101161->101163 101168 7ff8b8cd4640 PyImport_ImportModuleLevelObject 101162->101168 101163->101162 101167 7ff8b8ce382e 101169 7ff8b8cd47fb 101168->101169 101178 7ff8b8cd4683 101168->101178 101185 7ff8b8cd3880 10 API calls 101169->101185 101170 7ff8b8cd46b0 PyObject_GetAttr 101171 7ff8b8cd46cb PyUnicode_FromFormat 101170->101171 101170->101178 101174 7ff8b8cd46ef PyObject_GetItem 101171->101174 101175 7ff8b8cd477b PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 101171->101175 101172 7ff8b8cd4735 PyObject_SetItem 101172->101178 101173 7ff8b8cd472d PyDict_SetItem 101173->101178 101174->101178 101176 7ff8b8cd47c4 101175->101176 101177 7ff8b8cd47d3 101175->101177 101176->101177 101179 7ff8b8cd47ca _Py_Dealloc 101176->101179 101181 7ff8b8cd47e7 101177->101181 101183 7ff8b8cd47de _Py_Dealloc 101177->101183 101178->101169 101178->101170 101178->101172 101178->101173 101178->101175 101180 7ff8b8cd4709 _Py_Dealloc 101178->101180 101178->101181 101182 7ff8b8cd4748 _Py_Dealloc 101178->101182 101179->101177 101180->101178 101181->101169 101184 7ff8b8cd47f2 _Py_Dealloc 101181->101184 101182->101178 101183->101181 101184->101169 101185->101167 101186 7ff7e5d61fa0 101187 7ff7e5d61fb0 101186->101187 101188 7ff7e5d61feb 101187->101188 101189 7ff7e5d62001 101187->101189 101207 7ff7e5d61df0 81 API calls 101188->101207 101191 7ff7e5d62021 101189->101191 101203 7ff7e5d62037 __std_exception_destroy 101189->101203 101208 7ff7e5d61df0 81 API calls 101191->101208 101193 7ff7e5d6ac60 _log10_special 8 API calls 101195 7ff7e5d621ba 101193->101195 101194 7ff7e5d61ff7 101194->101193 101196 7ff7e5d61420 113 API calls 101196->101203 101197 7ff7e5d62226 101212 7ff7e5d61df0 81 API calls 101197->101212 101198 7ff7e5d61bd0 49 API calls 101198->101203 101200 7ff7e5d62210 101211 7ff7e5d61df0 81 API calls 101200->101211 101202 7ff7e5d621ea 101210 7ff7e5d61df0 81 API calls 101202->101210 101203->101194 101203->101196 101203->101197 101203->101198 101203->101200 101203->101202 101205 7ff7e5d621c7 101203->101205 101209 7ff7e5d61df0 81 API calls 101205->101209 101207->101194 101208->101194 101209->101194 101210->101194 101211->101194 101212->101194 99881 7ff8b8060710 99882 7ff8b8060728 99881->99882 99883 7ff8b806086d 99882->99883 99885 7ff8b8060836 ERR_new ERR_set_debug 99882->99885 99886 7ff8b8060866 99882->99886 99888 7ff8b7ff1c1c 99882->99888 99884 7ff8b80608ce ERR_new ERR_set_debug 99883->99884 99883->99886 99884->99886 99885->99886 99888->99882 99889 7ff8b8036960 99888->99889 99890 7ff8b8036a29 ERR_new 99889->99890 99892 7ff8b8036a52 99889->99892 99900 7ff8b8036a38 99889->99900 99891 7ff8b80373d5 ERR_set_debug 99890->99891 99891->99892 99892->99882 99892->99892 99894 7ff8b80373cb ERR_new 99894->99891 99895 7ff8b803712e ERR_new ERR_set_debug 99895->99892 99896 7ff8b8037101 ERR_new ERR_set_debug 99896->99892 99897 7ff8b803735e ERR_new 99897->99891 99898 7ff8b8036c5d ERR_new ERR_set_debug 99898->99892 99899 7ff8b803722e ERR_new ERR_set_debug 99899->99892 99900->99892 99900->99894 99900->99895 99900->99896 99900->99897 99900->99898 99900->99899 99901 7ff8b8036fc5 ERR_new ERR_set_debug 99900->99901 99902 7ff8b803736a ERR_new 99900->99902 99903 7ff8b803728c ERR_new ERR_set_debug 99900->99903 99904 7ff8b8036e59 memcpy 99900->99904 99905 7ff8b8037030 memcpy 99900->99905 99906 7ff8b8037333 ERR_new 99900->99906 99908 7ff8b803725b 99900->99908 99909 7ff8b803707c OPENSSL_cleanse 99900->99909 99910 7ff8b803730c ERR_new ERR_set_debug 99900->99910 99912 7ff8b8037300 ERR_new 99900->99912 99914 7ff8b8037201 ERR_new ERR_set_debug 99900->99914 99915 7ff8b8037193 ERR_new ERR_set_debug 99900->99915 99917 7ff8b8037166 ERR_new ERR_set_debug 99900->99917 99918 7ff8b80372c4 ERR_new 99900->99918 99919 7ff8b8036dde ERR_new ERR_set_debug 99900->99919 99921 7ff8b7ff1a0f 99900->99921 99901->99892 99907 7ff8b803733d ERR_set_debug 99902->99907 99903->99892 99904->99900 99905->99900 99906->99907 99907->99892 99911 7ff8b803726a BIO_clear_flags BIO_set_flags 99908->99911 99909->99900 99910->99892 99911->99892 99913 7ff8b80372ce ERR_set_debug 99912->99913 99913->99892 99914->99892 99916 7ff8b80371dc 99915->99916 99996 7ff8b7ff1677 CRYPTO_THREAD_write_lock OPENSSL_LH_retrieve OPENSSL_LH_delete CRYPTO_THREAD_unlock 99916->99996 99917->99892 99918->99913 99919->99892 99921->99900 99923 7ff8b803a460 99921->99923 99922 7ff8b803b23f ERR_new 99926 7ff8b803b24e ERR_new 99922->99926 99923->99922 99924 7ff8b803b3cf ERR_new ERR_set_debug 99923->99924 99925 7ff8b7ff14f1 11 API calls 99923->99925 99923->99926 99927 7ff8b803b3c3 ERR_new 99923->99927 99928 7ff8b803aa83 99923->99928 99929 7ff8b803a790 ERR_new ERR_set_debug 99923->99929 99932 7ff8b803b25d 99923->99932 99934 7ff8b803b365 ERR_new 99923->99934 99938 7ff8b803a896 EVP_CIPHER_CTX_get0_cipher EVP_CIPHER_get_flags 99923->99938 99946 7ff8b803a9d6 99923->99946 99951 7ff8b803a8cf ERR_new ERR_set_debug 99923->99951 99955 7ff8b803a5e3 ERR_new ERR_set_debug 99923->99955 99971 7ff8b803a8fc 99923->99971 99976 7ff8b803a9a9 ERR_new ERR_set_debug 99923->99976 99979 7ff8b803a97c ERR_new ERR_set_debug 99923->99979 99924->99928 99925->99923 99926->99932 99930 7ff8b803b3a3 ERR_set_debug 99927->99930 99928->99900 99929->99928 99930->99928 99931 7ff8b803aacc 99933 7ff8b803aad8 EVP_MD_CTX_get0_md 99931->99933 99963 7ff8b803aaf3 99931->99963 99935 7ff8b803b26a strncmp 99932->99935 99936 7ff8b803b356 ERR_new 99932->99936 99937 7ff8b803aae2 EVP_MD_get_size 99933->99937 99933->99963 99934->99930 99943 7ff8b803b32b ERR_new ERR_set_debug 99935->99943 99944 7ff8b803b28b strncmp 99935->99944 99936->99934 99945 7ff8b803abf4 ERR_new ERR_set_debug 99937->99945 99937->99963 99938->99923 99938->99946 99939 7ff8b803ac58 99940 7ff8b803ab9b ERR_set_mark 99939->99940 99941 7ff8b803ac61 CRYPTO_zalloc 99939->99941 99953 7ff8b803abd0 99940->99953 99941->99940 99947 7ff8b803ac88 ERR_new ERR_set_debug 99941->99947 99943->99928 99944->99943 99949 7ff8b803b2ab strncmp 99944->99949 99945->99928 99946->99931 99950 7ff8b803aa2e 99946->99950 99947->99928 99948 7ff8b803ab93 99948->99940 99949->99943 99954 7ff8b803b2c2 strncmp 99949->99954 99952 7ff8b803aa9f ERR_new ERR_set_debug 99950->99952 99956 7ff8b803aa3e 99950->99956 99951->99928 99952->99928 99958 7ff8b803abda 99953->99958 99967 7ff8b803ad49 99953->99967 99954->99943 99959 7ff8b803b2da strncmp 99954->99959 99955->99928 99956->99928 99960 7ff8b803aa56 ERR_new ERR_set_debug 99956->99960 99957 7ff8b803ac49 ERR_new 99957->99939 99968 7ff8b803abea ERR_clear_last_mark 99958->99968 99969 7ff8b803acb0 99958->99969 99961 7ff8b803b31c ERR_new 99959->99961 99962 7ff8b803b2f1 ERR_new ERR_set_debug 99959->99962 99960->99928 99961->99943 99962->99928 99963->99939 99963->99948 99963->99957 99965 7ff8b803ab6f CRYPTO_memcmp 99963->99965 99966 7ff8b803ac1c ERR_new ERR_set_debug 99963->99966 99964 7ff8b803a94f ERR_new ERR_set_debug 99964->99928 99965->99963 99965->99966 99966->99928 99972 7ff8b803ad78 EVP_MD_CTX_get0_md 99967->99972 99993 7ff8b803ae59 99967->99993 99980 7ff8b803acde 99968->99980 99970 7ff8b803ad0d ERR_clear_last_mark ERR_new ERR_set_debug 99969->99970 99977 7ff8b803acc2 ERR_pop_to_mark 99969->99977 99970->99980 99971->99964 99973 7ff8b803a94a 99971->99973 99974 7ff8b803a91f ERR_new ERR_set_debug 99971->99974 99985 7ff8b803ad8d 99972->99985 99972->99993 99973->99964 99974->99928 99975 7ff8b803b0ac CRYPTO_free 99975->99928 99976->99928 99977->99980 99978 7ff8b803b0fb ERR_new ERR_set_debug 99978->99980 99979->99928 99980->99928 99980->99975 99982 7ff8b803b08d CRYPTO_free 99980->99982 99982->99980 99983 7ff8b803b20a ERR_new ERR_set_debug 99983->99980 99984 7ff8b803b0c6 ERR_new ERR_set_debug 99984->99980 99990 7ff8b803ae0a 99985->99990 99991 7ff8b803adde CRYPTO_memcmp 99985->99991 99985->99993 99986 7ff8b803b19e ERR_new ERR_set_debug 99986->99980 99987 7ff8b803b1d5 ERR_new ERR_set_debug 99987->99980 99988 7ff8b803aff0 ERR_new ERR_set_debug 99988->99980 99989 7ff8b803b167 ERR_new ERR_set_debug 99989->99980 99992 7ff8b803ae12 99990->99992 99990->99993 99991->99985 99992->99980 99995 7ff8b803ae22 ERR_new ERR_set_debug 99992->99995 99993->99978 99993->99980 99993->99983 99993->99984 99993->99986 99993->99987 99993->99988 99993->99989 99994 7ff8b803b130 ERR_new ERR_set_debug 99993->99994 99997 7ff8b7ff103c CRYPTO_malloc COMP_expand_block 99993->99997 99994->99980 99995->99980 99996->99892 99997->99993 99998 7ff8b8f77000 PyType_GetModuleByDef PyModule_GetState 99999 7ff8b8f7703d 99998->99999 100000 7ff8b8f77066 99999->100000 100001 7ff8b8f77052 _PyArg_NoKeywords 99999->100001 100003 7ff8b8f77089 _PyLong_AsInt 100000->100003 100004 7ff8b8f77075 _PyArg_CheckPositional 100000->100004 100001->100000 100002 7ff8b8f770af 100001->100002 100005 7ff8b8f7709a PyErr_Occurred 100003->100005 100006 7ff8b8f770a5 100003->100006 100004->100002 100004->100003 100005->100002 100005->100006 100008 7ff8b8f77ae4 PyType_GetModuleByDef 100006->100008 100009 7ff8b8f77b1b PyErr_SetString 100008->100009 100010 7ff8b8f77b53 100008->100010 100011 7ff8b8f77b32 100009->100011 100012 7ff8b8f77c1c PyErr_WarnEx 100010->100012 100013 7ff8b8f77b64 100010->100013 100011->100002 100012->100011 100014 7ff8b8f77c3f TLS_method 100012->100014 100015 7ff8b8f77b6d 100013->100015 100016 7ff8b8f77bf1 PyErr_WarnEx 100013->100016 100020 7ff8b8f77c45 100014->100020 100017 7ff8b8f77bc6 PyErr_WarnEx 100015->100017 100018 7ff8b8f77b72 100015->100018 100016->100011 100019 7ff8b8f77c14 TLSv1_method 100016->100019 100017->100011 100023 7ff8b8f77be9 TLSv1_1_method 100017->100023 100021 7ff8b8f77b9b PyErr_WarnEx 100018->100021 100022 7ff8b8f77b77 100018->100022 100019->100020 100024 7ff8b8f77c6c PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 100020->100024 100025 7ff8b8f77c4d PyErr_Format 100020->100025 100021->100011 100029 7ff8b8f77bbe TLSv1_2_method 100021->100029 100027 7ff8b8f77b7c 100022->100027 100028 7ff8b8f77b90 TLS_client_method 100022->100028 100023->100020 100026 7ff8b8f77c8f PyModule_GetState 100024->100026 100032 7ff8b8f77cb2 100024->100032 100025->100011 100051 7ff8b8f766b0 31 API calls 100026->100051 100027->100025 100031 7ff8b8f77b85 TLS_server_method 100027->100031 100028->100020 100029->100020 100031->100020 100033 7ff8b8f77cc6 SSL_CTX_free 100032->100033 100034 7ff8b8f77cd4 PyModule_GetState 100032->100034 100033->100011 100035 7ff8b8f77d10 100034->100035 100052 7ff8b8f76704 PyErr_SetString SSL_CTX_get_verify_callback SSL_CTX_set_verify 100035->100052 100037 7ff8b8f77d1f 100038 7ff8b8f77d4d SSL_CTX_set_options 100037->100038 100039 7ff8b8f77d24 100037->100039 100040 7ff8b8f77d7c SSL_CTX_set_cipher_list 100038->100040 100041 7ff8b8f77d75 100038->100041 100039->100011 100044 7ff8b8f77d37 _Py_Dealloc 100039->100044 100042 7ff8b8f77d86 ERR_clear_error PyErr_SetString 100040->100042 100043 7ff8b8f77da3 100040->100043 100041->100040 100045 7ff8b8f77de8 100042->100045 100046 7ff8b8f77db2 SSL_CTX_ctrl 100043->100046 100048 7ff8b8f77e07 6 API calls 100043->100048 100044->100011 100049 7ff8b8f77dfc ERR_clear_error 100045->100049 100050 7ff8b8f77df3 _Py_Dealloc 100045->100050 100047 7ff8b8f77dce PyErr_Format 100046->100047 100046->100048 100047->100045 100048->100011 100049->100011 100050->100049 100051->100011 100052->100037 100053 7ff7e5d6b34c 100074 7ff7e5d6b52c 100053->100074 100056 7ff7e5d6b36d __scrt_acquire_startup_lock 100059 7ff7e5d6b4ad 100056->100059 100064 7ff7e5d6b38b __scrt_release_startup_lock 100056->100064 100057 7ff7e5d6b4a3 100214 7ff7e5d6b84c 7 API calls 2 library calls 100057->100214 100215 7ff7e5d6b84c 7 API calls 2 library calls 100059->100215 100061 7ff7e5d6b3b0 100062 7ff7e5d6b4b8 __CxxCallCatchBlock 100063 7ff7e5d6b436 100082 7ff7e5d797d0 100063->100082 100064->100061 100064->100063 100211 7ff7e5d79b7c 45 API calls 100064->100211 100067 7ff7e5d6b43b 100088 7ff7e5d61000 100067->100088 100071 7ff7e5d6b45f 100071->100062 100213 7ff7e5d6b6b0 7 API calls 100071->100213 100073 7ff7e5d6b476 100073->100061 100075 7ff7e5d6b534 100074->100075 100076 7ff7e5d6b540 __scrt_dllmain_crt_thread_attach 100075->100076 100077 7ff7e5d6b54d 100076->100077 100078 7ff7e5d6b365 100076->100078 100216 7ff7e5d7a41c 100077->100216 100078->100056 100078->100057 100083 7ff7e5d797f5 100082->100083 100084 7ff7e5d797e0 100082->100084 100083->100067 100084->100083 100233 7ff7e5d79260 40 API calls __free_lconv_mon 100084->100233 100086 7ff7e5d797fe 100086->100083 100234 7ff7e5d79620 12 API calls 3 library calls 100086->100234 100089 7ff7e5d626b0 100088->100089 100235 7ff7e5d754d0 100089->100235 100091 7ff7e5d626eb 100242 7ff7e5d625a0 100091->100242 100098 7ff7e5d6272c 100335 7ff7e5d61bd0 100098->100335 100099 7ff7e5d62836 100339 7ff7e5d631c0 100099->100339 100103 7ff7e5d62885 100362 7ff7e5d61df0 81 API calls 100103->100362 100105 7ff7e5d6299b 100110 7ff7e5d629a4 100105->100110 100111 7ff7e5d6299f 100105->100111 100106 7ff7e5d62994 100364 7ff7e5d676e0 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow 100106->100364 100108 7ff7e5d62878 100113 7ff7e5d6287d 100108->100113 100114 7ff7e5d6289f 100108->100114 100304 7ff7e5d670f0 100110->100304 100365 7ff7e5d67850 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow 100111->100365 100112 7ff7e5d626f8 100368 7ff7e5d6ac60 100112->100368 100358 7ff7e5d6e6f4 100113->100358 100119 7ff7e5d61bd0 49 API calls 100114->100119 100115 7ff7e5d62999 100115->100110 100121 7ff7e5d628be 100119->100121 100120 7ff7e5d629b0 __std_exception_destroy 100122 7ff7e5d62ab3 100120->100122 100123 7ff7e5d629f2 100120->100123 100127 7ff7e5d618d0 114 API calls 100121->100127 100379 7ff7e5d630e0 49 API calls 100122->100379 100124 7ff7e5d670f0 14 API calls 100123->100124 100126 7ff7e5d629fe 100124->100126 100366 7ff7e5d67260 40 API calls __std_exception_destroy 100126->100366 100132 7ff7e5d628df 100127->100132 100128 7ff7e5d62ac1 100129 7ff7e5d62ad4 100128->100129 100130 7ff7e5d62ae0 100128->100130 100380 7ff7e5d63230 100129->100380 100135 7ff7e5d61bd0 49 API calls 100130->100135 100133 7ff7e5d628ef 100132->100133 100149 7ff7e5d62748 100132->100149 100363 7ff7e5d61df0 81 API calls 100133->100363 100138 7ff7e5d62a39 __std_exception_destroy 100135->100138 100136 7ff7e5d62a0d 100139 7ff7e5d62a84 100136->100139 100142 7ff7e5d62a17 100136->100142 100147 7ff7e5d62a40 100138->100147 100317 7ff7e5d67aa0 100138->100317 100377 7ff7e5d67730 87 API calls _log10_special 100139->100377 100145 7ff7e5d61bd0 49 API calls 100142->100145 100143 7ff7e5d62b0d 100146 7ff7e5d62b1e SetDllDirectoryW 100143->100146 100143->100147 100144 7ff7e5d62a89 100144->100147 100148 7ff7e5d62a9e 100144->100148 100145->100138 100150 7ff7e5d62b32 100146->100150 100367 7ff7e5d61df0 81 API calls 100147->100367 100378 7ff7e5d66f20 112 API calls 2 library calls 100148->100378 100149->100105 100149->100106 100152 7ff7e5d62cad 100150->100152 100383 7ff7e5d657e0 80 API calls 100150->100383 100156 7ff7e5d62cb8 100152->100156 100157 7ff7e5d62cbf 100152->100157 100153 7ff7e5d62aa6 100153->100138 100158 7ff7e5d62aaa 100153->100158 100392 7ff7e5d676e0 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow 100156->100392 100160 7ff7e5d62cc8 100157->100160 100161 7ff7e5d62cc3 100157->100161 100158->100147 100159 7ff7e5d62b44 100384 7ff7e5d65d80 113 API calls 2 library calls 100159->100384 100322 7ff7e5d62240 100160->100322 100393 7ff7e5d67850 GetConsoleWindow GetCurrentProcessId GetWindowThreadProcessId ShowWindow 100161->100393 100165 7ff7e5d62cbd 100165->100160 100166 7ff7e5d62b59 100167 7ff7e5d62bb6 100166->100167 100172 7ff7e5d62b70 100166->100172 100385 7ff7e5d65820 116 API calls _log10_special 100166->100385 100167->100152 100173 7ff7e5d62bcb 100167->100173 100183 7ff7e5d62b74 100172->100183 100386 7ff7e5d65bf0 117 API calls 100172->100386 100390 7ff7e5d622a0 117 API calls 2 library calls 100173->100390 100174 7ff7e5d62b85 100174->100183 100387 7ff7e5d65f50 82 API calls 100174->100387 100178 7ff7e5d62bd3 100178->100112 100181 7ff7e5d62bdb 100178->100181 100391 7ff7e5d676c0 LocalFree 100181->100391 100182 7ff7e5d62cee 100183->100167 100388 7ff7e5d61df0 81 API calls 100183->100388 100186 7ff7e5d62bae 100389 7ff7e5d65a00 FreeLibrary 100186->100389 100211->100063 100212 7ff7e5d6b99c GetModuleHandleW 100212->100071 100213->100073 100214->100059 100215->100062 100217 7ff7e5d8383c 100216->100217 100218 7ff7e5d6b552 100217->100218 100221 7ff7e5d7c630 100217->100221 100218->100078 100220 7ff7e5d6bf68 7 API calls 2 library calls 100218->100220 100220->100078 100232 7ff7e5d80668 EnterCriticalSection 100221->100232 100223 7ff7e5d7c640 100224 7ff7e5d783b4 43 API calls 100223->100224 100225 7ff7e5d7c649 100224->100225 100226 7ff7e5d7c657 100225->100226 100227 7ff7e5d7c42c 45 API calls 100225->100227 100228 7ff7e5d806c8 _isindst LeaveCriticalSection 100226->100228 100229 7ff7e5d7c652 100227->100229 100230 7ff7e5d7c663 100228->100230 100231 7ff7e5d7c51c GetStdHandle GetFileType 100229->100231 100230->100217 100231->100226 100233->100086 100234->100083 100236 7ff7e5d7f810 100235->100236 100238 7ff7e5d7f8b6 100236->100238 100240 7ff7e5d7f863 100236->100240 100396 7ff7e5d7f6e8 71 API calls _fread_nolock 100238->100396 100395 7ff7e5d7a868 37 API calls 2 library calls 100240->100395 100241 7ff7e5d7f88c 100241->100091 100397 7ff7e5d6af60 100242->100397 100245 7ff7e5d625db 100404 7ff7e5d61ed0 80 API calls 100245->100404 100246 7ff7e5d625f8 100399 7ff7e5d67990 FindFirstFileExW 100246->100399 100250 7ff7e5d6260b 100405 7ff7e5d67a10 CreateFileW GetFinalPathNameByHandleW CloseHandle 100250->100405 100251 7ff7e5d62665 100407 7ff7e5d67b50 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 100251->100407 100253 7ff7e5d6ac60 _log10_special 8 API calls 100255 7ff7e5d6269d 100253->100255 100255->100112 100264 7ff7e5d618d0 100255->100264 100256 7ff7e5d62618 100258 7ff7e5d6261c 100256->100258 100262 7ff7e5d62634 __vcrt_FlsAlloc 100256->100262 100257 7ff7e5d62673 100263 7ff7e5d625ee 100257->100263 100408 7ff7e5d61e50 78 API calls 100257->100408 100406 7ff7e5d61e50 78 API calls 100258->100406 100261 7ff7e5d6262d 100261->100263 100262->100251 100263->100253 100265 7ff7e5d631c0 108 API calls 100264->100265 100266 7ff7e5d61905 100265->100266 100267 7ff7e5d61b96 100266->100267 100268 7ff7e5d66920 83 API calls 100266->100268 100269 7ff7e5d6ac60 _log10_special 8 API calls 100267->100269 100270 7ff7e5d6194b 100268->100270 100271 7ff7e5d61bb1 100269->100271 100303 7ff7e5d6197c 100270->100303 100409 7ff7e5d6ed7c 100270->100409 100271->100098 100271->100099 100273 7ff7e5d6e6f4 74 API calls 100273->100267 100274 7ff7e5d61965 100275 7ff7e5d61969 100274->100275 100276 7ff7e5d61981 100274->100276 100416 7ff7e5d61db0 80 API calls 100275->100416 100413 7ff7e5d6ea44 100276->100413 100280 7ff7e5d619b7 100283 7ff7e5d619ce 100280->100283 100284 7ff7e5d619e6 100280->100284 100281 7ff7e5d6199f 100417 7ff7e5d61db0 80 API calls 100281->100417 100418 7ff7e5d61db0 80 API calls 100283->100418 100286 7ff7e5d61bd0 49 API calls 100284->100286 100287 7ff7e5d619fd 100286->100287 100288 7ff7e5d61bd0 49 API calls 100287->100288 100289 7ff7e5d61a48 100288->100289 100290 7ff7e5d6ed7c 73 API calls 100289->100290 100291 7ff7e5d61a6c 100290->100291 100292 7ff7e5d61a99 100291->100292 100293 7ff7e5d61a81 100291->100293 100294 7ff7e5d6ea44 _fread_nolock 53 API calls 100292->100294 100419 7ff7e5d61db0 80 API calls 100293->100419 100296 7ff7e5d61aae 100294->100296 100297 7ff7e5d61acc 100296->100297 100298 7ff7e5d61ab4 100296->100298 100421 7ff7e5d6e7b8 37 API calls 2 library calls 100297->100421 100420 7ff7e5d61db0 80 API calls 100298->100420 100301 7ff7e5d61ae6 100301->100303 100422 7ff7e5d61df0 81 API calls 100301->100422 100303->100273 100305 7ff7e5d670fa 100304->100305 100306 7ff7e5d67aa0 2 API calls 100305->100306 100307 7ff7e5d67119 GetEnvironmentVariableW 100306->100307 100308 7ff7e5d67136 ExpandEnvironmentStringsW 100307->100308 100309 7ff7e5d67182 100307->100309 100308->100309 100311 7ff7e5d67158 100308->100311 100310 7ff7e5d6ac60 _log10_special 8 API calls 100309->100310 100312 7ff7e5d67194 100310->100312 100452 7ff7e5d67b50 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 100311->100452 100312->100120 100314 7ff7e5d6716a 100315 7ff7e5d6ac60 _log10_special 8 API calls 100314->100315 100316 7ff7e5d6717a 100315->100316 100316->100120 100318 7ff7e5d67ac2 MultiByteToWideChar 100317->100318 100320 7ff7e5d67ae6 100317->100320 100318->100320 100321 7ff7e5d67afc __std_exception_destroy 100318->100321 100319 7ff7e5d67b03 MultiByteToWideChar 100319->100321 100320->100319 100320->100321 100321->100143 100453 7ff7e5d64d70 100322->100453 100324 7ff7e5d62279 100331 7ff7e5d62560 100324->100331 100327 7ff7e5d62261 100327->100324 100523 7ff7e5d64a80 100327->100523 100329 7ff7e5d6226d 100329->100324 100532 7ff7e5d64c10 81 API calls 100329->100532 100332 7ff7e5d6256e 100331->100332 100333 7ff7e5d6257f 100332->100333 100646 7ff7e5d67460 FreeLibrary 100332->100646 100394 7ff7e5d65a00 FreeLibrary 100333->100394 100336 7ff7e5d61bf5 100335->100336 100647 7ff7e5d74a14 100336->100647 100340 7ff7e5d631cc 100339->100340 100341 7ff7e5d67aa0 2 API calls 100340->100341 100342 7ff7e5d631f4 100341->100342 100343 7ff7e5d67aa0 2 API calls 100342->100343 100344 7ff7e5d63207 100343->100344 100674 7ff7e5d76064 100344->100674 100347 7ff7e5d6ac60 _log10_special 8 API calls 100348 7ff7e5d62846 100347->100348 100348->100103 100349 7ff7e5d66920 100348->100349 100350 7ff7e5d66944 100349->100350 100351 7ff7e5d6ed7c 73 API calls 100350->100351 100356 7ff7e5d66a1b __std_exception_destroy 100350->100356 100352 7ff7e5d66960 100351->100352 100352->100356 100845 7ff7e5d77914 100352->100845 100354 7ff7e5d6ed7c 73 API calls 100357 7ff7e5d66975 100354->100357 100355 7ff7e5d6ea44 _fread_nolock 53 API calls 100355->100357 100356->100108 100357->100354 100357->100355 100357->100356 100359 7ff7e5d6e724 100358->100359 100861 7ff7e5d6e4d0 100359->100861 100361 7ff7e5d6e73d 100361->100103 100362->100112 100363->100112 100364->100115 100365->100110 100366->100136 100367->100112 100369 7ff7e5d6ac69 100368->100369 100370 7ff7e5d62a6e 100369->100370 100371 7ff7e5d6aff0 IsProcessorFeaturePresent 100369->100371 100370->100212 100372 7ff7e5d6b008 100371->100372 100873 7ff7e5d6b1e8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 100372->100873 100374 7ff7e5d6b01b 100874 7ff7e5d6afb0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 100374->100874 100377->100144 100378->100153 100379->100128 100381 7ff7e5d61bd0 49 API calls 100380->100381 100382 7ff7e5d63260 100381->100382 100382->100138 100383->100159 100384->100166 100385->100172 100386->100174 100387->100183 100388->100186 100389->100167 100390->100178 100392->100165 100393->100160 100394->100182 100395->100241 100396->100241 100398 7ff7e5d625ac GetModuleFileNameW 100397->100398 100398->100245 100398->100246 100400 7ff7e5d679cf FindClose 100399->100400 100401 7ff7e5d679e2 100399->100401 100400->100401 100402 7ff7e5d6ac60 _log10_special 8 API calls 100401->100402 100403 7ff7e5d62602 100402->100403 100403->100250 100403->100251 100404->100263 100405->100256 100406->100261 100407->100257 100408->100263 100410 7ff7e5d6edac 100409->100410 100423 7ff7e5d6eb0c 100410->100423 100412 7ff7e5d6edc5 100412->100274 100436 7ff7e5d6ea64 100413->100436 100416->100303 100417->100303 100418->100303 100419->100303 100420->100303 100421->100301 100422->100303 100424 7ff7e5d6eb76 100423->100424 100425 7ff7e5d6eb36 100423->100425 100424->100425 100427 7ff7e5d6eb82 100424->100427 100435 7ff7e5d7a868 37 API calls 2 library calls 100425->100435 100434 7ff7e5d7522c EnterCriticalSection 100427->100434 100429 7ff7e5d6eb87 100430 7ff7e5d6ec90 71 API calls 100429->100430 100431 7ff7e5d6eb99 100430->100431 100432 7ff7e5d75238 _fread_nolock LeaveCriticalSection 100431->100432 100433 7ff7e5d6eb5d 100432->100433 100433->100412 100435->100433 100437 7ff7e5d6ea8e 100436->100437 100448 7ff7e5d61999 100436->100448 100438 7ff7e5d6eada 100437->100438 100440 7ff7e5d6ea9d memcpy_s 100437->100440 100437->100448 100449 7ff7e5d7522c EnterCriticalSection 100438->100449 100450 7ff7e5d7b598 11 API calls _get_daylight 100440->100450 100441 7ff7e5d6eae2 100443 7ff7e5d6e7e4 _fread_nolock 51 API calls 100441->100443 100446 7ff7e5d6eaf9 100443->100446 100444 7ff7e5d6eab2 100451 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100444->100451 100447 7ff7e5d75238 _fread_nolock LeaveCriticalSection 100446->100447 100447->100448 100448->100280 100448->100281 100450->100444 100451->100448 100452->100314 100454 7ff7e5d64d85 100453->100454 100455 7ff7e5d61bd0 49 API calls 100454->100455 100456 7ff7e5d64dc1 100455->100456 100457 7ff7e5d64ded 100456->100457 100458 7ff7e5d64dca 100456->100458 100459 7ff7e5d63230 49 API calls 100457->100459 100543 7ff7e5d61df0 81 API calls 100458->100543 100461 7ff7e5d64e05 100459->100461 100462 7ff7e5d64e23 100461->100462 100544 7ff7e5d61df0 81 API calls 100461->100544 100533 7ff7e5d63160 100462->100533 100465 7ff7e5d6ac60 _log10_special 8 API calls 100467 7ff7e5d6224e 100465->100467 100467->100324 100484 7ff7e5d64f00 100467->100484 100468 7ff7e5d64e3b 100470 7ff7e5d63230 49 API calls 100468->100470 100471 7ff7e5d64e54 100470->100471 100472 7ff7e5d64e79 100471->100472 100473 7ff7e5d64e59 100471->100473 100474 7ff7e5d67480 3 API calls 100472->100474 100545 7ff7e5d61df0 81 API calls 100473->100545 100477 7ff7e5d64e86 100474->100477 100476 7ff7e5d64de3 100476->100465 100478 7ff7e5d64ec9 100477->100478 100479 7ff7e5d64e92 100477->100479 100547 7ff7e5d64300 124 API calls 100478->100547 100480 7ff7e5d67aa0 2 API calls 100479->100480 100482 7ff7e5d64eaa 100480->100482 100546 7ff7e5d61ed0 80 API calls 100482->100546 100548 7ff7e5d63ed0 100484->100548 100486 7ff7e5d64f3a 100487 7ff7e5d64f53 100486->100487 100488 7ff7e5d64f42 100486->100488 100555 7ff7e5d636a0 100487->100555 100580 7ff7e5d61df0 81 API calls 100488->100580 100492 7ff7e5d64f70 100496 7ff7e5d64f90 100492->100496 100497 7ff7e5d64f7f 100492->100497 100493 7ff7e5d64f5f 100581 7ff7e5d61df0 81 API calls 100493->100581 100495 7ff7e5d64f4e 100495->100327 100559 7ff7e5d63950 100496->100559 100582 7ff7e5d61df0 81 API calls 100497->100582 100500 7ff7e5d64fab 100501 7ff7e5d64fc0 100500->100501 100502 7ff7e5d64faf 100500->100502 100504 7ff7e5d64fe0 100501->100504 100505 7ff7e5d64fcf 100501->100505 100583 7ff7e5d61df0 81 API calls 100502->100583 100566 7ff7e5d637f0 100504->100566 100584 7ff7e5d61df0 81 API calls 100505->100584 100509 7ff7e5d65000 100512 7ff7e5d65020 100509->100512 100513 7ff7e5d6500f 100509->100513 100510 7ff7e5d64fef 100585 7ff7e5d61df0 81 API calls 100510->100585 100515 7ff7e5d65031 100512->100515 100517 7ff7e5d65042 100512->100517 100586 7ff7e5d61df0 81 API calls 100513->100586 100587 7ff7e5d61df0 81 API calls 100515->100587 100520 7ff7e5d6506c 100517->100520 100588 7ff7e5d772fc 73 API calls 100517->100588 100519 7ff7e5d6505a 100589 7ff7e5d772fc 73 API calls 100519->100589 100520->100495 100590 7ff7e5d61df0 81 API calls 100520->100590 100524 7ff7e5d64aa0 100523->100524 100525 7ff7e5d64ac9 100524->100525 100531 7ff7e5d64ae0 __std_exception_destroy 100524->100531 100618 7ff7e5d61df0 81 API calls 100525->100618 100527 7ff7e5d64ad5 100527->100329 100528 7ff7e5d64beb 100528->100329 100530 7ff7e5d61df0 81 API calls 100530->100531 100531->100528 100531->100530 100594 7ff7e5d61420 100531->100594 100532->100324 100534 7ff7e5d6316a 100533->100534 100535 7ff7e5d67aa0 2 API calls 100534->100535 100536 7ff7e5d6318f 100535->100536 100537 7ff7e5d6ac60 _log10_special 8 API calls 100536->100537 100538 7ff7e5d631b7 100537->100538 100538->100468 100539 7ff7e5d67480 100538->100539 100540 7ff7e5d67aa0 2 API calls 100539->100540 100541 7ff7e5d67494 LoadLibraryW 100540->100541 100542 7ff7e5d674b3 __std_exception_destroy 100541->100542 100542->100468 100543->100476 100544->100462 100545->100476 100546->100476 100547->100476 100550 7ff7e5d63efc 100548->100550 100549 7ff7e5d63f04 100549->100486 100550->100549 100553 7ff7e5d640a4 100550->100553 100591 7ff7e5d76b74 48 API calls 100550->100591 100551 7ff7e5d64267 __std_exception_destroy 100551->100486 100552 7ff7e5d633d0 47 API calls 100552->100553 100553->100551 100553->100552 100556 7ff7e5d636d0 100555->100556 100557 7ff7e5d6ac60 _log10_special 8 API calls 100556->100557 100558 7ff7e5d6373a 100557->100558 100558->100492 100558->100493 100560 7ff7e5d639bf 100559->100560 100564 7ff7e5d6396b 100559->100564 100593 7ff7e5d63550 MultiByteToWideChar MultiByteToWideChar __std_exception_destroy 100560->100593 100562 7ff7e5d639cc 100562->100500 100565 7ff7e5d639aa 100564->100565 100592 7ff7e5d63550 MultiByteToWideChar MultiByteToWideChar __std_exception_destroy 100564->100592 100565->100500 100567 7ff7e5d63805 100566->100567 100568 7ff7e5d61bd0 49 API calls 100567->100568 100569 7ff7e5d63851 100568->100569 100570 7ff7e5d61bd0 49 API calls 100569->100570 100579 7ff7e5d638d7 __std_exception_destroy 100569->100579 100571 7ff7e5d63890 100570->100571 100574 7ff7e5d67aa0 2 API calls 100571->100574 100571->100579 100572 7ff7e5d6ac60 _log10_special 8 API calls 100573 7ff7e5d6392c 100572->100573 100573->100509 100573->100510 100575 7ff7e5d638aa 100574->100575 100576 7ff7e5d67aa0 2 API calls 100575->100576 100577 7ff7e5d638c1 100576->100577 100578 7ff7e5d67aa0 2 API calls 100577->100578 100578->100579 100579->100572 100580->100495 100581->100495 100582->100495 100583->100495 100584->100495 100585->100495 100586->100495 100587->100495 100588->100519 100589->100520 100590->100495 100591->100550 100592->100565 100593->100562 100595 7ff7e5d631c0 108 API calls 100594->100595 100596 7ff7e5d61443 100595->100596 100597 7ff7e5d6146c 100596->100597 100598 7ff7e5d6144b 100596->100598 100600 7ff7e5d6ed7c 73 API calls 100597->100600 100637 7ff7e5d61df0 81 API calls 100598->100637 100602 7ff7e5d61481 100600->100602 100601 7ff7e5d6145b 100601->100531 100603 7ff7e5d61485 100602->100603 100604 7ff7e5d614a1 100602->100604 100638 7ff7e5d61db0 80 API calls 100603->100638 100606 7ff7e5d614d1 100604->100606 100607 7ff7e5d614b1 100604->100607 100610 7ff7e5d614d7 100606->100610 100615 7ff7e5d614ea 100606->100615 100639 7ff7e5d61db0 80 API calls 100607->100639 100609 7ff7e5d6e6f4 74 API calls 100611 7ff7e5d61564 100609->100611 100619 7ff7e5d611d0 100610->100619 100611->100531 100613 7ff7e5d6149c __std_exception_destroy 100613->100609 100614 7ff7e5d6ea44 _fread_nolock 53 API calls 100614->100615 100615->100613 100615->100614 100616 7ff7e5d61576 100615->100616 100640 7ff7e5d61db0 80 API calls 100616->100640 100618->100527 100620 7ff7e5d61228 100619->100620 100621 7ff7e5d61257 100620->100621 100622 7ff7e5d6122f 100620->100622 100625 7ff7e5d6128d 100621->100625 100626 7ff7e5d61271 100621->100626 100641 7ff7e5d61df0 81 API calls 100622->100641 100624 7ff7e5d61242 100624->100613 100628 7ff7e5d612bb memcpy_s 100625->100628 100629 7ff7e5d6129f 100625->100629 100642 7ff7e5d61db0 80 API calls 100626->100642 100631 7ff7e5d61288 __std_exception_destroy 100628->100631 100632 7ff7e5d6ea44 _fread_nolock 53 API calls 100628->100632 100633 7ff7e5d6e7b8 37 API calls 100628->100633 100634 7ff7e5d6137f 100628->100634 100644 7ff7e5d6f184 76 API calls 100628->100644 100643 7ff7e5d61db0 80 API calls 100629->100643 100631->100613 100632->100628 100633->100628 100645 7ff7e5d61df0 81 API calls 100634->100645 100637->100601 100638->100613 100639->100613 100640->100613 100641->100624 100642->100631 100643->100631 100644->100628 100645->100631 100646->100333 100648 7ff7e5d74a6e 100647->100648 100649 7ff7e5d74a93 100648->100649 100651 7ff7e5d74acf 100648->100651 100665 7ff7e5d7a868 37 API calls 2 library calls 100649->100665 100666 7ff7e5d71908 49 API calls _invalid_parameter_noinfo 100651->100666 100653 7ff7e5d74abd 100655 7ff7e5d6ac60 _log10_special 8 API calls 100653->100655 100654 7ff7e5d7a574 __free_lconv_mon 11 API calls 100654->100653 100657 7ff7e5d61c18 100655->100657 100656 7ff7e5d74b66 100658 7ff7e5d74b81 100656->100658 100659 7ff7e5d74bd0 100656->100659 100660 7ff7e5d74b78 100656->100660 100663 7ff7e5d74bac 100656->100663 100657->100149 100667 7ff7e5d7a574 100658->100667 100661 7ff7e5d74bda 100659->100661 100659->100663 100660->100658 100660->100663 100664 7ff7e5d7a574 __free_lconv_mon 11 API calls 100661->100664 100663->100654 100664->100653 100665->100653 100666->100656 100668 7ff7e5d7a579 HeapFree 100667->100668 100672 7ff7e5d7a5a8 100667->100672 100669 7ff7e5d7a594 GetLastError 100668->100669 100668->100672 100670 7ff7e5d7a5a1 __free_lconv_mon 100669->100670 100673 7ff7e5d7b598 11 API calls _get_daylight 100670->100673 100672->100653 100673->100672 100675 7ff7e5d75f98 100674->100675 100676 7ff7e5d75fbe 100675->100676 100679 7ff7e5d75ff1 100675->100679 100705 7ff7e5d7b598 11 API calls _get_daylight 100676->100705 100678 7ff7e5d75fc3 100706 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100678->100706 100681 7ff7e5d75ff7 100679->100681 100682 7ff7e5d76004 100679->100682 100707 7ff7e5d7b598 11 API calls _get_daylight 100681->100707 100693 7ff7e5d7ac40 100682->100693 100686 7ff7e5d76018 100708 7ff7e5d7b598 11 API calls _get_daylight 100686->100708 100687 7ff7e5d76025 100700 7ff7e5d8025c 100687->100700 100690 7ff7e5d76038 100709 7ff7e5d75238 LeaveCriticalSection 100690->100709 100692 7ff7e5d63216 100692->100347 100710 7ff7e5d80668 EnterCriticalSection 100693->100710 100695 7ff7e5d7ac57 100696 7ff7e5d7acb4 19 API calls 100695->100696 100697 7ff7e5d7ac62 100696->100697 100698 7ff7e5d806c8 _isindst LeaveCriticalSection 100697->100698 100699 7ff7e5d7600e 100698->100699 100699->100686 100699->100687 100711 7ff7e5d7ff58 100700->100711 100703 7ff7e5d802b6 100703->100690 100705->100678 100706->100692 100707->100692 100708->100692 100716 7ff7e5d7ff93 __vcrt_FlsAlloc 100711->100716 100713 7ff7e5d80231 100730 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100713->100730 100715 7ff7e5d80163 100715->100703 100723 7ff7e5d870e4 100715->100723 100721 7ff7e5d8015a 100716->100721 100726 7ff7e5d77a88 51 API calls 3 library calls 100716->100726 100718 7ff7e5d801c5 100718->100721 100727 7ff7e5d77a88 51 API calls 3 library calls 100718->100727 100720 7ff7e5d801e4 100720->100721 100728 7ff7e5d77a88 51 API calls 3 library calls 100720->100728 100721->100715 100729 7ff7e5d7b598 11 API calls _get_daylight 100721->100729 100731 7ff7e5d866e4 100723->100731 100726->100718 100727->100720 100728->100721 100729->100713 100730->100715 100732 7ff7e5d866fb 100731->100732 100733 7ff7e5d86719 100731->100733 100785 7ff7e5d7b598 11 API calls _get_daylight 100732->100785 100733->100732 100736 7ff7e5d86735 100733->100736 100735 7ff7e5d86700 100786 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100735->100786 100742 7ff7e5d86cf4 100736->100742 100740 7ff7e5d8670c 100740->100703 100788 7ff7e5d86a28 100742->100788 100745 7ff7e5d86d69 100819 7ff7e5d7b578 11 API calls _get_daylight 100745->100819 100746 7ff7e5d86d81 100807 7ff7e5d7856c 100746->100807 100749 7ff7e5d86d6e 100820 7ff7e5d7b598 11 API calls _get_daylight 100749->100820 100777 7ff7e5d86760 100777->100740 100787 7ff7e5d78544 LeaveCriticalSection 100777->100787 100785->100735 100786->100740 100789 7ff7e5d86a54 100788->100789 100796 7ff7e5d86a6e 100788->100796 100789->100796 100832 7ff7e5d7b598 11 API calls _get_daylight 100789->100832 100791 7ff7e5d86a63 100833 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100791->100833 100793 7ff7e5d86b3d 100798 7ff7e5d86b9a 100793->100798 100838 7ff7e5d79bc8 37 API calls 2 library calls 100793->100838 100794 7ff7e5d86aec 100794->100793 100836 7ff7e5d7b598 11 API calls _get_daylight 100794->100836 100796->100794 100834 7ff7e5d7b598 11 API calls _get_daylight 100796->100834 100798->100745 100798->100746 100800 7ff7e5d86b32 100837 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100800->100837 100801 7ff7e5d86b96 100801->100798 100839 7ff7e5d7a954 IsProcessorFeaturePresent 100801->100839 100802 7ff7e5d86ae1 100835 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 100802->100835 100844 7ff7e5d80668 EnterCriticalSection 100807->100844 100819->100749 100820->100777 100832->100791 100833->100796 100834->100802 100835->100794 100836->100800 100837->100793 100838->100801 100840 7ff7e5d7a967 100839->100840 100843 7ff7e5d7a668 14 API calls 3 library calls 100840->100843 100842 7ff7e5d7a982 GetCurrentProcess TerminateProcess 100843->100842 100846 7ff7e5d77944 100845->100846 100849 7ff7e5d77420 100846->100849 100848 7ff7e5d7795d 100848->100357 100850 7ff7e5d7743b 100849->100850 100851 7ff7e5d7746a 100849->100851 100860 7ff7e5d7a868 37 API calls 2 library calls 100850->100860 100859 7ff7e5d7522c EnterCriticalSection 100851->100859 100854 7ff7e5d7745b 100854->100848 100855 7ff7e5d7746f 100856 7ff7e5d7748c 38 API calls 100855->100856 100857 7ff7e5d7747b 100856->100857 100858 7ff7e5d75238 _fread_nolock LeaveCriticalSection 100857->100858 100858->100854 100860->100854 100862 7ff7e5d6e4eb 100861->100862 100863 7ff7e5d6e519 100861->100863 100872 7ff7e5d7a868 37 API calls 2 library calls 100862->100872 100865 7ff7e5d6e50b 100863->100865 100871 7ff7e5d7522c EnterCriticalSection 100863->100871 100865->100361 100867 7ff7e5d6e530 100868 7ff7e5d6e54c 72 API calls 100867->100868 100869 7ff7e5d6e53c 100868->100869 100870 7ff7e5d75238 _fread_nolock LeaveCriticalSection 100869->100870 100870->100865 100872->100865 100873->100374 100875 7ff8b7ff1992 100876 7ff8b800d300 100875->100876 100877 7ff8b800d32f ERR_new ERR_set_debug ERR_set_error 100876->100877 100878 7ff8b800d363 100876->100878 100879 7ff8b800d35c 100877->100879 100918 7ff8b7ff1087 100878->100918 100881 7ff8b800d36f 100881->100879 100882 7ff8b800d3ff CRYPTO_zalloc 100881->100882 100883 7ff8b800d381 ERR_new ERR_set_debug ERR_set_error 100881->100883 100884 7ff8b800d3af ERR_new ERR_set_debug 100882->100884 100885 7ff8b800d41e CRYPTO_THREAD_lock_new 100882->100885 100883->100884 100886 7ff8b800d3d1 ERR_set_error 100884->100886 100887 7ff8b800d439 ERR_new ERR_set_debug ERR_set_error CRYPTO_free 100885->100887 100888 7ff8b800d481 100885->100888 100886->100879 100887->100879 100889 7ff8b800d489 CRYPTO_strdup 100888->100889 100890 7ff8b800d4ae 100888->100890 100889->100884 100889->100890 100890->100884 100891 7ff8b800d502 OPENSSL_LH_new 100890->100891 100891->100884 100892 7ff8b800d522 X509_STORE_new 100891->100892 100892->100884 100893 7ff8b800d534 CTLOG_STORE_new_ex 100892->100893 100893->100884 100894 7ff8b800d54f 100893->100894 100928 7ff8b7ff1618 100894->100928 100896 7ff8b800d557 100896->100879 100963 7ff8b7ff1361 7 API calls 100896->100963 100898 7ff8b800d567 100898->100879 100964 7ff8b7ff1393 6 API calls 100898->100964 100900 7ff8b800d577 100900->100879 100900->100884 100901 7ff8b800d5ca OPENSSL_sk_num 100900->100901 100902 7ff8b800d786 ERR_new ERR_set_debug 100900->100902 100901->100902 100903 7ff8b800d5db X509_VERIFY_PARAM_new 100901->100903 100902->100886 100903->100884 100904 7ff8b800d5f0 100903->100904 100905 7ff8b800d617 OPENSSL_sk_new_null 100904->100905 100905->100884 100906 7ff8b800d633 OPENSSL_sk_new_null 100905->100906 100906->100884 100907 7ff8b800d648 CRYPTO_new_ex_data 100906->100907 100907->100884 100908 7ff8b800d664 CRYPTO_secure_zalloc 100907->100908 100908->100884 100909 7ff8b800d68b 100908->100909 100910 7ff8b800d6a4 RAND_bytes_ex 100909->100910 100965 7ff8b7ff12cb CRYPTO_THREAD_run_once 100909->100965 100912 7ff8b800d70c 100910->100912 100913 7ff8b800d6d4 RAND_priv_bytes_ex 100910->100913 100916 7ff8b800d717 RAND_priv_bytes_ex 100912->100916 100913->100912 100915 7ff8b800d6ee RAND_priv_bytes_ex 100913->100915 100914 7ff8b800d69d 100914->100910 100915->100912 100915->100916 100916->100884 100917 7ff8b800d735 100916->100917 100917->100879 100917->100884 100918->100881 100919 7ff8b800b730 100918->100919 100920 7ff8b800b74c 100919->100920 100923 7ff8b800b79a 100919->100923 100921 7ff8b800b78d 100920->100921 100922 7ff8b800b755 ERR_new ERR_set_debug ERR_set_error 100920->100922 100921->100881 100922->100921 100923->100921 100924 7ff8b800b7e4 CRYPTO_THREAD_run_once 100923->100924 100925 7ff8b800b806 100923->100925 100924->100921 100924->100925 100926 7ff8b800b80d CRYPTO_THREAD_run_once 100925->100926 100927 7ff8b800b83e 100925->100927 100926->100881 100927->100881 100928->100896 100929 7ff8b80089b0 100928->100929 100930 7ff8b8008a65 EVP_MD_get_size 100929->100930 100932 7ff8b8008a8b ERR_set_mark EVP_SIGNATURE_fetch 100929->100932 100930->100929 100931 7ff8b8008eae 100930->100931 100931->100896 100933 7ff8b8008ab2 100932->100933 100934 7ff8b8008ac3 EVP_KEYEXCH_fetch 100933->100934 100935 7ff8b8008ade 100934->100935 100936 7ff8b8008af2 EVP_KEYEXCH_fetch 100935->100936 100937 7ff8b8008b19 EVP_KEYEXCH_free 100936->100937 100938 7ff8b8008b0d 100936->100938 100939 7ff8b8008b21 EVP_SIGNATURE_fetch 100937->100939 100938->100939 100940 7ff8b8008b3c 100939->100940 100941 7ff8b8008b45 EVP_SIGNATURE_free 100939->100941 100942 7ff8b8008b4d ERR_pop_to_mark EVP_PKEY_asn1_find_str 100940->100942 100941->100942 100943 7ff8b8008baf EVP_PKEY_asn1_get0_info 100942->100943 100944 7ff8b8008bce 100942->100944 100943->100944 100945 7ff8b8008bfc EVP_PKEY_asn1_find_str 100944->100945 100946 7ff8b8008c1f EVP_PKEY_asn1_get0_info 100945->100946 100947 7ff8b8008c3e 100945->100947 100946->100947 100948 7ff8b8008c6f EVP_PKEY_asn1_find_str 100947->100948 100949 7ff8b8008c92 EVP_PKEY_asn1_get0_info 100948->100949 100950 7ff8b8008cb1 100948->100950 100949->100950 100951 7ff8b8008ce2 EVP_PKEY_asn1_find_str 100950->100951 100952 7ff8b8008d05 EVP_PKEY_asn1_get0_info 100951->100952 100953 7ff8b8008d24 100951->100953 100952->100953 100954 7ff8b8008d55 EVP_PKEY_asn1_find_str 100953->100954 100955 7ff8b8008d78 EVP_PKEY_asn1_get0_info 100954->100955 100956 7ff8b8008d97 100954->100956 100955->100956 100957 7ff8b8008db4 EVP_PKEY_asn1_find_str 100956->100957 100958 7ff8b8008dd7 EVP_PKEY_asn1_get0_info 100957->100958 100959 7ff8b8008df6 100957->100959 100958->100959 100960 7ff8b8008e13 EVP_PKEY_asn1_find_str 100959->100960 100961 7ff8b8008e36 EVP_PKEY_asn1_get0_info 100960->100961 100962 7ff8b8008e55 100960->100962 100961->100962 100962->100896 100963->100898 100964->100900 100965->100914 100966 7ff8b8cd8ec3 100997 7ff8b8cd41e0 100966->100997 100968 7ff8b8cd8f69 100971 7ff8b8cd8f81 100968->100971 100977 7ff8b8cd8f78 _Py_Dealloc 100968->100977 100969 7ff8b8cd8f07 100970 7ff8b8cd8f43 100969->100970 100974 7ff8b8cd8f1e 100969->100974 100970->100968 100972 7ff8b8cd8f60 _Py_Dealloc 100970->100972 100973 7ff8b8cd8fa4 100971->100973 100980 7ff8b8cd8f9e _Py_Dealloc 100971->100980 100972->100968 100975 7ff8b8cd8fc7 100973->100975 100981 7ff8b8cd8fc1 _Py_Dealloc 100973->100981 100976 7ff8b8cd8f31 100974->100976 100978 7ff8b8cd8f28 _Py_Dealloc 100974->100978 100979 7ff8b8cd8fea 100975->100979 100983 7ff8b8cd8fe4 _Py_Dealloc 100975->100983 100977->100971 100978->100976 100982 7ff8b8cd900d 100979->100982 100986 7ff8b8cd9007 _Py_Dealloc 100979->100986 100980->100973 100981->100975 100984 7ff8b8cd9030 100982->100984 100988 7ff8b8cd902a _Py_Dealloc 100982->100988 100983->100979 100985 7ff8b8cd9053 100984->100985 100989 7ff8b8cd904d _Py_Dealloc 100984->100989 100987 7ff8b8cd9076 100985->100987 100991 7ff8b8cd9070 _Py_Dealloc 100985->100991 100986->100982 100990 7ff8b8cd9099 100987->100990 100994 7ff8b8cd9093 _Py_Dealloc 100987->100994 100988->100984 100989->100985 100992 7ff8b8cd90bc 100990->100992 100995 7ff8b8cd90b6 _Py_Dealloc 100990->100995 100991->100987 100993 7ff8b8cd90df 100992->100993 100996 7ff8b8cd90d9 _Py_Dealloc 100992->100996 100994->100990 100995->100992 100996->100993 101001 7ff8b8cd421a 100997->101001 100998 7ff8b8cd4471 100999 7ff8b8cd44b1 PyFloat_FromDouble 100998->100999 101010 7ff8b8cd44d7 100998->101010 100999->100998 101005 7ff8b8cd4614 100999->101005 101000 7ff8b8cd42d5 PyUnicode_FromStringAndSize 101000->101005 101006 7ff8b8cd42fd PyUnicode_InternInPlace 101000->101006 101001->101000 101003 7ff8b8cd432f 101001->101003 101002 7ff8b8cd43ea 101002->100998 101007 7ff8b8cd4430 PyLong_FromString 101002->101007 101003->101002 101004 7ff8b8cd43a5 PyBytes_FromStringAndSize 101003->101004 101004->101003 101004->101005 101005->100969 101006->101001 101007->101002 101007->101005 101008 7ff8b8cd4510 PyComplex_FromDoubles 101008->101005 101008->101010 101009 7ff8b8cd4550 PyTuple_New 101009->101005 101011 7ff8b8cd453b 101009->101011 101010->101008 101010->101011 101011->101009 101013 7ff8b8cd45ac 101011->101013 101012 7ff8b8cd45c0 PyFrozenSet_New 101012->101005 101012->101013 101013->101005 101013->101012 101014 7ff8b8cd45f4 PySet_Add 101013->101014 101014->101005 101014->101013 101015 7ff8b8f7b608 PyObject_GC_UnTrack 101021 7ff8b8f7b568 101015->101021 101018 7ff8b8f7b648 101019 7ff8b8f7b65c 101018->101019 101020 7ff8b8f7b653 _Py_Dealloc 101018->101020 101020->101019 101022 7ff8b8f7b57e 101021->101022 101023 7ff8b8f7b594 101021->101023 101022->101023 101025 7ff8b8f7b58e _Py_Dealloc 101022->101025 101024 7ff8b8f7b5b3 101023->101024 101027 7ff8b8f7b5ad _Py_Dealloc 101023->101027 101026 7ff8b8f7b5d2 101024->101026 101030 7ff8b8f7b5cc _Py_Dealloc 101024->101030 101025->101023 101028 7ff8b8f7b5fa SSL_CTX_free PyMem_Free 101026->101028 101029 7ff8b8f7b5d9 PyEval_SaveThread BIO_free_all PyEval_RestoreThread 101026->101029 101027->101024 101028->101018 101029->101028 101030->101026 101213 7ff8b8f783a8 101215 7ff8b8f783d4 101213->101215 101214 7ff8b8f783fe _PyArg_UnpackKeywords 101216 7ff8b8f7847c 101214->101216 101217 7ff8b8f7843b 101214->101217 101215->101214 101215->101217 101255 7ff8b8f72680 8 API calls 2 library calls 101216->101255 101221 7ff8b8f7849c _errno 101217->101221 101220 7ff8b8f7848f 101222 7ff8b8f7852a PyUnicode_FSConverter 101221->101222 101223 7ff8b8f78500 101221->101223 101222->101223 101226 7ff8b8f7853b PyErr_ExceptionMatches 101222->101226 101224 7ff8b8f78505 101223->101224 101225 7ff8b8f78561 PyUnicode_FSConverter 101223->101225 101228 7ff8b8f7850e 101224->101228 101230 7ff8b8f785ab PyUnicode_AsASCIIString 101224->101230 101231 7ff8b8f7862a PyObject_CheckBuffer 101224->101231 101254 7ff8b8f78606 101224->101254 101225->101224 101227 7ff8b8f78572 PyErr_ExceptionMatches 101225->101227 101226->101228 101236 7ff8b8f7871a 101226->101236 101227->101228 101227->101236 101229 7ff8b8f78515 PyErr_SetString 101228->101229 101229->101236 101233 7ff8b8f785dd 101230->101233 101234 7ff8b8f785b9 PyErr_ExceptionMatches 101230->101234 101231->101228 101232 7ff8b8f78634 PyObject_GetBuffer 101231->101232 101235 7ff8b8f7864c PyBuffer_IsContiguous 101232->101235 101232->101236 101256 7ff8b8f74e64 46 API calls 101233->101256 101234->101228 101234->101236 101241 7ff8b8f7868e PyBuffer_Release 101235->101241 101242 7ff8b8f7865c 101235->101242 101240 7ff8b8f78730 _Py_Dealloc 101236->101240 101244 7ff8b8f78736 101236->101244 101237 7ff8b8f78750 101237->101216 101239 7ff8b8f786b9 PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 101239->101236 101245 7ff8b8f786e1 _errno 101239->101245 101240->101244 101241->101229 101242->101241 101248 7ff8b8f78661 101242->101248 101243 7ff8b8f785f0 101252 7ff8b8f785fd _Py_Dealloc 101243->101252 101243->101254 101244->101237 101249 7ff8b8f7874a _Py_Dealloc 101244->101249 101246 7ff8b8f786ec PyErr_SetFromErrno ERR_clear_error 101245->101246 101247 7ff8b8f78704 101245->101247 101246->101236 101258 7ff8b8f766b0 31 API calls 101247->101258 101257 7ff8b8f74e64 46 API calls 101248->101257 101249->101237 101252->101254 101253 7ff8b8f78677 PyBuffer_Release 101253->101236 101253->101254 101254->101236 101254->101239 101255->101220 101256->101243 101257->101253 101258->101236 101031 7ff8b800cb40 101032 7ff8b800cec0 101031->101032 101033 7ff8b800cb49 101031->101033 101033->101032 101034 7ff8b800cb90 CRYPTO_free CRYPTO_free 101033->101034 101035 7ff8b800cbe9 7 API calls 101034->101035 101036 7ff8b800cbdf 101034->101036 101056 7ff8b7ff11db 101035->101056 101036->101035 101038 7ff8b800cc42 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_pop_free OPENSSL_sk_free 101064 7ff8b7ff1811 10 API calls 101038->101064 101040 7ff8b800cc96 101041 7ff8b800cca2 CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_secure_free 101040->101041 101042 7ff8b800cd2b EVP_MD_get0_provider 101041->101042 101043 7ff8b800cd40 101041->101043 101042->101043 101044 7ff8b800cd38 EVP_MD_free 101042->101044 101045 7ff8b800cd4c EVP_MD_get0_provider 101043->101045 101046 7ff8b800cd61 101043->101046 101044->101043 101045->101046 101047 7ff8b800cd59 EVP_MD_free 101045->101047 101048 7ff8b800cd78 EVP_CIPHER_get0_provider 101046->101048 101050 7ff8b800cd97 101046->101050 101047->101046 101048->101046 101049 7ff8b800cd85 EVP_CIPHER_free 101048->101049 101049->101046 101051 7ff8b800cdac EVP_MD_get0_provider 101050->101051 101053 7ff8b800cdcb 101050->101053 101051->101050 101052 7ff8b800cdb9 EVP_MD_free 101051->101052 101052->101050 101054 7ff8b800ce4a CRYPTO_free CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free CRYPTO_free 101053->101054 101055 7ff8b800cde1 CRYPTO_free CRYPTO_free CRYPTO_free 101053->101055 101054->101032 101055->101054 101055->101055 101056->101038 101058 7ff8b8003820 101056->101058 101057 7ff8b800397f 101057->101038 101058->101057 101059 7ff8b8003850 EVP_PKEY_free 101058->101059 101060 7ff8b8003873 X509_free EVP_PKEY_free OPENSSL_sk_pop_free CRYPTO_free 101059->101060 101060->101060 101061 7ff8b80038c7 CRYPTO_free CRYPTO_free CRYPTO_free X509_STORE_free X509_STORE_free 101060->101061 101062 7ff8b7ff18f2 101061->101062 101063 7ff8b8003945 CRYPTO_free CRYPTO_THREAD_lock_free CRYPTO_free 101062->101063 101063->101057 101064->101040 101259 7ff8b7e08980 101260 7ff8b7e089a8 101259->101260 101261 7ff8b7e08994 101259->101261 101323 7ff8b7e425e4 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 101260->101323 101263 7ff8b7e089ce 101261->101263 101270 7ff8b7e08af1 101261->101270 101264 7ff8b7e08ac7 101263->101264 101265 7ff8b7e089d7 101263->101265 101307 7ff8b7e41a18 101264->101307 101268 7ff8b7e08a9f 101265->101268 101269 7ff8b7e089e0 GetLastError 101265->101269 101266 7ff8b7e08a8d 101268->101266 101273 7ff8b7e08aaf 101268->101273 101271 7ff8b7e08a0a 101269->101271 101272 7ff8b7e089f3 101269->101272 101270->101266 101350 7ff8b7e059bc 202 API calls 101270->101350 101325 7ff8b7e08b20 101271->101325 101324 7ff8b7e0d4d0 6 API calls wmemcpy_s 101272->101324 101349 7ff8b7e0d4d0 6 API calls wmemcpy_s 101273->101349 101279 7ff8b7e08b1c 101279->101266 101285 7ff8b7e08b20 wmemcpy_s 6 API calls 101279->101285 101280 7ff8b7e089f8 101280->101271 101284 7ff8b7e48577 101280->101284 101281 7ff8b7e48599 SetLastError 101291 7ff8b7e08ae1 101281->101291 101282 7ff8b7e08ab4 101282->101266 101282->101279 101283 7ff8b7e08acc 101283->101266 101315 7ff8b7e07504 101283->101315 101284->101281 101290 7ff8b7e08a60 101284->101290 101289 7ff8b7e48569 101285->101289 101351 7ff8b7e1a280 29 API calls __std_type_info_name 101289->101351 101290->101281 101294 7ff8b7e08a69 101290->101294 101291->101266 101353 7ff8b7e41a50 8 API calls 3 library calls 101291->101353 101293 7ff8b7e48582 101297 7ff8b7e08b20 wmemcpy_s 6 API calls 101293->101297 101348 7ff8b7e0d4d0 6 API calls wmemcpy_s 101294->101348 101296 7ff8b7e08b20 wmemcpy_s 6 API calls 101299 7ff8b7e08a49 101296->101299 101300 7ff8b7e4858f 101297->101300 101299->101293 101302 7ff8b7e08a51 101299->101302 101352 7ff8b7e180a4 25 API calls __std_type_info_name 101300->101352 101301 7ff8b7e08a74 SetLastError 101301->101266 101346 7ff8b7e09b80 25 API calls wmemcpy_s 101302->101346 101305 7ff8b7e08a59 101347 7ff8b7e0e510 25 API calls 2 library calls 101305->101347 101308 7ff8b7e41a21 101307->101308 101354 7ff8b7e41e08 101308->101354 101311 7ff8b7e41a34 101311->101283 101313 7ff8b7e41a3d 101313->101311 101361 7ff8b7e41e6c DeleteCriticalSection 101313->101361 101318 7ff8b7e07522 101315->101318 101320 7ff8b7e0757c 101315->101320 101316 7ff8b7e0759e 101316->101318 101418 7ff8b7e07390 7 API calls 2 library calls 101316->101418 101318->101316 101318->101320 101378 7ff8b7e074c0 EnterCriticalSection 101318->101378 101386 7ff8b7e084b0 101318->101386 101419 7ff8b7e074a0 6 API calls 101318->101419 101320->101291 101323->101261 101324->101280 101326 7ff8b7e48601 TlsSetValue 101325->101326 101329 7ff8b7e08b5c 101325->101329 101327 7ff8b7e08a13 101327->101281 101333 7ff8b7e0e040 101327->101333 101329->101327 101330 7ff8b7e08b9f GetProcAddress 101329->101330 101332 7ff8b7e485dd 101329->101332 101461 7ff8b7e06448 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 101329->101461 101331 7ff8b7e08bb8 101330->101331 101330->101332 101331->101326 101331->101327 101332->101326 101334 7ff8b7e0e051 101333->101334 101335 7ff8b7e0e066 RtlAllocateHeap 101333->101335 101334->101335 101336 7ff8b7e4a648 101334->101336 101337 7ff8b7e08a2a 101335->101337 101340 7ff8b7e4a65a 101335->101340 101462 7ff8b7e138f0 25 API calls 3 library calls 101336->101462 101337->101293 101337->101296 101341 7ff8b7e4a693 101340->101341 101345 7ff8b7e4a679 HeapAlloc 101340->101345 101463 7ff8b7e18dd0 8 API calls wmemcpy_s 101340->101463 101464 7ff8b7e68af0 10 API calls __std_type_info_name 101340->101464 101465 7ff8b7e138f0 25 API calls 3 library calls 101341->101465 101344 7ff8b7e4a69d 101345->101340 101345->101341 101346->101305 101347->101290 101348->101301 101349->101282 101350->101279 101351->101266 101352->101281 101353->101266 101355 7ff8b7e41e10 101354->101355 101357 7ff8b7e41e41 101355->101357 101359 7ff8b7e41a30 101355->101359 101362 7ff8b7e421f4 101355->101362 101367 7ff8b7e41e6c DeleteCriticalSection 101357->101367 101359->101311 101360 7ff8b7e41bb4 8 API calls 3 library calls 101359->101360 101360->101313 101361->101311 101368 7ff8b7e41ef0 101362->101368 101365 7ff8b7e4223f InitializeCriticalSectionAndSpinCount 101366 7ff8b7e42234 101365->101366 101366->101355 101367->101359 101369 7ff8b7e41f51 101368->101369 101371 7ff8b7e41f4c try_get_function 101368->101371 101369->101365 101369->101366 101370 7ff8b7e41f80 LoadLibraryExW 101370->101371 101372 7ff8b7e41fa1 GetLastError 101370->101372 101371->101369 101371->101370 101375 7ff8b7e42034 101371->101375 101376 7ff8b7e42019 FreeLibrary 101371->101376 101377 7ff8b7e41fdb LoadLibraryExW 101371->101377 101372->101371 101373 7ff8b7e42042 GetProcAddress 101374 7ff8b7e42053 101373->101374 101374->101369 101375->101369 101375->101373 101376->101371 101377->101371 101420 7ff8b7e061ac 101378->101420 101380 7ff8b7e074dc 101381 7ff8b7e074ec LeaveCriticalSection 101380->101381 101432 7ff8b7e0624c GetStartupInfoW 101380->101432 101381->101318 101446 7ff8b7e06390 101386->101446 101389 7ff8b7e084d7 GetLastError 101390 7ff8b7e084e9 101389->101390 101391 7ff8b7e08500 101389->101391 101454 7ff8b7e0d4d0 6 API calls wmemcpy_s 101390->101454 101393 7ff8b7e08b20 wmemcpy_s 6 API calls 101391->101393 101394 7ff8b7e08509 101393->101394 101396 7ff8b7e484f2 SetLastError 101394->101396 101398 7ff8b7e0e040 wmemcpy_s 25 API calls 101394->101398 101395 7ff8b7e084ee 101395->101391 101397 7ff8b7e484d0 101395->101397 101399 7ff8b7e484fa 101396->101399 101397->101396 101401 7ff8b7e08556 101397->101401 101400 7ff8b7e08520 101398->101400 101459 7ff8b7e68ef0 6 API calls 101399->101459 101403 7ff8b7e484db 101400->101403 101406 7ff8b7e08b20 wmemcpy_s 6 API calls 101400->101406 101401->101396 101404 7ff8b7e0855f 101401->101404 101407 7ff8b7e08b20 wmemcpy_s 6 API calls 101403->101407 101457 7ff8b7e0d4d0 6 API calls wmemcpy_s 101404->101457 101405 7ff8b7e08587 101405->101318 101410 7ff8b7e0853f 101406->101410 101409 7ff8b7e484e8 101407->101409 101458 7ff8b7e180a4 25 API calls __std_type_info_name 101409->101458 101410->101403 101412 7ff8b7e08547 101410->101412 101411 7ff8b7e0856a SetLastError 101411->101399 101414 7ff8b7e08585 101411->101414 101455 7ff8b7e09b80 25 API calls wmemcpy_s 101412->101455 101414->101405 101416 7ff8b7e0854f 101456 7ff8b7e0e510 25 API calls 2 library calls 101416->101456 101418->101316 101419->101318 101421 7ff8b7e061cf EnterCriticalSection 101420->101421 101422 7ff8b7e47e82 101420->101422 101424 7ff8b7e061e7 101421->101424 101444 7ff8b7e138f0 25 API calls 3 library calls 101422->101444 101426 7ff8b7e06226 LeaveCriticalSection 101424->101426 101428 7ff8b7e061fd 101424->101428 101425 7ff8b7e47e87 101445 7ff8b7e6d020 37 API calls wmemcpy_s 101425->101445 101426->101380 101428->101424 101431 7ff8b7e06221 101428->101431 101443 7ff8b7e05ff0 27 API calls 2 library calls 101428->101443 101429 7ff8b7e47e93 101431->101426 101433 7ff8b7e47e9a 101432->101433 101436 7ff8b7e06281 101432->101436 101434 7ff8b7e061ac 41 API calls 101433->101434 101433->101436 101435 7ff8b7e47ec3 101434->101435 101435->101436 101437 7ff8b7e47ef1 GetFileType 101435->101437 101438 7ff8b7e062a0 101436->101438 101437->101435 101439 7ff8b7e062ba 101438->101439 101440 7ff8b7e062fc GetStdHandle 101439->101440 101442 7ff8b7e06337 101439->101442 101440->101439 101441 7ff8b7e0630f GetFileType 101440->101441 101441->101439 101442->101381 101443->101428 101444->101425 101445->101429 101447 7ff8b7e0643f TlsAlloc 101446->101447 101450 7ff8b7e063c1 101446->101450 101448 7ff8b7e063c6 101447->101448 101448->101389 101448->101405 101450->101448 101451 7ff8b7e063fd GetProcAddress 101450->101451 101452 7ff8b7e47f63 101450->101452 101460 7ff8b7e06448 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 101450->101460 101451->101452 101453 7ff8b7e06416 101451->101453 101452->101447 101453->101447 101453->101448 101454->101395 101455->101416 101456->101401 101457->101411 101458->101396 101459->101405 101460->101450 101461->101329 101462->101337 101463->101340 101464->101340 101465->101344 101466 7ff8b80174a0 101467 7ff8b80174b5 101466->101467 101468 7ff8b80174cc ERR_set_mark OBJ_nid2sn EVP_CIPHER_fetch ERR_pop_to_mark 101467->101468 101469 7ff8b80174f1 101467->101469 101468->101469 101470 7ff8b800fae0 101471 7ff8b800faf0 101470->101471 101472 7ff8b800fb00 ERR_new ERR_set_debug ERR_set_error 101471->101472 101473 7ff8b800fb3b 101471->101473 101474 7ff8b800fbb5 101473->101474 101475 7ff8b800fb75 ASYNC_get_current_job 101473->101475 101477 7ff8b800fbbb 101473->101477 101483 7ff8b7ff1df2 101474->101483 101513 7ff8b7ff14bf 101474->101513 101543 7ff8b804e5ec 101474->101543 101475->101474 101476 7ff8b800fb7f 101475->101476 101573 7ff8b80183e0 ERR_new ERR_set_debug ERR_new ERR_set_debug ERR_set_error 101476->101573 101479 7ff8b800fbaa 101483->101477 101484 7ff8b804e020 101483->101484 101485 7ff8b804ea73 101484->101485 101486 7ff8b804e73a ERR_clear_error SetLastError 101484->101486 101485->101477 101491 7ff8b804e753 101486->101491 101487 7ff8b804e808 101489 7ff8b804e86d 101487->101489 101493 7ff8b804e820 ERR_new 101487->101493 101488 7ff8b804e855 101488->101489 101490 7ff8b804e861 ERR_new 101488->101490 101501 7ff8b804e885 ERR_new 101489->101501 101505 7ff8b804e891 101489->101505 101494 7ff8b804e82a ERR_set_debug 101490->101494 101491->101485 101491->101487 101491->101488 101502 7ff8b804e79e 101491->101502 101493->101494 101498 7ff8b804e850 101494->101498 101495 7ff8b804e9f5 101496 7ff8b804ea00 ERR_new ERR_set_debug 101495->101496 101499 7ff8b804ea32 ERR_new ERR_set_debug ERR_set_error 101495->101499 101500 7ff8b7ff1d89 101496->101500 101503 7ff8b804ea63 BUF_MEM_free 101498->101503 101499->101498 101500->101499 101501->101494 101502->101495 101502->101498 101502->101503 101574 7ff8b804e240 101502->101574 101588 7ff8b804ec70 101502->101588 101503->101485 101504 7ff8b804e8d7 101508 7ff8b804e91f 101504->101508 101509 7ff8b804e8ea ERR_new 101504->101509 101505->101504 101506 7ff8b804e8b6 101505->101506 101507 7ff8b804e8a7 ERR_new 101505->101507 101506->101504 101512 7ff8b804e8c8 ERR_new 101506->101512 101507->101494 101508->101502 101511 7ff8b804e939 ERR_new 101508->101511 101510 7ff8b804e8f4 ERR_set_debug 101509->101510 101510->101498 101511->101510 101512->101494 101513->101477 101514 7ff8b804df00 101513->101514 101515 7ff8b804e73a ERR_clear_error SetLastError 101514->101515 101534 7ff8b804ea73 101514->101534 101516 7ff8b804e753 101515->101516 101517 7ff8b804e808 101516->101517 101518 7ff8b804e855 101516->101518 101524 7ff8b804e79e 101516->101524 101516->101534 101519 7ff8b804e86d 101517->101519 101522 7ff8b804e820 ERR_new 101517->101522 101518->101519 101520 7ff8b804e861 ERR_new 101518->101520 101531 7ff8b804e885 ERR_new 101519->101531 101532 7ff8b804e891 101519->101532 101523 7ff8b804e82a ERR_set_debug 101520->101523 101521 7ff8b804e240 24 API calls 101521->101524 101522->101523 101526 7ff8b804e850 101523->101526 101524->101521 101525 7ff8b804e9f5 101524->101525 101524->101526 101528 7ff8b804ec70 70 API calls 101524->101528 101533 7ff8b804ea63 BUF_MEM_free 101524->101533 101527 7ff8b804ea00 ERR_new ERR_set_debug 101525->101527 101529 7ff8b804ea32 ERR_new ERR_set_debug ERR_set_error 101525->101529 101526->101533 101530 7ff8b7ff1d89 101527->101530 101528->101524 101529->101526 101530->101529 101531->101523 101535 7ff8b804e8d7 101532->101535 101536 7ff8b804e8b6 101532->101536 101537 7ff8b804e8a7 ERR_new 101532->101537 101533->101534 101534->101477 101538 7ff8b804e91f 101535->101538 101539 7ff8b804e8ea ERR_new 101535->101539 101536->101535 101542 7ff8b804e8c8 ERR_new 101536->101542 101537->101523 101538->101524 101541 7ff8b804e939 ERR_new 101538->101541 101540 7ff8b804e8f4 ERR_set_debug 101539->101540 101540->101526 101541->101540 101542->101523 101544 7ff8b804e5f7 101543->101544 101545 7ff8b804ea73 101544->101545 101546 7ff8b804e73a ERR_clear_error SetLastError 101544->101546 101545->101477 101551 7ff8b804e753 101546->101551 101547 7ff8b804e808 101549 7ff8b804e86d 101547->101549 101553 7ff8b804e820 ERR_new 101547->101553 101548 7ff8b804e855 101548->101549 101550 7ff8b804e861 ERR_new 101548->101550 101561 7ff8b804e885 ERR_new 101549->101561 101565 7ff8b804e891 101549->101565 101554 7ff8b804e82a ERR_set_debug 101550->101554 101551->101545 101551->101547 101551->101548 101562 7ff8b804e79e 101551->101562 101552 7ff8b804e240 24 API calls 101552->101562 101553->101554 101558 7ff8b804e850 101554->101558 101555 7ff8b804e9f5 101556 7ff8b804ea00 ERR_new ERR_set_debug 101555->101556 101559 7ff8b804ea32 ERR_new ERR_set_debug ERR_set_error 101555->101559 101560 7ff8b7ff1d89 101556->101560 101557 7ff8b804ec70 70 API calls 101557->101562 101563 7ff8b804ea63 BUF_MEM_free 101558->101563 101559->101558 101560->101559 101561->101554 101562->101552 101562->101555 101562->101557 101562->101558 101562->101563 101563->101545 101564 7ff8b804e8d7 101568 7ff8b804e91f 101564->101568 101569 7ff8b804e8ea ERR_new 101564->101569 101565->101564 101566 7ff8b804e8b6 101565->101566 101567 7ff8b804e8a7 ERR_new 101565->101567 101566->101564 101572 7ff8b804e8c8 ERR_new 101566->101572 101567->101554 101568->101562 101571 7ff8b804e939 ERR_new 101568->101571 101570 7ff8b804e8f4 ERR_set_debug 101569->101570 101570->101558 101571->101570 101572->101554 101573->101479 101579 7ff8b804e25a 101574->101579 101575 7ff8b804e500 ERR_new 101576 7ff8b804e50a ERR_set_debug 101575->101576 101578 7ff8b804e557 101576->101578 101578->101502 101579->101575 101579->101578 101580 7ff8b804e591 ERR_new 101579->101580 101581 7ff8b804e576 101579->101581 101583 7ff8b804e5a0 ERR_new ERR_set_debug 101579->101583 101585 7ff8b804e3be BUF_MEM_grow_clean 101579->101585 101586 7ff8b804e52d ERR_new ERR_set_debug 101579->101586 101605 7ff8b7ff1c62 101579->101605 101620 7ff8b7ff11c7 memcmp 101579->101620 101580->101576 101581->101578 101582 7ff8b804e582 ERR_new 101581->101582 101584 7ff8b804e4cd ERR_set_debug 101582->101584 101583->101578 101584->101578 101585->101579 101585->101586 101586->101578 101598 7ff8b804ec8c 101588->101598 101589 7ff8b804ed22 ERR_new ERR_set_debug 101594 7ff8b804ef51 101589->101594 101590 7ff8b804f005 101591 7ff8b804f011 ERR_new 101590->101591 101590->101594 101592 7ff8b804f01b ERR_set_debug 101591->101592 101592->101594 101594->101502 101596 7ff8b804efec 101597 7ff8b804eff6 ERR_new 101596->101597 101597->101590 101598->101589 101598->101590 101598->101594 101598->101596 101599 7ff8b804efd3 101598->101599 101602 7ff8b804ef8a 101598->101602 101621 7ff8b8050672 101598->101621 101627 7ff8b7ff1389 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error 101598->101627 101628 7ff8b7ff1140 CRYPTO_free CRYPTO_free 101598->101628 101629 7ff8b7ff1294 10 API calls 101598->101629 101601 7ff8b804efdd ERR_new 101599->101601 101601->101596 101602->101594 101603 7ff8b804efa4 ERR_new 101602->101603 101603->101592 101605->101579 101606 7ff8b8055490 101605->101606 101607 7ff8b80554cc 101606->101607 101608 7ff8b8055527 ERR_clear_error OPENSSL_sk_value X509_get0_pubkey 101606->101608 101611 7ff8b80554e4 ERR_new ERR_set_debug 101606->101611 101607->101579 101609 7ff8b80556b6 ERR_new ERR_set_debug 101608->101609 101610 7ff8b8055562 101608->101610 101612 7ff8b80556de 101609->101612 101610->101609 101614 7ff8b8055572 101610->101614 101613 7ff8b805550c 101611->101613 101612->101579 101613->101579 101615 7ff8b80555b4 101614->101615 101616 7ff8b8055587 ERR_new ERR_set_debug 101614->101616 101617 7ff8b80555e4 ERR_new ERR_set_debug 101615->101617 101618 7ff8b8055611 X509_free X509_up_ref 101615->101618 101616->101612 101617->101612 101619 7ff8b805565e 101618->101619 101619->101579 101620->101579 101622 7ff8b80506a6 101621->101622 101623 7ff8b8050682 101621->101623 101630 7ff8b7ff1d43 101622->101630 101626 7ff8b805069c 101623->101626 101634 7ff8b7ff1c12 46 API calls 101623->101634 101626->101598 101627->101598 101628->101598 101629->101598 101630->101626 101631 7ff8b804ec10 101630->101631 101632 7ff8b804ec1c BIO_ctrl 101631->101632 101633 7ff8b804ec3f 101632->101633 101633->101626 101634->101626 101635 7ff7e5d756f4 101636 7ff7e5d7570e 101635->101636 101637 7ff7e5d7572b 101635->101637 101686 7ff7e5d7b578 11 API calls _get_daylight 101636->101686 101637->101636 101638 7ff7e5d7573e CreateFileW 101637->101638 101640 7ff7e5d757a8 101638->101640 101641 7ff7e5d75772 101638->101641 101689 7ff7e5d75cd0 46 API calls 3 library calls 101640->101689 101660 7ff7e5d75848 GetFileType 101641->101660 101642 7ff7e5d75713 101687 7ff7e5d7b598 11 API calls _get_daylight 101642->101687 101646 7ff7e5d7571b 101688 7ff7e5d7a934 37 API calls _invalid_parameter_noinfo 101646->101688 101648 7ff7e5d757ad 101652 7ff7e5d757dc 101648->101652 101653 7ff7e5d757b1 101648->101653 101650 7ff7e5d7579d CloseHandle 101655 7ff7e5d75726 101650->101655 101651 7ff7e5d75787 CloseHandle 101651->101655 101691 7ff7e5d75a90 101652->101691 101690 7ff7e5d7b50c 11 API calls 2 library calls 101653->101690 101659 7ff7e5d757bb 101659->101655 101661 7ff7e5d75896 101660->101661 101662 7ff7e5d75953 101660->101662 101663 7ff7e5d758c2 GetFileInformationByHandle 101661->101663 101709 7ff7e5d75bcc 21 API calls _fread_nolock 101661->101709 101664 7ff7e5d7597d 101662->101664 101665 7ff7e5d7595b 101662->101665 101667 7ff7e5d7596e GetLastError 101663->101667 101668 7ff7e5d758eb 101663->101668 101670 7ff7e5d759a0 PeekNamedPipe 101664->101670 101675 7ff7e5d7593e 101664->101675 101665->101667 101669 7ff7e5d7595f 101665->101669 101712 7ff7e5d7b50c 11 API calls 2 library calls 101667->101712 101671 7ff7e5d75a90 51 API calls 101668->101671 101711 7ff7e5d7b598 11 API calls _get_daylight 101669->101711 101670->101675 101677 7ff7e5d758f6 101671->101677 101674 7ff7e5d6ac60 _log10_special 8 API calls 101678 7ff7e5d75780 101674->101678 101675->101674 101676 7ff7e5d758b0 101676->101663 101676->101675 101702 7ff7e5d759f0 101677->101702 101678->101650 101678->101651 101681 7ff7e5d759f0 10 API calls 101682 7ff7e5d75915 101681->101682 101683 7ff7e5d759f0 10 API calls 101682->101683 101684 7ff7e5d75926 101683->101684 101684->101675 101710 7ff7e5d7b598 11 API calls _get_daylight 101684->101710 101686->101642 101687->101646 101688->101655 101689->101648 101690->101659 101693 7ff7e5d75ab8 101691->101693 101692 7ff7e5d757e9 101701 7ff7e5d75bcc 21 API calls _fread_nolock 101692->101701 101693->101692 101713 7ff7e5d7fab4 51 API calls 2 library calls 101693->101713 101695 7ff7e5d75b4c 101695->101692 101714 7ff7e5d7fab4 51 API calls 2 library calls 101695->101714 101697 7ff7e5d75b5f 101697->101692 101715 7ff7e5d7fab4 51 API calls 2 library calls 101697->101715 101699 7ff7e5d75b72 101699->101692 101716 7ff7e5d7fab4 51 API calls 2 library calls 101699->101716 101701->101659 101703 7ff7e5d75a0c 101702->101703 101704 7ff7e5d75a19 FileTimeToSystemTime 101702->101704 101703->101704 101706 7ff7e5d75a14 101703->101706 101705 7ff7e5d75a2d SystemTimeToTzSpecificLocalTime 101704->101705 101704->101706 101705->101706 101707 7ff7e5d6ac60 _log10_special 8 API calls 101706->101707 101708 7ff7e5d75905 101707->101708 101708->101681 101709->101676 101710->101675 101711->101675 101712->101675 101713->101695 101714->101697 101715->101699 101716->101692 101065 7ff8b9061000 PyImport_ImportModule 101066 7ff8b9061016 101065->101066 101069 7ff8b906103e 101065->101069 101067 7ff8b906102a PyCapsule_Import 101066->101067 101068 7ff8b9061021 _Py_Dealloc 101066->101068 101067->101069 101068->101067 101717 7ff7e5d799b1 101729 7ff7e5d7a468 101717->101729 101719 7ff7e5d799b6 101720 7ff7e5d799dd GetModuleHandleW 101719->101720 101721 7ff7e5d79a27 101719->101721 101720->101721 101726 7ff7e5d799ea 101720->101726 101722 7ff7e5d798b4 11 API calls 101721->101722 101723 7ff7e5d79a63 101722->101723 101724 7ff7e5d79a6a 101723->101724 101725 7ff7e5d79a80 11 API calls 101723->101725 101727 7ff7e5d79a7c 101725->101727 101726->101721 101728 7ff7e5d79ad8 GetModuleHandleExW GetProcAddress FreeLibrary 101726->101728 101728->101721 101734 7ff7e5d7b160 45 API calls 3 library calls 101729->101734 101732 7ff7e5d7a471 101735 7ff7e5d7a51c 45 API calls __CxxCallCatchBlock 101732->101735 101734->101732 101070 7ff8b8f71c90 101072 7ff8b8f71caf 101070->101072 101071 7ff8b8f71cbb _PyArg_UnpackKeywords 101073 7ff8b8f71d04 101071->101073 101077 7ff8b8f71d7d 101071->101077 101072->101071 101072->101073 101074 7ff8b8f7380c _PyArg_BadArgument 101073->101074 101075 7ff8b8f71d1b PyUnicode_AsUTF8AndSize 101073->101075 101074->101077 101076 7ff8b8f71d3c 101075->101076 101075->101077 101078 7ff8b8f71d5a 101076->101078 101079 7ff8b8f73830 PyErr_SetString 101076->101079 101080 7ff8b8f71d6f 101078->101080 101081 7ff8b8f71d5f PyObject_IsTrue 101078->101081 101079->101077 101083 7ff8b8f71da0 OBJ_txt2obj 101080->101083 101081->101077 101081->101080 101084 7ff8b8f7384e PyErr_Format 101083->101084 101085 7ff8b8f71dd2 PyModule_GetState 101083->101085 101088 7ff8b8f71e08 51 API calls 101085->101088 101087 7ff8b8f71de6 ASN1_OBJECT_free 101087->101077 101088->101087 101736 7ff7e5d6a1f0 101737 7ff7e5d6a21e 101736->101737 101738 7ff7e5d6a205 101736->101738 101738->101737 101741 7ff7e5d7d8d4 101738->101741 101742 7ff7e5d7d8e3 _get_daylight 101741->101742 101743 7ff7e5d7d91f 101741->101743 101742->101743 101745 7ff7e5d7d906 RtlAllocateHeap 101742->101745 101748 7ff7e5d83920 EnterCriticalSection LeaveCriticalSection _get_daylight 101742->101748 101749 7ff7e5d7b598 11 API calls _get_daylight 101743->101749 101745->101742 101746 7ff7e5d6a27e 101745->101746 101748->101742 101749->101746

                                                                Executed Functions

                                                                Function 00007FF8B7FF1A0F Relevance: 149.6, APIs: 77, Strings: 8, Instructions: 892COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_new$R_set_debug$R_get_flagsX_get0_cipher
                                                                • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                • API String ID: 1830453883-2781224710
                                                                • Opcode ID: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                • Instruction ID: 32dc7df625113b803f1f4441bf89a53f520472002cbc852a8fafe6b0840088d8
                                                                • Opcode Fuzzy Hash: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                • Instruction Fuzzy Hash: 2C929C32A4EA4285FF20DB2AD8547B922A0EB497C8F544136DB4D4B6D6CF3CE583D319
                                                                Function 00007FF8B7FF1618 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 314COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 504 7ff8b7ff1618-7ff8b80089eb call 7ff8b7ff1325 508 7ff8b80089f0-7ff8b80089f5 504->508 509 7ff8b8008a16-7ff8b8008a22 508->509 510 7ff8b80089f7-7ff8b8008a01 call 7ff8b7ff1e1f 508->510 509->508 511 7ff8b8008a24-7ff8b8008a3c 509->511 513 7ff8b8008a06-7ff8b8008a0c 510->513 514 7ff8b8008a40-7ff8b8008a59 call 7ff8b7ff185c 511->514 513->509 515 7ff8b8008a0e-7ff8b8008a10 513->515 518 7ff8b8008a5b-7ff8b8008a63 514->518 519 7ff8b8008a65-7ff8b8008a6f EVP_MD_get_size 514->519 515->509 522 7ff8b8008a7a-7ff8b8008a89 518->522 520 7ff8b8008eae-7ff8b8008ec0 519->520 521 7ff8b8008a75-7ff8b8008a77 519->521 521->522 522->514 523 7ff8b8008a8b-7ff8b8008ab0 ERR_set_mark EVP_SIGNATURE_fetch 522->523 524 7ff8b8008abb-7ff8b8008abe call 7ff8b806c5e9 523->524 525 7ff8b8008ab2-7ff8b8008ab9 523->525 526 7ff8b8008ac3-7ff8b8008adc EVP_KEYEXCH_fetch 524->526 525->526 528 7ff8b8008aea-7ff8b8008aed call 7ff8b806c5f5 526->528 529 7ff8b8008ade-7ff8b8008ae8 526->529 530 7ff8b8008af2-7ff8b8008b0b EVP_KEYEXCH_fetch 528->530 529->530 532 7ff8b8008b19-7ff8b8008b1c EVP_KEYEXCH_free 530->532 533 7ff8b8008b0d-7ff8b8008b17 530->533 534 7ff8b8008b21-7ff8b8008b3a EVP_SIGNATURE_fetch 532->534 533->534 535 7ff8b8008b3c-7ff8b8008b43 534->535 536 7ff8b8008b45-7ff8b8008b48 EVP_SIGNATURE_free 534->536 537 7ff8b8008b4d-7ff8b8008bad ERR_pop_to_mark EVP_PKEY_asn1_find_str 535->537 536->537 538 7ff8b8008baf-7ff8b8008bcc EVP_PKEY_asn1_get0_info 537->538 539 7ff8b8008bd2-7ff8b8008be6 call 7ff8b7ff1032 537->539 538->539 540 7ff8b8008bce 538->540 543 7ff8b8008be8-7ff8b8008bf3 539->543 544 7ff8b8008bf5 539->544 540->539 545 7ff8b8008bfc-7ff8b8008c1d EVP_PKEY_asn1_find_str 543->545 544->545 546 7ff8b8008c1f-7ff8b8008c3c EVP_PKEY_asn1_get0_info 545->546 547 7ff8b8008c42-7ff8b8008c56 call 7ff8b7ff1032 545->547 546->547 548 7ff8b8008c3e 546->548 551 7ff8b8008c58-7ff8b8008c63 547->551 552 7ff8b8008c65 547->552 548->547 553 7ff8b8008c6f-7ff8b8008c90 EVP_PKEY_asn1_find_str 551->553 552->553 554 7ff8b8008c92-7ff8b8008caf EVP_PKEY_asn1_get0_info 553->554 555 7ff8b8008cb5-7ff8b8008cc9 call 7ff8b7ff1032 553->555 554->555 556 7ff8b8008cb1 554->556 559 7ff8b8008cd8 555->559 560 7ff8b8008ccb-7ff8b8008cd6 555->560 556->555 561 7ff8b8008ce2-7ff8b8008d03 EVP_PKEY_asn1_find_str 559->561 560->561 562 7ff8b8008d28-7ff8b8008d3c call 7ff8b7ff1032 561->562 563 7ff8b8008d05-7ff8b8008d22 EVP_PKEY_asn1_get0_info 561->563 567 7ff8b8008d4b 562->567 568 7ff8b8008d3e-7ff8b8008d49 562->568 563->562 564 7ff8b8008d24 563->564 564->562 569 7ff8b8008d55-7ff8b8008d76 EVP_PKEY_asn1_find_str 567->569 568->569 570 7ff8b8008d78-7ff8b8008d95 EVP_PKEY_asn1_get0_info 569->570 571 7ff8b8008d9b-7ff8b8008da8 call 7ff8b7ff1032 569->571 570->571 572 7ff8b8008d97 570->572 575 7ff8b8008daa 571->575 576 7ff8b8008db4-7ff8b8008dd5 EVP_PKEY_asn1_find_str 571->576 572->571 575->576 577 7ff8b8008dfa-7ff8b8008e07 call 7ff8b7ff1032 576->577 578 7ff8b8008dd7-7ff8b8008df4 EVP_PKEY_asn1_get0_info 576->578 582 7ff8b8008e09 577->582 583 7ff8b8008e13-7ff8b8008e34 EVP_PKEY_asn1_find_str 577->583 578->577 579 7ff8b8008df6 578->579 579->577 582->583 584 7ff8b8008e59-7ff8b8008e66 call 7ff8b7ff1032 583->584 585 7ff8b8008e36-7ff8b8008e53 EVP_PKEY_asn1_get0_info 583->585 589 7ff8b8008e68 584->589 590 7ff8b8008e72-7ff8b8008e81 584->590 585->584 586 7ff8b8008e55 585->586 586->584 589->590 591 7ff8b8008e8a-7ff8b8008e8c 590->591 592 7ff8b8008e83 590->592 593 7ff8b8008e98-7ff8b8008ead 591->593 594 7ff8b8008e8e 591->594 592->591 594->593
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetch$D_get_sizeE_freeH_freeR_pop_to_markR_set_mark
                                                                • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                                                                • API String ID: 4252356852-365409564
                                                                • Opcode ID: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                • Instruction ID: a5b1358fdeb0b5ba687e3fa28352c306e09e566855861b92e60f890d3bc8860c
                                                                • Opcode Fuzzy Hash: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                • Instruction Fuzzy Hash: B2E1A172A09B9285EB50DF28D8816A937A0FB547D8F041135FF4E466E9DF38E193C708
                                                                Function 00007FF8B800CB40 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 595 7ff8b800cb40-7ff8b800cb43 596 7ff8b800cb49-7ff8b800cb6a call 7ff8b7ff1325 595->596 597 7ff8b800cec5 595->597 600 7ff8b800cec0-7ff8b800cec4 596->600 601 7ff8b800cb70-7ff8b800cbdd call 7ff8b806c745 CRYPTO_free * 2 596->601 600->597 604 7ff8b800cbe9-7ff8b800cc3d CRYPTO_free_ex_data OPENSSL_LH_free X509_STORE_free CTLOG_STORE_free OPENSSL_sk_free * 3 call 7ff8b7ff11db 601->604 605 7ff8b800cbdf-7ff8b800cbe4 call 7ff8b7ff1d9d 601->605 608 7ff8b800cc42-7ff8b800cd29 OPENSSL_sk_pop_free * 3 OPENSSL_sk_free call 7ff8b7ff1811 call 7ff8b7ff1032 CRYPTO_free * 4 CRYPTO_secure_free 604->608 605->604 613 7ff8b800cd2b-7ff8b800cd36 EVP_MD_get0_provider 608->613 614 7ff8b800cd40-7ff8b800cd4a 608->614 613->614 615 7ff8b800cd38-7ff8b800cd3b EVP_MD_free 613->615 616 7ff8b800cd4c-7ff8b800cd57 EVP_MD_get0_provider 614->616 617 7ff8b800cd61-7ff8b800cd6e 614->617 615->614 616->617 619 7ff8b800cd59-7ff8b800cd5c EVP_MD_free 616->619 618 7ff8b800cd70-7ff8b800cd76 617->618 620 7ff8b800cd78-7ff8b800cd83 EVP_CIPHER_get0_provider 618->620 621 7ff8b800cd8d-7ff8b800cd95 618->621 619->617 620->621 622 7ff8b800cd85-7ff8b800cd88 EVP_CIPHER_free 620->622 621->618 623 7ff8b800cd97-7ff8b800cd9e 621->623 622->621 624 7ff8b800cda4-7ff8b800cdaa 623->624 625 7ff8b800cdac-7ff8b800cdb7 EVP_MD_get0_provider 624->625 626 7ff8b800cdc1-7ff8b800cdc9 624->626 625->626 627 7ff8b800cdb9-7ff8b800cdbc EVP_MD_free 625->627 626->624 628 7ff8b800cdcb-7ff8b800cddc 626->628 627->626 629 7ff8b800ce4a-7ff8b800cebb CRYPTO_free * 2 CRYPTO_THREAD_lock_free CRYPTO_free * 2 628->629 630 7ff8b800cdde 628->630 629->600 631 7ff8b800cde1-7ff8b800ce48 CRYPTO_free * 3 630->631 631->629 631->631
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                • String ID: ..\s\ssl\ssl_lib.c
                                                                • API String ID: 234229340-1080266419
                                                                • Opcode ID: a85317bcf1e3dd943ddaaa58e8500dd1fdc06cb60adce51610fef9f1495ee99f
                                                                • Instruction ID: 216ae52978b1b1523ce8c24d06772ea04232b5caa289c6188e9e17d91470d2cd
                                                                • Opcode Fuzzy Hash: a85317bcf1e3dd943ddaaa58e8500dd1fdc06cb60adce51610fef9f1495ee99f
                                                                • Instruction Fuzzy Hash: A6910421B08A4784EE50EF2AD5912B92361EF85FC4F485032EF1D4B6EADF79E5438358
                                                                Function 00007FF8B7FF1992 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 255COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 632 7ff8b7ff1992-7ff8b800d32d call 7ff8b7ff1325 636 7ff8b800d32f-7ff8b800d357 ERR_new ERR_set_debug ERR_set_error 632->636 637 7ff8b800d363-7ff8b800d371 call 7ff8b7ff1087 632->637 638 7ff8b800d35c-7ff8b800d35e 636->638 637->638 642 7ff8b800d373-7ff8b800d37f call 7ff8b7ff1ea6 637->642 640 7ff8b800d3ec-7ff8b800d3fe 638->640 645 7ff8b800d3ff-7ff8b800d41c CRYPTO_zalloc 642->645 646 7ff8b800d381-7ff8b800d3aa ERR_new ERR_set_debug ERR_set_error 642->646 647 7ff8b800d3af-7ff8b800d3cc ERR_new ERR_set_debug 645->647 648 7ff8b800d41e-7ff8b800d437 CRYPTO_THREAD_lock_new 645->648 646->647 649 7ff8b800d3d1-7ff8b800d3d8 ERR_set_error 647->649 650 7ff8b800d439-7ff8b800d47c ERR_new ERR_set_debug ERR_set_error CRYPTO_free 648->650 651 7ff8b800d481-7ff8b800d487 648->651 652 7ff8b800d3dd-7ff8b800d3e0 call 7ff8b7ff2298 649->652 653 7ff8b800d3e5 650->653 654 7ff8b800d489-7ff8b800d4a8 CRYPTO_strdup 651->654 655 7ff8b800d4ae-7ff8b800d4fc call 7ff8b7ff2662 651->655 652->653 657 7ff8b800d3e7 653->657 654->647 654->655 655->647 661 7ff8b800d502-7ff8b800d51c OPENSSL_LH_new 655->661 657->640 661->647 662 7ff8b800d522-7ff8b800d52e X509_STORE_new 661->662 662->647 663 7ff8b800d534-7ff8b800d549 CTLOG_STORE_new_ex 662->663 663->647 664 7ff8b800d54f-7ff8b800d552 call 7ff8b7ff1618 663->664 666 7ff8b800d557-7ff8b800d559 664->666 666->652 667 7ff8b800d55f-7ff8b800d569 call 7ff8b7ff1361 666->667 667->652 670 7ff8b800d56f-7ff8b800d579 call 7ff8b7ff1393 667->670 670->652 673 7ff8b800d57f-7ff8b800d591 call 7ff8b7ff1118 call 7ff8b7ff2581 670->673 673->647 678 7ff8b800d597-7ff8b800d5c4 call 7ff8b7ff26da call 7ff8b7ff1fd2 673->678 683 7ff8b800d5ca-7ff8b800d5d5 OPENSSL_sk_num 678->683 684 7ff8b800d786-7ff8b800d7a8 ERR_new ERR_set_debug 678->684 683->684 685 7ff8b800d5db-7ff8b800d5ea X509_VERIFY_PARAM_new 683->685 684->649 685->647 686 7ff8b800d5f0-7ff8b800d62d call 7ff8b7ff185c * 2 OPENSSL_sk_new_null 685->686 686->647 691 7ff8b800d633-7ff8b800d642 OPENSSL_sk_new_null 686->691 691->647 692 7ff8b800d648-7ff8b800d65e CRYPTO_new_ex_data 691->692 692->647 693 7ff8b800d664-7ff8b800d685 CRYPTO_secure_zalloc 692->693 693->647 694 7ff8b800d68b-7ff8b800d696 693->694 695 7ff8b800d698-7ff8b800d69d call 7ff8b7ff12cb 694->695 696 7ff8b800d6a4-7ff8b800d6d2 RAND_bytes_ex 694->696 695->696 698 7ff8b800d70c 696->698 699 7ff8b800d6d4-7ff8b800d6ec RAND_priv_bytes_ex 696->699 702 7ff8b800d717-7ff8b800d72f RAND_priv_bytes_ex 698->702 699->698 701 7ff8b800d6ee-7ff8b800d70a RAND_priv_bytes_ex 699->701 701->698 701->702 702->647 703 7ff8b800d735-7ff8b800d73f call 7ff8b7ff25d1 702->703 703->647 706 7ff8b800d745-7ff8b800d781 call 7ff8b7ff2054 703->706 706->657
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug$R_set_error$D_priv_bytes_ex$L_sk_new_nullX509_$D_bytes_exD_lock_newE_newE_new_exH_newL_sk_numM_newO_freeO_new_ex_dataO_secure_zallocO_strdupO_zalloc
                                                                • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_new_ex
                                                                • API String ID: 864562269-27091654
                                                                • Opcode ID: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                • Instruction ID: 7f4bbadfda95476c6653084d35f36a73e9992674a5c864a429f7afef1cd76232
                                                                • Opcode Fuzzy Hash: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                • Instruction Fuzzy Hash: 38C16962A19B4785FF50EB29A4517AD2291AF44BC4F480135EF4D4A7E6EF3CE503C329
                                                                Function 00007FF8B8F78E7C Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 171threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1069 7ff8b8f78e7c-7ff8b8f78ea2 1071 7ff8b8f78f5d-7ff8b8f78f5f 1069->1071 1072 7ff8b8f78ea8-7ff8b8f78eba PyWeakref_GetObject 1069->1072 1073 7ff8b8f78f62 1071->1073 1072->1073 1074 7ff8b8f78ec0-7ff8b8f78ec7 1072->1074 1077 7ff8b8f78f65 1073->1077 1075 7ff8b8f78eef-7ff8b8f78ef4 1074->1075 1076 7ff8b8f78ec9-7ff8b8f78eea call 7ff8b8f766b0 1074->1076 1079 7ff8b8f78ef8-7ff8b8f78f47 SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 1075->1079 1080 7ff8b8f78ef6 1075->1080 1086 7ff8b8f790ae 1076->1086 1081 7ff8b8f78f68-7ff8b8f78f99 PyEval_SaveThread SSL_do_handshake call 7ff8b8f74b9c 1077->1081 1079->1077 1083 7ff8b8f78f49-7ff8b8f78f5b _PyDeadline_Init 1079->1083 1080->1079 1085 7ff8b8f78f9e-7ff8b8f78fd8 PyEval_RestoreThread PyErr_CheckSignals 1081->1085 1083->1081 1087 7ff8b8f7908e-7ff8b8f79091 1085->1087 1088 7ff8b8f78fde-7ff8b8f78fe1 1085->1088 1089 7ff8b8f790b0-7ff8b8f790c7 1086->1089 1092 7ff8b8f790a6-7ff8b8f790a9 call 7ff8b8f73ea0 1087->1092 1093 7ff8b8f79093-7ff8b8f79095 1087->1093 1090 7ff8b8f78fef-7ff8b8f78ff6 1088->1090 1091 7ff8b8f78fe3-7ff8b8f78fec _PyDeadline_Get 1088->1091 1095 7ff8b8f78ffc-7ff8b8f78fff 1090->1095 1096 7ff8b8f78ff8-7ff8b8f78ffa 1090->1096 1091->1090 1092->1086 1093->1092 1097 7ff8b8f79097-7ff8b8f7909b 1093->1097 1099 7ff8b8f79026-7ff8b8f79029 1095->1099 1100 7ff8b8f79001 1095->1100 1098 7ff8b8f79004-7ff8b8f79012 call 7ff8b8f74434 1096->1098 1097->1092 1101 7ff8b8f7909d-7ff8b8f790a0 _Py_Dealloc 1097->1101 1108 7ff8b8f790c8-7ff8b8f790d9 1098->1108 1109 7ff8b8f79018-7ff8b8f7901b 1098->1109 1099->1081 1103 7ff8b8f7902f-7ff8b8f79032 1099->1103 1100->1098 1101->1092 1103->1081 1105 7ff8b8f79038-7ff8b8f7903b 1103->1105 1106 7ff8b8f7903d-7ff8b8f7903f 1105->1106 1107 7ff8b8f79050-7ff8b8f7905d 1105->1107 1106->1107 1110 7ff8b8f79041-7ff8b8f79045 1106->1110 1111 7ff8b8f7905f-7ff8b8f7906a call 7ff8b8f73fa4 1107->1111 1112 7ff8b8f790db-7ff8b8f790f0 call 7ff8b8f73ea0 1107->1112 1113 7ff8b8f79088 PyErr_SetString 1108->1113 1114 7ff8b8f7901d-7ff8b8f79020 1109->1114 1115 7ff8b8f79075 1109->1115 1110->1107 1116 7ff8b8f79047-7ff8b8f7904a _Py_Dealloc 1110->1116 1111->1089 1112->1089 1113->1087 1120 7ff8b8f7906c-7ff8b8f79073 1114->1120 1121 7ff8b8f79022-7ff8b8f79024 1114->1121 1119 7ff8b8f7907c-7ff8b8f79084 1115->1119 1116->1107 1119->1113 1120->1119 1121->1099 1121->1105
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Deadline_DeallocErr_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioObjectR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                • String ID: Underlying socket connection gone$_ssl.c:983: The handshake operation timed out$_ssl.c:987: Underlying socket has been closed.$_ssl.c:991: Underlying socket too large for select().
                                                                • API String ID: 3614085790-1145532335
                                                                • Opcode ID: 8a5c9fe5bcf377cdba9e53c39a3d49a307c0a6e1fd9fad0d33650c7998d7eefc
                                                                • Instruction ID: ef3a27ad73842ccc4a0c897f4679647792acad1a7cf4cada61f4747e9401b18a
                                                                • Opcode Fuzzy Hash: 8a5c9fe5bcf377cdba9e53c39a3d49a307c0a6e1fd9fad0d33650c7998d7eefc
                                                                • Instruction Fuzzy Hash: EB61493AB19E4286FB61AB2A98505792BA1FF89BC6F540131DF0E47759DF3DE4438308
                                                                Function 00007FF7E5D85F90 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D85FD5
                                                                  • Part of subcall function 00007FF7E5D85928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8593C
                                                                  • Part of subcall function 00007FF7E5D7A574: HeapFree.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                  • Part of subcall function 00007FF7E5D7A574: GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                  • Part of subcall function 00007FF7E5D7A954: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7E5D7A933,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7A95D
                                                                  • Part of subcall function 00007FF7E5D7A954: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7E5D7A933,?,?,?,?,?,00007FF7E5D7A81E), ref: 00007FF7E5D7A982
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D85FC4
                                                                  • Part of subcall function 00007FF7E5D85988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8599C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8623A
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8624B
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8625C
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E5D8649C), ref: 00007FF7E5D86283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 4070488512-239921721
                                                                • Opcode ID: 9283cef0635022cc07389bf1168982caad64e3fafe3433b06e29da1bda549ea4
                                                                • Instruction ID: 1d8aa4930c3a64a11fdde48458f28e214c433d3ba20f0995045280f60047b630
                                                                • Opcode Fuzzy Hash: 9283cef0635022cc07389bf1168982caad64e3fafe3433b06e29da1bda549ea4
                                                                • Instruction Fuzzy Hash: 37D1A326E0821A85EB10FF25D4E03B9A661EB54FA4FC44137EA4DCB686DE3CE441C762
                                                                Function 00007FF8B8038810 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: O_malloc$O_freeR_newR_set_debug
                                                                • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer$ssl3_setup_write_buffer
                                                                • API String ID: 2137838121-2302522825
                                                                • Opcode ID: ee7e063a5a246d61d598412ba2803017176e8ff550e4fa26b15343c4d60ff2d8
                                                                • Instruction ID: 0e5ad055cc6aeebdca03ff226f9a908783cfea5f2622fa4f3428d62a91a1f5c7
                                                                • Opcode Fuzzy Hash: ee7e063a5a246d61d598412ba2803017176e8ff550e4fa26b15343c4d60ff2d8
                                                                • Instruction Fuzzy Hash: 6D519A72A09B4186EB10DB1AE8447A963E8EB88BC8F590536DF4C477D5DF38D443C308
                                                                Function 00007FF7E5D86CF4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                • String ID:
                                                                • API String ID: 1617910340-0
                                                                • Opcode ID: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction ID: 84bb2e2ef4f60f4c9833d1c1e054364cd258cc40cbf93a89c79e1bf8e0c05d80
                                                                • Opcode Fuzzy Hash: 7e03ef3d0a20c94a2012376284489c35dd0980ac60203fd93d959aa726f203d8
                                                                • Instruction Fuzzy Hash: E4C1C132B28A4985EB10EF64D4E16AC7771E749FA8B814236DB1EDB794DF38E051C311
                                                                Function 00007FF7E5D8620C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8623A
                                                                  • Part of subcall function 00007FF7E5D85988: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8599C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8624B
                                                                  • Part of subcall function 00007FF7E5D85928: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8593C
                                                                • _get_daylight.LIBCMT ref: 00007FF7E5D8625C
                                                                  • Part of subcall function 00007FF7E5D85958: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E5D8596C
                                                                  • Part of subcall function 00007FF7E5D7A574: HeapFree.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A58A
                                                                  • Part of subcall function 00007FF7E5D7A574: GetLastError.KERNEL32(?,?,?,00007FF7E5D830B2,?,?,?,00007FF7E5D830EF,?,?,00000000,00007FF7E5D835B5,?,?,?,00007FF7E5D834E7), ref: 00007FF7E5D7A594
                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7E5D8649C), ref: 00007FF7E5D86283
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                • API String ID: 3458911817-239921721
                                                                • Opcode ID: c4d5097cd75f94c8fd8ae5c0a6db21b68cc710d0165bcf2bafe064b9ca7a5653
                                                                • Instruction ID: 8ee27bd43ee17b89b6dceec69bd9670fda615cb6b330dfc06c800c7eeef1add9
                                                                • Opcode Fuzzy Hash: c4d5097cd75f94c8fd8ae5c0a6db21b68cc710d0165bcf2bafe064b9ca7a5653
                                                                • Instruction Fuzzy Hash: CF516F22E1864A86E710FF25E4E02A9A760FB58B94FC44137EA5DCB796DF3CE401C761
                                                                Function 00007FF7E5D67990 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction ID: bd70c973abb893a7a30716a83dd9b85d020a6e973b80047431b01720e5325092
                                                                • Opcode Fuzzy Hash: 0d24089257937bf4d8f75b282e589f98d2e605d2659b39465ed8206b1681d219
                                                                • Instruction Fuzzy Hash: 08F0C872A1C64AC6F760DB64B4E8366B390BB44B74F800337EAAE466D4DF7CD0498B01
                                                                Function 00007FF8B8F77AE4 Relevance: 79.0, APIs: 34, Strings: 11, Instructions: 218threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 245 7ff8b8f77ae4-7ff8b8f77b19 PyType_GetModuleByDef 246 7ff8b8f77b1b-7ff8b8f77b2c PyErr_SetString 245->246 247 7ff8b8f77b53-7ff8b8f77b5e 245->247 248 7ff8b8f77b32 246->248 249 7ff8b8f77c1c-7ff8b8f77c39 PyErr_WarnEx 247->249 250 7ff8b8f77b64-7ff8b8f77b67 247->250 251 7ff8b8f77b34-7ff8b8f77b52 248->251 249->248 252 7ff8b8f77c3f TLS_method 249->252 253 7ff8b8f77b6d-7ff8b8f77b70 250->253 254 7ff8b8f77bf1-7ff8b8f77c0e PyErr_WarnEx 250->254 258 7ff8b8f77c45-7ff8b8f77c4b 252->258 255 7ff8b8f77bc6-7ff8b8f77be3 PyErr_WarnEx 253->255 256 7ff8b8f77b72-7ff8b8f77b75 253->256 254->248 257 7ff8b8f77c14-7ff8b8f77c1a TLSv1_method 254->257 255->248 261 7ff8b8f77be9-7ff8b8f77bef TLSv1_1_method 255->261 259 7ff8b8f77b9b-7ff8b8f77bb8 PyErr_WarnEx 256->259 260 7ff8b8f77b77-7ff8b8f77b7a 256->260 257->258 262 7ff8b8f77c6c-7ff8b8f77c8d PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 258->262 263 7ff8b8f77c4d-7ff8b8f77c67 PyErr_Format 258->263 259->248 268 7ff8b8f77bbe-7ff8b8f77bc4 TLSv1_2_method 259->268 266 7ff8b8f77b7c-7ff8b8f77b7f 260->266 267 7ff8b8f77b90-7ff8b8f77b96 TLS_client_method 260->267 261->258 264 7ff8b8f77c8f-7ff8b8f77cad PyModule_GetState call 7ff8b8f766b0 262->264 265 7ff8b8f77cb2-7ff8b8f77cc4 262->265 263->248 264->248 273 7ff8b8f77cc6-7ff8b8f77ccf SSL_CTX_free 265->273 274 7ff8b8f77cd4-7ff8b8f77d0e PyModule_GetState 265->274 266->263 270 7ff8b8f77b85-7ff8b8f77b8b TLS_server_method 266->270 267->258 268->258 270->258 273->248 275 7ff8b8f77d45-7ff8b8f77d4b 274->275 276 7ff8b8f77d10-7ff8b8f77d17 274->276 277 7ff8b8f77d1a-7ff8b8f77d22 call 7ff8b8f76704 275->277 276->277 280 7ff8b8f77d4d-7ff8b8f77d73 SSL_CTX_set_options 277->280 281 7ff8b8f77d24-7ff8b8f77d27 277->281 282 7ff8b8f77d7c-7ff8b8f77d84 SSL_CTX_set_cipher_list 280->282 283 7ff8b8f77d75 280->283 281->248 284 7ff8b8f77d2d-7ff8b8f77d31 281->284 285 7ff8b8f77d86-7ff8b8f77da1 ERR_clear_error PyErr_SetString 282->285 286 7ff8b8f77da3-7ff8b8f77da6 282->286 283->282 284->248 287 7ff8b8f77d37-7ff8b8f77d40 _Py_Dealloc 284->287 288 7ff8b8f77de8-7ff8b8f77deb 285->288 289 7ff8b8f77da8-7ff8b8f77dab 286->289 290 7ff8b8f77db2-7ff8b8f77dcc SSL_CTX_ctrl 286->290 287->248 294 7ff8b8f77dfc-7ff8b8f77e02 ERR_clear_error 288->294 295 7ff8b8f77ded-7ff8b8f77df1 288->295 289->290 291 7ff8b8f77dad-7ff8b8f77db0 289->291 292 7ff8b8f77dce-7ff8b8f77de2 PyErr_Format 290->292 293 7ff8b8f77e07-7ff8b8f77e6d SSL_CTX_ctrl SSL_CTX_set_session_id_context SSL_CTX_get0_param X509_VERIFY_PARAM_set_flags X509_VERIFY_PARAM_set_hostflags SSL_CTX_set_post_handshake_auth 290->293 291->290 291->293 292->288 293->251 294->248 295->294 296 7ff8b8f77df3-7ff8b8f77df6 _Py_Dealloc 295->296 296->294
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Warn$DeallocEval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_authX_set_session_id_context
                                                                • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$Python$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                • API String ID: 4028604904-3748777976
                                                                • Opcode ID: f0debb439b25d11fb0f191f54120526bd12ae595d34760f05303b375fde36367
                                                                • Instruction ID: deee25ad269e88b692364c8544d836d230933bbc0cecebb3435232d158ebc568
                                                                • Opcode Fuzzy Hash: f0debb439b25d11fb0f191f54120526bd12ae595d34760f05303b375fde36367
                                                                • Instruction Fuzzy Hash: 6BA13D39A19E02C2FB54AB2DE9542782BA1FF84BD6F504135CB0E47768DF7CE45A8308
                                                                Function 00007FF8B7FF1C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 617COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug
                                                                • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                • API String ID: 193678381-3615793073
                                                                • Opcode ID: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                • Instruction ID: 598c2d289f7f7bf48ea83d93e934b0c102821da4a5f6484edcac3179caa01eaf
                                                                • Opcode Fuzzy Hash: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                • Instruction Fuzzy Hash: E4528C22A49682C5FF608B2AD4503BE36A1EF49BC4F548135CB5E0AAD5CF3DE487D709
                                                                Function 00007FF8B8F7849C Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 195threadCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 709 7ff8b8f7849c-7ff8b8f784fe _errno 710 7ff8b8f7852a-7ff8b8f78539 PyUnicode_FSConverter 709->710 711 7ff8b8f78500-7ff8b8f78503 709->711 714 7ff8b8f7855c-7ff8b8f7855f 710->714 715 7ff8b8f7853b-7ff8b8f7854d PyErr_ExceptionMatches 710->715 712 7ff8b8f78505-7ff8b8f78508 711->712 713 7ff8b8f78561-7ff8b8f78570 PyUnicode_FSConverter 711->713 718 7ff8b8f7850e 712->718 719 7ff8b8f78598-7ff8b8f785a9 712->719 716 7ff8b8f78593-7ff8b8f78596 713->716 717 7ff8b8f78572-7ff8b8f78584 PyErr_ExceptionMatches 713->717 714->713 714->716 720 7ff8b8f7871a 715->720 721 7ff8b8f78553-7ff8b8f7855a 715->721 716->719 724 7ff8b8f78613-7ff8b8f78616 716->724 717->720 723 7ff8b8f7858a-7ff8b8f78591 717->723 722 7ff8b8f78515-7ff8b8f78525 PyErr_SetString 718->722 726 7ff8b8f785ab-7ff8b8f785b7 PyUnicode_AsASCIIString 719->726 727 7ff8b8f7862a-7ff8b8f78632 PyObject_CheckBuffer 719->727 725 7ff8b8f7871c-7ff8b8f78723 720->725 721->722 722->720 723->722 728 7ff8b8f7861c-7ff8b8f7861f 724->728 729 7ff8b8f786a4-7ff8b8f786af 724->729 730 7ff8b8f78736-7ff8b8f7873d 725->730 731 7ff8b8f78725-7ff8b8f78728 725->731 734 7ff8b8f785dd-7ff8b8f785f6 call 7ff8b8f74e64 726->734 735 7ff8b8f785b9-7ff8b8f785cb PyErr_ExceptionMatches 726->735 732 7ff8b8f78634-7ff8b8f78646 PyObject_GetBuffer 727->732 733 7ff8b8f785d1-7ff8b8f785d8 727->733 728->725 736 7ff8b8f78625 728->736 742 7ff8b8f786b9-7ff8b8f786df PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 729->742 743 7ff8b8f786b1-7ff8b8f786b5 729->743 739 7ff8b8f7873f-7ff8b8f78742 730->739 740 7ff8b8f78750-7ff8b8f78776 730->740 731->730 738 7ff8b8f7872a-7ff8b8f7872e 731->738 732->720 737 7ff8b8f7864c-7ff8b8f7865a PyBuffer_IsContiguous 732->737 733->722 754 7ff8b8f785f8-7ff8b8f785fb 734->754 755 7ff8b8f78606-7ff8b8f7860a 734->755 735->720 735->733 736->743 745 7ff8b8f7868e-7ff8b8f7869f PyBuffer_Release 737->745 746 7ff8b8f7865c-7ff8b8f7865f 737->746 738->730 744 7ff8b8f78730 _Py_Dealloc 738->744 739->740 748 7ff8b8f78744-7ff8b8f78748 739->748 742->725 749 7ff8b8f786e1-7ff8b8f786ea _errno 742->749 743->742 744->730 745->722 746->745 752 7ff8b8f78661-7ff8b8f78686 call 7ff8b8f74e64 PyBuffer_Release 746->752 748->740 753 7ff8b8f7874a _Py_Dealloc 748->753 750 7ff8b8f786ec-7ff8b8f78702 PyErr_SetFromErrno ERR_clear_error 749->750 751 7ff8b8f78704-7ff8b8f78715 call 7ff8b8f766b0 749->751 750->720 751->720 752->720 761 7ff8b8f7868c 752->761 753->740 754->755 758 7ff8b8f785fd-7ff8b8f78600 _Py_Dealloc 754->758 755->720 759 7ff8b8f78610 755->759 758->755 759->724 761->724
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                • API String ID: 3554890122-3904065072
                                                                • Opcode ID: 8830a4b544babb5a797f98cea38c61aa699872aff37fab41e20dddb9efd041ca
                                                                • Instruction ID: aeeebede38384dfcf7d30dae378d824ff289f467d91ddd5b2c8b1b05f99ebdbd
                                                                • Opcode Fuzzy Hash: 8830a4b544babb5a797f98cea38c61aa699872aff37fab41e20dddb9efd041ca
                                                                • Instruction Fuzzy Hash: 33813D39A19E4285FB56AF6DE9442782BA1BF44BD6F544031CF0E47B98EF6CE446830C
                                                                Function 00007FF7E5D61000 Relevance: 40.6, APIs: 1, Strings: 22, Instructions: 364COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 762 7ff7e5d61000-7ff7e5d626f6 call 7ff7e5d6af60 call 7ff7e5d751b0 call 7ff7e5d754d0 call 7ff7e5d625a0 772 7ff7e5d626f8-7ff7e5d626ff 762->772 773 7ff7e5d62704-7ff7e5d62726 call 7ff7e5d618d0 762->773 774 7ff7e5d62a5e-7ff7e5d62a79 call 7ff7e5d6ac60 772->774 779 7ff7e5d6272c-7ff7e5d62743 call 7ff7e5d61bd0 773->779 780 7ff7e5d62836-7ff7e5d6284c call 7ff7e5d631c0 773->780 784 7ff7e5d62748-7ff7e5d6278c 779->784 785 7ff7e5d6284e-7ff7e5d6287b call 7ff7e5d66920 780->785 786 7ff7e5d62885-7ff7e5d6289a call 7ff7e5d61df0 780->786 787 7ff7e5d62792-7ff7e5d6279a 784->787 788 7ff7e5d62981-7ff7e5d62992 784->788 802 7ff7e5d6287d-7ff7e5d62880 call 7ff7e5d6e6f4 785->802 803 7ff7e5d6289f-7ff7e5d628be call 7ff7e5d61bd0 785->803 806 7ff7e5d62a56 786->806 793 7ff7e5d627a0-7ff7e5d627a4 787->793 790 7ff7e5d6299b-7ff7e5d6299d 788->790 791 7ff7e5d62994-7ff7e5d62999 call 7ff7e5d676e0 788->791 796 7ff7e5d629a4-7ff7e5d629b6 call 7ff7e5d670f0 790->796 797 7ff7e5d6299f call 7ff7e5d67850 790->797 791->796 799 7ff7e5d6295e-7ff7e5d62973 call 7ff7e5d618c0 793->799 800 7ff7e5d627aa-7ff7e5d627c2 call 7ff7e5d75450 793->800 818 7ff7e5d629dd-7ff7e5d629ec 796->818 819 7ff7e5d629b8-7ff7e5d629be 796->819 797->796 799->793 814 7ff7e5d62979 799->814 815 7ff7e5d627c4-7ff7e5d627c8 800->815 816 7ff7e5d627cf-7ff7e5d627e7 call 7ff7e5d75450 800->816 802->786 823 7ff7e5d628c1-7ff7e5d628ca 803->823 806->774 814->788 815->816 832 7ff7e5d627e9-7ff7e5d627ed 816->832 833 7ff7e5d627f4-7ff7e5d6280c call 7ff7e5d75450 816->833 820 7ff7e5d62ab3-7ff7e5d62ad2 call 7ff7e5d630e0 818->820 821 7ff7e5d629f2-7ff7e5d62a10 call 7ff7e5d670f0 call 7ff7e5d67260 818->821 824 7ff7e5d629ca-7ff7e5d629d8 call 7ff7e5d74ecc 819->824 825 7ff7e5d629c0-7ff7e5d629c8 819->825 836 7ff7e5d62ad4-7ff7e5d62ade call 7ff7e5d63230 820->836 837 7ff7e5d62ae0-7ff7e5d62af1 call 7ff7e5d61bd0 820->837 849 7ff7e5d62a84-7ff7e5d62a93 call 7ff7e5d67730 821->849 850 7ff7e5d62a12-7ff7e5d62a15 821->850 823->823 828 7ff7e5d628cc-7ff7e5d628e9 call 7ff7e5d618d0 823->828 824->818 825->824 828->784 841 7ff7e5d628ef-7ff7e5d62900 call 7ff7e5d61df0 828->841 832->833 833->799 851 7ff7e5d62812-7ff7e5d62824 call 7ff7e5d75510 833->851 848 7ff7e5d62af6-7ff7e5d62b10 call 7ff7e5d67aa0 836->848 837->848 841->806 861 7ff7e5d62b1e-7ff7e5d62b30 SetDllDirectoryW 848->861 862 7ff7e5d62b12-7ff7e5d62b19 848->862 863 7ff7e5d62a9e-7ff7e5d62aa8 call 7ff7e5d66f20 849->863 864 7ff7e5d62a95-7ff7e5d62a9c 849->864 850->849 855 7ff7e5d62a17-7ff7e5d62a3e call 7ff7e5d61bd0 850->855 866 7ff7e5d6282a-7ff7e5d62831 851->866 867 7ff7e5d62905-7ff7e5d62917 call 7ff7e5d75510 851->867 873 7ff7e5d62a7a-7ff7e5d62a82 call 7ff7e5d74ecc 855->873 874 7ff7e5d62a40 855->874 870 7ff7e5d62b3f-7ff7e5d62b5b call 7ff7e5d657e0 call 7ff7e5d65d80 861->870 871 7ff7e5d62b32-7ff7e5d62b39 861->871 869 7ff7e5d62a47 call 7ff7e5d61df0 862->869 863->848 886 7ff7e5d62aaa-7ff7e5d62ab1 863->886 864->869 866->799 882 7ff7e5d62919-7ff7e5d62920 867->882 883 7ff7e5d62922-7ff7e5d62934 call 7ff7e5d75510 867->883 887 7ff7e5d62a4c-7ff7e5d62a4e 869->887 899 7ff7e5d62b5d-7ff7e5d62b63 870->899 900 7ff7e5d62bb6-7ff7e5d62bb9 call 7ff7e5d65790 870->900 871->870 877 7ff7e5d62cad-7ff7e5d62cb6 871->877 873->848 874->869 884 7ff7e5d62cb8-7ff7e5d62cbd call 7ff7e5d676e0 877->884 885 7ff7e5d62cbf-7ff7e5d62cc1 877->885 882->799 902 7ff7e5d62936-7ff7e5d6293d 883->902 903 7ff7e5d6293f-7ff7e5d62958 call 7ff7e5d75510 883->903 889 7ff7e5d62cc8-7ff7e5d62cdd call 7ff7e5d62590 call 7ff7e5d62240 call 7ff7e5d62560 884->889 885->889 890 7ff7e5d62cc3 call 7ff7e5d67850 885->890 886->869 887->806 922 7ff7e5d62ce2-7ff7e5d62cfa call 7ff7e5d65a00 call 7ff7e5d65790 889->922 890->889 904 7ff7e5d62b7d-7ff7e5d62b87 call 7ff7e5d65bf0 899->904 905 7ff7e5d62b65-7ff7e5d62b72 call 7ff7e5d65820 899->905 910 7ff7e5d62bbe-7ff7e5d62bc5 900->910 902->799 903->799 920 7ff7e5d62b89-7ff7e5d62b90 904->920 921 7ff7e5d62b92-7ff7e5d62ba0 call 7ff7e5d65f50 904->921 905->904 918 7ff7e5d62b74-7ff7e5d62b7b 905->918 910->877 915 7ff7e5d62bcb-7ff7e5d62bd5 call 7ff7e5d622a0 910->915 915->887 927 7ff7e5d62bdb-7ff7e5d62bf0 call 7ff7e5d676c0 915->927 923 7ff7e5d62ba9-7ff7e5d62bb1 call 7ff7e5d61df0 call 7ff7e5d65a00 918->923 920->923 921->910 933 7ff7e5d62ba2 921->933 923->900 938 7ff7e5d62bf9-7ff7e5d62bfb 927->938 939 7ff7e5d62bf2-7ff7e5d62bf7 call 7ff7e5d676e0 927->939 933->923 941 7ff7e5d62bfd call 7ff7e5d67850 938->941 942 7ff7e5d62c02-7ff7e5d62c45 call 7ff7e5d67200 call 7ff7e5d672a0 call 7ff7e5d65a00 call 7ff7e5d65790 call 7ff7e5d671a0 938->942 939->942 941->942 955 7ff7e5d62c47-7ff7e5d62c5d call 7ff7e5d674d0 call 7ff7e5d671a0 942->955 956 7ff7e5d62c9a-7ff7e5d62ca8 call 7ff7e5d61880 942->956 955->956 963 7ff7e5d62c5f-7ff7e5d62c6d 955->963 956->887 964 7ff7e5d62c8e-7ff7e5d62c95 call 7ff7e5d61df0 963->964 965 7ff7e5d62c6f-7ff7e5d62c89 call 7ff7e5d61df0 call 7ff7e5d61880 963->965 964->956 965->887
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileModuleName
                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-runtime-tmpdir
                                                                • API String ID: 514040917-560148345
                                                                • Opcode ID: 0a79b262c17fbbee7d128d6a0344f61a83c214c43c683da879bc311074e37079
                                                                • Instruction ID: 80bb78816ac5842a7accb053fd8f9cb1ccb3faa5b08846ffe1cbba63402f27d8
                                                                • Opcode Fuzzy Hash: 0a79b262c17fbbee7d128d6a0344f61a83c214c43c683da879bc311074e37079
                                                                • Instruction Fuzzy Hash: D5024321A08A8B90EB11FB2594B43B99351AF54F84FC44273DA4DC66D6EFBCE546C332
                                                                Function 00007FF8B7FF14BF Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 243COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 971 7ff8b7ff14bf-7ff8b804e734 call 7ff8b7ff1325 * 2 978 7ff8b804ea8a-7ff8b804eaa4 971->978 979 7ff8b804e73a-7ff8b804e751 ERR_clear_error SetLastError 971->979 980 7ff8b804e761-7ff8b804e768 979->980 981 7ff8b804e753-7ff8b804e75a 979->981 982 7ff8b804e76a-7ff8b804e76e 980->982 983 7ff8b804e776-7ff8b804e780 980->983 981->980 984 7ff8b804e770-7ff8b804e774 982->984 985 7ff8b804e792-7ff8b804e797 982->985 983->985 986 7ff8b804e782-7ff8b804e78c call 7ff8b7ff192e 983->986 984->983 984->985 988 7ff8b804e799-7ff8b804e79c 985->988 989 7ff8b804e7a3 985->989 986->978 986->985 990 7ff8b804e7a7-7ff8b804e7ae 988->990 992 7ff8b804e79e 988->992 989->990 993 7ff8b804e7b0-7ff8b804e7b7 990->993 994 7ff8b804e7f1-7ff8b804e806 990->994 995 7ff8b804e993 992->995 999 7ff8b804e7b9-7ff8b804e7c0 993->999 1000 7ff8b804e7e3-7ff8b804e7eb 993->1000 997 7ff8b804e808-7ff8b804e812 994->997 998 7ff8b804e855-7ff8b804e85f 994->998 996 7ff8b804e997-7ff8b804e99a 995->996 1003 7ff8b804e99c-7ff8b804e99f call 7ff8b804e240 996->1003 1004 7ff8b804e9b9-7ff8b804e9bc 996->1004 1001 7ff8b804e86d-7ff8b804e883 call 7ff8b7ff20c7 997->1001 1002 7ff8b804e814-7ff8b804e817 997->1002 998->1001 1005 7ff8b804e861-7ff8b804e86b ERR_new 998->1005 999->1000 1006 7ff8b804e7c2-7ff8b804e7d1 999->1006 1000->994 1027 7ff8b804e885-7ff8b804e88f ERR_new 1001->1027 1028 7ff8b804e891-7ff8b804e898 1001->1028 1008 7ff8b804e819-7ff8b804e81e 1002->1008 1009 7ff8b804e820-7ff8b804e825 ERR_new 1002->1009 1015 7ff8b804e9a4-7ff8b804e9a7 1003->1015 1013 7ff8b804e9be-7ff8b804e9c1 call 7ff8b804ec70 1004->1013 1014 7ff8b804e9f5-7ff8b804e9f9 1004->1014 1010 7ff8b804e82a-7ff8b804e850 ERR_set_debug call 7ff8b7ff1d89 1005->1010 1006->1000 1011 7ff8b804e7d3-7ff8b804e7da 1006->1011 1008->1001 1008->1009 1009->1010 1033 7ff8b804ea63-7ff8b804ea71 BUF_MEM_free 1010->1033 1011->1000 1020 7ff8b804e7dc-7ff8b804e7e1 1011->1020 1029 7ff8b804e9c6-7ff8b804e9c9 1013->1029 1017 7ff8b804e9fb-7ff8b804e9fe 1014->1017 1018 7ff8b804ea00-7ff8b804ea2d ERR_new ERR_set_debug call 7ff8b7ff1d89 1014->1018 1022 7ff8b804e9ad-7ff8b804e9b7 1015->1022 1023 7ff8b804ea60 1015->1023 1017->1018 1024 7ff8b804ea32-7ff8b804ea5b ERR_new ERR_set_debug ERR_set_error 1017->1024 1018->1024 1020->994 1020->1000 1032 7ff8b804e9e8-7ff8b804e9ee 1022->1032 1023->1033 1024->1023 1027->1010 1034 7ff8b804e8de-7ff8b804e8e1 call 7ff8b7ff2077 1028->1034 1035 7ff8b804e89a-7ff8b804e8a5 call 7ff8b806cc43 1028->1035 1030 7ff8b804e9d8-7ff8b804e9db 1029->1030 1031 7ff8b804e9cb-7ff8b804e9d6 1029->1031 1030->1023 1036 7ff8b804e9e1 1030->1036 1031->1032 1032->996 1037 7ff8b804e9f0-7ff8b804e9f3 1032->1037 1033->978 1038 7ff8b804ea73-7ff8b804ea81 1033->1038 1042 7ff8b804e8e6-7ff8b804e8e8 1034->1042 1045 7ff8b804e8b6-7ff8b804e8c6 call 7ff8b806c175 1035->1045 1046 7ff8b804e8a7-7ff8b804e8b1 ERR_new 1035->1046 1036->1032 1037->1023 1043 7ff8b804ea88 1038->1043 1044 7ff8b804ea83 1038->1044 1047 7ff8b804e91f-7ff8b804e937 call 7ff8b7ff1ff0 1042->1047 1048 7ff8b804e8ea-7ff8b804e8ef ERR_new 1042->1048 1043->978 1044->1043 1057 7ff8b804e8c8-7ff8b804e8d2 ERR_new 1045->1057 1058 7ff8b804e8d7 1045->1058 1046->1010 1055 7ff8b804e939-7ff8b804e943 ERR_new 1047->1055 1056 7ff8b804e945-7ff8b804e949 1047->1056 1050 7ff8b804e8f4-7ff8b804e91a ERR_set_debug call 7ff8b7ff1d89 1048->1050 1050->1023 1055->1050 1060 7ff8b804e94b-7ff8b804e94f 1056->1060 1061 7ff8b804e951-7ff8b804e958 1056->1061 1057->1010 1058->1034 1060->1061 1062 7ff8b804e95a-7ff8b804e967 call 7ff8b7ff186b 1060->1062 1061->1062 1063 7ff8b804e986-7ff8b804e98e 1061->1063 1062->1033 1066 7ff8b804e96d-7ff8b804e974 1062->1066 1063->995 1067 7ff8b804e97f 1066->1067 1068 7ff8b804e976-7ff8b804e97d 1066->1068 1067->1063 1068->1063 1068->1067
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                • API String ID: 1370845099-1722249466
                                                                • Opcode ID: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                • Instruction ID: 7c0fb277915b4e46f5c0a76131d81196b4323fd74167cf1495eebb87043fdbfd
                                                                • Opcode Fuzzy Hash: 6f8aa62c0a17cd257a7cac7c3db44b12b48ed95985bfa37342f9ed60703b21dc
                                                                • Instruction Fuzzy Hash: F8A18E21A4924385FFA0AB2DC4503BC22A5EF61BE4F684435DB4D466D6CF7CEA838359
                                                                Function 00007FF8B8CD4640 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1124 7ff8b8cd4640-7ff8b8cd467d PyImport_ImportModuleLevelObject 1125 7ff8b8cd4683-7ff8b8cd468f 1124->1125 1126 7ff8b8cd47fb 1124->1126 1128 7ff8b8cd4815-7ff8b8cd4818 1125->1128 1129 7ff8b8cd4695-7ff8b8cd46a8 1125->1129 1127 7ff8b8cd47fd-7ff8b8cd4814 1126->1127 1128->1127 1130 7ff8b8cd46b0-7ff8b8cd46c9 PyObject_GetAttr 1129->1130 1131 7ff8b8cd4717-7ff8b8cd472b 1130->1131 1132 7ff8b8cd46cb-7ff8b8cd46e9 PyUnicode_FromFormat 1130->1132 1133 7ff8b8cd4735 PyObject_SetItem 1131->1133 1134 7ff8b8cd472d-7ff8b8cd4733 PyDict_SetItem 1131->1134 1135 7ff8b8cd46ef-7ff8b8cd4701 PyObject_GetItem 1132->1135 1136 7ff8b8cd477b-7ff8b8cd47c2 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 1132->1136 1137 7ff8b8cd473b-7ff8b8cd4740 1133->1137 1134->1137 1140 7ff8b8cd4712-7ff8b8cd4715 1135->1140 1141 7ff8b8cd4703-7ff8b8cd4707 1135->1141 1138 7ff8b8cd47c4-7ff8b8cd47c8 1136->1138 1139 7ff8b8cd47d3-7ff8b8cd47d6 1136->1139 1142 7ff8b8cd4751-7ff8b8cd4753 1137->1142 1143 7ff8b8cd4742-7ff8b8cd4746 1137->1143 1138->1139 1144 7ff8b8cd47ca-7ff8b8cd47cd _Py_Dealloc 1138->1144 1146 7ff8b8cd47e7-7ff8b8cd47ea 1139->1146 1147 7ff8b8cd47d8-7ff8b8cd47dc 1139->1147 1140->1131 1140->1136 1141->1140 1145 7ff8b8cd4709-7ff8b8cd470c _Py_Dealloc 1141->1145 1142->1146 1149 7ff8b8cd4759-7ff8b8cd4768 1142->1149 1143->1142 1148 7ff8b8cd4748-7ff8b8cd474b _Py_Dealloc 1143->1148 1144->1139 1145->1140 1146->1126 1151 7ff8b8cd47ec-7ff8b8cd47f0 1146->1151 1147->1146 1150 7ff8b8cd47de-7ff8b8cd47e1 _Py_Dealloc 1147->1150 1148->1142 1149->1128 1153 7ff8b8cd476e-7ff8b8cd4776 1149->1153 1150->1146 1151->1126 1152 7ff8b8cd47f2-7ff8b8cd47f5 _Py_Dealloc 1151->1152 1152->1126 1153->1130
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                • API String ID: 3630264407-438398067
                                                                • Opcode ID: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                • Instruction ID: 1d8082480687598a72191fca391dce7b6446c2bdc20ebc733a61002dd5f487a5
                                                                • Opcode Fuzzy Hash: fcd6dac6a765cb05053f4bfe7cd39cb166bae5586e68d4d28e2f2c7c25a5bf2f
                                                                • Instruction Fuzzy Hash: D95132B5A08A4282EBB49F19A82C67963A1BB45FD5F454031CF5D4BB58DF3CE446C704
                                                                Function 00007FF8B7FF1C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                • API String ID: 2779586248-3767186838
                                                                • Opcode ID: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                • Instruction ID: 0cccc697a41561ae2a3e891ffb806156b2d7e7827d165d0c08a1602888e13d7e
                                                                • Opcode Fuzzy Hash: db8201a799e0baeb7e7da45e6d94f051912b60767bec020adcc90b3d0adbc0ec
                                                                • Instruction Fuzzy Hash: 08516B62B1968282EB50DB29D4953BD23A1EF85BC4F544031DB4D4B7E6DF3CE9838718
                                                                Function 00007FF8B7FF14F1 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 211COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1195 7ff8b7ff14f1-7ff8b8037714 call 7ff8b7ff1325 1199 7ff8b803771a-7ff8b8037722 1195->1199 1200 7ff8b80377d3 1195->1200 1202 7ff8b8037731-7ff8b8037754 1199->1202 1203 7ff8b8037724-7ff8b803772b call 7ff8b7ff1852 1199->1203 1201 7ff8b80377d5-7ff8b80377f1 1200->1201 1205 7ff8b803777a-7ff8b803778f 1202->1205 1206 7ff8b8037756-7ff8b8037759 1202->1206 1203->1202 1215 7ff8b803786d-7ff8b8037872 1203->1215 1207 7ff8b8037791-7ff8b8037796 1205->1207 1208 7ff8b80377b6-7ff8b80377c7 1205->1208 1210 7ff8b803775b 1206->1210 1211 7ff8b8037762-7ff8b8037773 1206->1211 1207->1208 1212 7ff8b8037798-7ff8b80377af memmove 1207->1212 1213 7ff8b80377c9-7ff8b80377cc 1208->1213 1214 7ff8b80377fc-7ff8b80377ff 1208->1214 1210->1211 1211->1205 1212->1208 1216 7ff8b80377ce-7ff8b80377d1 1213->1216 1217 7ff8b80377f2-7ff8b80377f5 1213->1217 1218 7ff8b8037828-7ff8b8037839 1214->1218 1219 7ff8b8037801-7ff8b8037826 1214->1219 1215->1201 1216->1200 1216->1214 1217->1219 1220 7ff8b80377f7-7ff8b80377fa 1217->1220 1221 7ff8b803783b-7ff8b8037868 ERR_new ERR_set_debug call 7ff8b7ff1d89 1218->1221 1222 7ff8b8037877-7ff8b803787e 1218->1222 1219->1201 1220->1219 1221->1215 1223 7ff8b8037889-7ff8b803788c 1222->1223 1224 7ff8b8037880-7ff8b8037882 1222->1224 1227 7ff8b803788e-7ff8b8037891 1223->1227 1228 7ff8b8037893-7ff8b803789a 1223->1228 1224->1223 1226 7ff8b8037884-7ff8b8037887 1224->1226 1229 7ff8b80378a0-7ff8b80378af SetLastError 1226->1229 1227->1229 1228->1229 1230 7ff8b80379c0-7ff8b80379f2 ERR_new ERR_set_debug call 7ff8b7ff1d89 1229->1230 1231 7ff8b80378b5-7ff8b80378e1 BIO_read 1229->1231 1241 7ff8b80379f7-7ff8b8037a05 1230->1241 1232 7ff8b80378e3-7ff8b80378f1 BIO_test_flags 1231->1232 1233 7ff8b8037911-7ff8b8037923 1231->1233 1236 7ff8b8037909-7ff8b803790b 1232->1236 1237 7ff8b80378f3-7ff8b8037907 BIO_ctrl 1232->1237 1238 7ff8b803792a-7ff8b803792d 1233->1238 1239 7ff8b8037925-7ff8b8037928 1233->1239 1236->1233 1236->1241 1237->1236 1240 7ff8b8037935-7ff8b803793c 1237->1240 1238->1229 1242 7ff8b8037933 1238->1242 1239->1238 1243 7ff8b803798c 1239->1243 1244 7ff8b8037958-7ff8b803798a ERR_new ERR_set_debug call 7ff8b7ff1d89 1240->1244 1245 7ff8b803793e-7ff8b8037953 call 7ff8b7ff1c49 1240->1245 1247 7ff8b8037a29-7ff8b8037a2b 1241->1247 1248 7ff8b8037a07-7ff8b8037a16 1241->1248 1246 7ff8b803798f-7ff8b80379bb 1242->1246 1243->1246 1244->1241 1245->1241 1246->1201 1247->1201 1248->1247 1251 7ff8b8037a18-7ff8b8037a1f 1248->1251 1251->1247 1254 7ff8b8037a21-7ff8b8037a24 call 7ff8b7ff1988 1251->1254 1254->1247
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flagsmemmove
                                                                • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                • API String ID: 3874383451-4226281315
                                                                • Opcode ID: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                • Instruction ID: 8838d111f878e4dec1504a933193c05ae8ac080c3fbff60d59e1b422b0e16bb2
                                                                • Opcode Fuzzy Hash: b49a1a3092a1666878fcf2a6f1a6b22ad798a3b357faedcaa6a675de5e77afac
                                                                • Instruction Fuzzy Hash: 67914A22B49686C6FF519B2AD8447B922A0EF48BD8F544236DF4C0BAD5DF38E447C308
                                                                Function 00007FF7E5D618D0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1256 7ff7e5d618d0-7ff7e5d6190b call 7ff7e5d631c0 1259 7ff7e5d61ba1-7ff7e5d61bc5 call 7ff7e5d6ac60 1256->1259 1260 7ff7e5d61911-7ff7e5d61951 call 7ff7e5d66920 1256->1260 1265 7ff7e5d61b8e-7ff7e5d61b91 call 7ff7e5d6e6f4 1260->1265 1266 7ff7e5d61957-7ff7e5d61967 call 7ff7e5d6ed7c 1260->1266 1270 7ff7e5d61b96-7ff7e5d61b9e 1265->1270 1271 7ff7e5d61969-7ff7e5d6197c call 7ff7e5d61db0 1266->1271 1272 7ff7e5d61981-7ff7e5d6199d call 7ff7e5d6ea44 1266->1272 1270->1259 1271->1265 1277 7ff7e5d619b7-7ff7e5d619cc call 7ff7e5d74ec4 1272->1277 1278 7ff7e5d6199f-7ff7e5d619b2 call 7ff7e5d61db0 1272->1278 1283 7ff7e5d619ce-7ff7e5d619e1 call 7ff7e5d61db0 1277->1283 1284 7ff7e5d619e6-7ff7e5d61a67 call 7ff7e5d61bd0 * 2 call 7ff7e5d6ed7c 1277->1284 1278->1265 1283->1265 1292 7ff7e5d61a6c-7ff7e5d61a7f call 7ff7e5d74ee0 1284->1292 1295 7ff7e5d61a99-7ff7e5d61ab2 call 7ff7e5d6ea44 1292->1295 1296 7ff7e5d61a81-7ff7e5d61a94 call 7ff7e5d61db0 1292->1296 1301 7ff7e5d61acc-7ff7e5d61ae8 call 7ff7e5d6e7b8 1295->1301 1302 7ff7e5d61ab4-7ff7e5d61ac7 call 7ff7e5d61db0 1295->1302 1296->1265 1307 7ff7e5d61afb-7ff7e5d61b09 1301->1307 1308 7ff7e5d61aea-7ff7e5d61af6 call 7ff7e5d61df0 1301->1308 1302->1265 1307->1265 1310 7ff7e5d61b0f-7ff7e5d61b1e 1307->1310 1308->1265 1312 7ff7e5d61b20-7ff7e5d61b26 1310->1312 1313 7ff7e5d61b28-7ff7e5d61b35 1312->1313 1314 7ff7e5d61b40-7ff7e5d61b4f 1312->1314 1315 7ff7e5d61b51-7ff7e5d61b5a 1313->1315 1314->1314 1314->1315 1316 7ff7e5d61b5c-7ff7e5d61b5f 1315->1316 1317 7ff7e5d61b6f 1315->1317 1316->1317 1318 7ff7e5d61b61-7ff7e5d61b64 1316->1318 1319 7ff7e5d61b71-7ff7e5d61b8c 1317->1319 1318->1317 1320 7ff7e5d61b66-7ff7e5d61b69 1318->1320 1319->1265 1319->1312 1320->1317 1321 7ff7e5d61b6b-7ff7e5d61b6d 1320->1321 1321->1319
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                • API String ID: 840049012-3497178890
                                                                • Opcode ID: 5bbcd2a5d69c673e1a924a8e579b82d780a6b9d926f88ab32955420af60ae12e
                                                                • Instruction ID: 07fa5c2ae3ade51ee55d144f5f55c2b0031b820dca9ee26c0f16a8f322b93139
                                                                • Opcode Fuzzy Hash: 5bbcd2a5d69c673e1a924a8e579b82d780a6b9d926f88ab32955420af60ae12e
                                                                • Instruction Fuzzy Hash: 7371D931A08A4AC9EB50FB54D4B03B9A360EB45F80F804233D54DCB755DEBCE1468762
                                                                Function 00007FF8B804E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1322 7ff8b804e240-7ff8b804e271 call 7ff8b7ff1325 1325 7ff8b804e281-7ff8b804e2d9 1322->1325 1326 7ff8b804e273-7ff8b804e27a 1322->1326 1327 7ff8b804e2e8-7ff8b804e2ec 1325->1327 1328 7ff8b804e2db-7ff8b804e2e5 1325->1328 1326->1325 1329 7ff8b804e2f0-7ff8b804e2f5 1327->1329 1328->1327 1330 7ff8b804e334-7ff8b804e34a 1329->1330 1331 7ff8b804e2f7-7ff8b804e2fa 1329->1331 1334 7ff8b804e34c-7ff8b804e351 call 7ff8b7ff26a3 1330->1334 1335 7ff8b804e353 call 7ff8b7ff224d 1330->1335 1332 7ff8b804e414-7ff8b804e42a 1331->1332 1333 7ff8b804e300-7ff8b804e303 1331->1333 1336 7ff8b804e42c-7ff8b804e431 call 7ff8b7ff15e1 1332->1336 1337 7ff8b804e433 call 7ff8b7ff11c7 1332->1337 1338 7ff8b804e309-7ff8b804e30f call 7ff8b7ff1c62 1333->1338 1339 7ff8b804e500-7ff8b804e505 ERR_new 1333->1339 1346 7ff8b804e358-7ff8b804e35a 1334->1346 1335->1346 1352 7ff8b804e438-7ff8b804e43a 1336->1352 1337->1352 1351 7ff8b804e312-7ff8b804e318 1338->1351 1342 7ff8b804e50a-7ff8b804e528 ERR_set_debug 1339->1342 1349 7ff8b804e5c6-7ff8b804e5cc call 7ff8b7ff1d89 1342->1349 1347 7ff8b804e360-7ff8b804e363 1346->1347 1348 7ff8b804e5d1 1346->1348 1353 7ff8b804e365-7ff8b804e377 1347->1353 1354 7ff8b804e381-7ff8b804e38d 1347->1354 1355 7ff8b804e5d3-7ff8b804e5ea 1348->1355 1349->1348 1351->1327 1356 7ff8b804e31a-7ff8b804e32a 1351->1356 1352->1348 1357 7ff8b804e440-7ff8b804e458 1352->1357 1359 7ff8b804e37e 1353->1359 1360 7ff8b804e379 1353->1360 1354->1348 1364 7ff8b804e393-7ff8b804e3a3 1354->1364 1356->1330 1361 7ff8b804e45e-7ff8b804e484 1357->1361 1362 7ff8b804e591-7ff8b804e59b ERR_new 1357->1362 1359->1354 1360->1359 1366 7ff8b804e48a-7ff8b804e48d 1361->1366 1367 7ff8b804e576-7ff8b804e57a 1361->1367 1362->1342 1374 7ff8b804e3a9-7ff8b804e3b7 1364->1374 1375 7ff8b804e5a0-7ff8b804e5c2 ERR_new ERR_set_debug 1364->1375 1371 7ff8b804e557-7ff8b804e565 1366->1371 1372 7ff8b804e493-7ff8b804e496 1366->1372 1369 7ff8b804e57c-7ff8b804e580 1367->1369 1370 7ff8b804e582-7ff8b804e58c ERR_set_debug ERR_new 1367->1370 1369->1348 1369->1370 1370->1349 1379 7ff8b804e56f-7ff8b804e574 1371->1379 1380 7ff8b804e567-7ff8b804e56a call 7ff8b7ff253b 1371->1380 1377 7ff8b804e498-7ff8b804e49b 1372->1377 1378 7ff8b804e4a0-7ff8b804e4ae 1372->1378 1381 7ff8b804e3b9-7ff8b804e3bc 1374->1381 1382 7ff8b804e405-7ff8b804e40d 1374->1382 1375->1349 1377->1329 1378->1329 1379->1355 1380->1379 1381->1382 1384 7ff8b804e3be-7ff8b804e3df BUF_MEM_grow_clean 1381->1384 1382->1332 1385 7ff8b804e52d-7ff8b804e555 ERR_new ERR_set_debug 1384->1385 1386 7ff8b804e3e5-7ff8b804e3e8 1384->1386 1385->1349 1386->1385 1387 7ff8b804e3ee-7ff8b804e403 1386->1387 1387->1382
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                • API String ID: 0-3323778802
                                                                • Opcode ID: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                • Instruction ID: 6ed8f202ea00dc5867742fdc1b10249feaf07d92eedce7854d2ecb4de7d15f54
                                                                • Opcode Fuzzy Hash: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                • Instruction Fuzzy Hash: 1D918A62A0964786EF109F28D8543B927A1EB91BD8F584136DB0D4B7E6DF3CE647C308
                                                                Function 00007FF8B8CD8EC3 Relevance: 19.6, APIs: 13, Instructions: 140COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1389 7ff8b8cd8ec3-7ff8b8cd8f09 call 7ff8b8cd41e0 1392 7ff8b8cd8f43-7ff8b8cd8f4d 1389->1392 1393 7ff8b8cd8f0b-7ff8b8cd8f15 call 7ff8b8ce23a0 1389->1393 1394 7ff8b8cd8f4f-7ff8b8cd8f58 1392->1394 1395 7ff8b8cd8f69-7ff8b8cd8f6c 1392->1395 1400 7ff8b8cd8f1a-7ff8b8cd8f1c 1393->1400 1394->1395 1397 7ff8b8cd8f5a-7ff8b8cd8f5e 1394->1397 1398 7ff8b8cd8f81-7ff8b8cd8f8b 1395->1398 1399 7ff8b8cd8f6e-7ff8b8cd8f70 1395->1399 1397->1395 1401 7ff8b8cd8f60-7ff8b8cd8f63 _Py_Dealloc 1397->1401 1403 7ff8b8cd8fa4-7ff8b8cd8fae 1398->1403 1404 7ff8b8cd8f8d-7ff8b8cd8f96 1398->1404 1399->1398 1402 7ff8b8cd8f72-7ff8b8cd8f76 1399->1402 1400->1392 1405 7ff8b8cd8f1e-7ff8b8cd8f20 1400->1405 1401->1395 1402->1398 1410 7ff8b8cd8f78-7ff8b8cd8f7b _Py_Dealloc 1402->1410 1406 7ff8b8cd8fc7-7ff8b8cd8fd1 1403->1406 1407 7ff8b8cd8fb0-7ff8b8cd8fb9 1403->1407 1404->1403 1411 7ff8b8cd8f98-7ff8b8cd8f9c 1404->1411 1408 7ff8b8cd8f31-7ff8b8cd8f42 1405->1408 1409 7ff8b8cd8f22-7ff8b8cd8f26 1405->1409 1414 7ff8b8cd8fd3-7ff8b8cd8fdc 1406->1414 1415 7ff8b8cd8fea-7ff8b8cd8ff4 1406->1415 1407->1406 1412 7ff8b8cd8fbb-7ff8b8cd8fbf 1407->1412 1409->1408 1413 7ff8b8cd8f28-7ff8b8cd8f2b _Py_Dealloc 1409->1413 1410->1398 1411->1403 1416 7ff8b8cd8f9e _Py_Dealloc 1411->1416 1412->1406 1417 7ff8b8cd8fc1 _Py_Dealloc 1412->1417 1413->1408 1414->1415 1418 7ff8b8cd8fde-7ff8b8cd8fe2 1414->1418 1419 7ff8b8cd8ff6-7ff8b8cd8fff 1415->1419 1420 7ff8b8cd900d-7ff8b8cd9017 1415->1420 1416->1403 1417->1406 1418->1415 1421 7ff8b8cd8fe4 _Py_Dealloc 1418->1421 1419->1420 1422 7ff8b8cd9001-7ff8b8cd9005 1419->1422 1423 7ff8b8cd9030-7ff8b8cd903a 1420->1423 1424 7ff8b8cd9019-7ff8b8cd9022 1420->1424 1421->1415 1422->1420 1427 7ff8b8cd9007 _Py_Dealloc 1422->1427 1425 7ff8b8cd9053-7ff8b8cd905d 1423->1425 1426 7ff8b8cd903c-7ff8b8cd9045 1423->1426 1424->1423 1428 7ff8b8cd9024-7ff8b8cd9028 1424->1428 1430 7ff8b8cd9076-7ff8b8cd9080 1425->1430 1431 7ff8b8cd905f-7ff8b8cd9068 1425->1431 1426->1425 1429 7ff8b8cd9047-7ff8b8cd904b 1426->1429 1427->1420 1428->1423 1432 7ff8b8cd902a _Py_Dealloc 1428->1432 1429->1425 1433 7ff8b8cd904d _Py_Dealloc 1429->1433 1435 7ff8b8cd9082-7ff8b8cd908b 1430->1435 1436 7ff8b8cd9099-7ff8b8cd90a3 1430->1436 1431->1430 1434 7ff8b8cd906a-7ff8b8cd906e 1431->1434 1432->1423 1433->1425 1434->1430 1437 7ff8b8cd9070 _Py_Dealloc 1434->1437 1435->1436 1438 7ff8b8cd908d-7ff8b8cd9091 1435->1438 1439 7ff8b8cd90a5-7ff8b8cd90ae 1436->1439 1440 7ff8b8cd90bc-7ff8b8cd90c6 1436->1440 1437->1430 1438->1436 1443 7ff8b8cd9093 _Py_Dealloc 1438->1443 1439->1440 1444 7ff8b8cd90b0-7ff8b8cd90b4 1439->1444 1441 7ff8b8cd90df-7ff8b8cd90eb 1440->1441 1442 7ff8b8cd90c8-7ff8b8cd90d1 1440->1442 1442->1441 1445 7ff8b8cd90d3-7ff8b8cd90d7 1442->1445 1443->1436 1444->1440 1446 7ff8b8cd90b6 _Py_Dealloc 1444->1446 1445->1441 1447 7ff8b8cd90d9 _Py_Dealloc 1445->1447 1446->1440 1447->1441
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                • String ID:
                                                                • API String ID: 2745024575-0
                                                                • Opcode ID: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                • Instruction ID: 39b9f7ef707d9d8fe1f2cd20b99b6a38ff188595484f707bfb8e96597de9f092
                                                                • Opcode Fuzzy Hash: 091893d1f0e79c71c802a693a5176002506af28f025ec817263c4d69333cf0a2
                                                                • Instruction Fuzzy Hash: 5271D8B9D0AA0286FBE5AF2CB96C13433E4AF48BD6F144834C76D41A54DF2DB5478B18
                                                                Function 00007FF8B804EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 1448 7ff8b804ec70-7ff8b804ec9c call 7ff8b7ff1325 1451 7ff8b804ecac-7ff8b804ecfc 1448->1451 1452 7ff8b804ec9e-7ff8b804eca5 1448->1452 1453 7ff8b804ed00-7ff8b804ed05 1451->1453 1452->1451 1454 7ff8b804ed0b-7ff8b804ed0e 1453->1454 1455 7ff8b804ef14-7ff8b804ef17 1453->1455 1458 7ff8b804ed4a-7ff8b804ed59 1454->1458 1459 7ff8b804ed10-7ff8b804ed13 1454->1459 1456 7ff8b804ef19-7ff8b804ef2b 1455->1456 1457 7ff8b804ef34-7ff8b804ef3d 1455->1457 1460 7ff8b804ef2d 1456->1460 1461 7ff8b804ef32 1456->1461 1476 7ff8b804f005-7ff8b804f009 1457->1476 1477 7ff8b804ef43-7ff8b804ef46 1457->1477 1472 7ff8b804ed5b-7ff8b804ed65 1458->1472 1473 7ff8b804ed71-7ff8b804ed8e 1458->1473 1462 7ff8b804ed19-7ff8b804ed1c 1459->1462 1463 7ff8b804ee6b-7ff8b804ee7a 1459->1463 1460->1461 1461->1457 1466 7ff8b804eee5-7ff8b804eeeb call 7ff8b8050672 1462->1466 1467 7ff8b804ed22-7ff8b804ed45 ERR_new ERR_set_debug 1462->1467 1468 7ff8b804ee7c-7ff8b804ee80 1463->1468 1469 7ff8b804ee8a-7ff8b804ee90 1463->1469 1478 7ff8b804eeed-7ff8b804eef3 1466->1478 1470 7ff8b804f034-7ff8b804f03e call 7ff8b7ff1d89 1467->1470 1468->1469 1471 7ff8b804ee82-7ff8b804ee85 call 7ff8b7ff1cf8 1468->1471 1474 7ff8b804eeaa-7ff8b804eec1 1469->1474 1475 7ff8b804ee92-7ff8b804ee95 1469->1475 1490 7ff8b804f043 1470->1490 1471->1469 1472->1473 1473->1490 1497 7ff8b804ed94-7ff8b804ed9c 1473->1497 1482 7ff8b804eeca call 7ff8b7ff1528 1474->1482 1483 7ff8b804eec3-7ff8b804eec8 call 7ff8b7ff1294 1474->1483 1475->1474 1481 7ff8b804ee97-7ff8b804eea8 1475->1481 1486 7ff8b804f00b-7ff8b804f00f 1476->1486 1487 7ff8b804f011-7ff8b804f016 ERR_new 1476->1487 1484 7ff8b804ef58-7ff8b804ef66 1477->1484 1485 7ff8b804ef48-7ff8b804ef4b 1477->1485 1478->1453 1489 7ff8b804eef9-7ff8b804ef03 1478->1489 1499 7ff8b804eecf-7ff8b804eed1 1481->1499 1482->1499 1483->1499 1484->1453 1485->1453 1494 7ff8b804ef51-7ff8b804ef53 1485->1494 1486->1487 1486->1490 1488 7ff8b804f01b-7ff8b804f02e ERR_set_debug 1487->1488 1488->1470 1489->1455 1495 7ff8b804f045-7ff8b804f05d 1490->1495 1494->1495 1500 7ff8b804ed9e-7ff8b804edac 1497->1500 1501 7ff8b804edb1-7ff8b804edc4 call 7ff8b7ff1389 1497->1501 1499->1490 1502 7ff8b804eed7-7ff8b804eede 1499->1502 1500->1453 1505 7ff8b804efec-7ff8b804effb call 7ff8b7ff1b9a ERR_new 1501->1505 1506 7ff8b804edca-7ff8b804edeb 1501->1506 1502->1466 1505->1476 1506->1505 1510 7ff8b804edf1-7ff8b804edfc 1506->1510 1511 7ff8b804edfe-7ff8b804ee0a 1510->1511 1512 7ff8b804ee32-7ff8b804ee53 1510->1512 1515 7ff8b804ef8a-7ff8b804ef98 call 7ff8b7ff1b9a 1511->1515 1516 7ff8b804ee10-7ff8b804ee13 1511->1516 1517 7ff8b804ee59-7ff8b804ee65 call 7ff8b7ff1140 1512->1517 1518 7ff8b804efd3-7ff8b804efe2 call 7ff8b7ff1b9a ERR_new 1512->1518 1527 7ff8b804ef9a-7ff8b804ef9e 1515->1527 1528 7ff8b804efa4-7ff8b804efae ERR_new 1515->1528 1516->1512 1520 7ff8b804ee15-7ff8b804ee2d call 7ff8b7ff1b9a 1516->1520 1517->1463 1517->1518 1518->1505 1520->1453 1527->1490 1527->1528 1528->1488
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug
                                                                • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                • API String ID: 193678381-552286378
                                                                • Opcode ID: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                • Instruction ID: 35ee0b964a3621a9d1483c2addbc38d8a070f6818a6c0f51d81fe02014fa5256
                                                                • Opcode Fuzzy Hash: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                • Instruction Fuzzy Hash: A3A16922A4868386EB609F29D4543BD23A0EB91BD8F480136DB4D476E5DF3DEA47C708
                                                                Function 00007FF8B8F71C90 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                • API String ID: 3371007025-2001486153
                                                                • Opcode ID: e8ce7c660efa3040c30a1db54354426bbf27a23a7f35393858fb19190b2c85a0
                                                                • Instruction ID: 4167bca9f190cadbb407840fe03fba445a99e32f2111733292b8bfb6a5904e83
                                                                • Opcode Fuzzy Hash: e8ce7c660efa3040c30a1db54354426bbf27a23a7f35393858fb19190b2c85a0
                                                                • Instruction Fuzzy Hash: EC31AB3AA08E4295FA609F19E8502B96B60FB84BD2F844131CB5E47799DF3CD48BC708
                                                                Function 00007FF7E5D61420 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                • API String ID: 2050909247-3659356012
                                                                • Opcode ID: 077e8b14b07a7cc32ad649ba2a3e64b58fc62f6872d1ece476a4769d3685b742
                                                                • Instruction ID: 7f618cc36fcf15e4feaecf71b6cbd78a1b9a007a339bda92ffc41a6e37164398
                                                                • Opcode Fuzzy Hash: 077e8b14b07a7cc32ad649ba2a3e64b58fc62f6872d1ece476a4769d3685b742
                                                                • Instruction Fuzzy Hash: F041A621B0895A81EE20FB55A8A07B6E360EF04FD0FC44133DE4D8BB55EEBCE4468712
                                                                Function 00007FF7E5D611D0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentProcess
                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                • API String ID: 2050909247-2813020118
                                                                • Opcode ID: af13fbfa16edd7bb79b6fa6e8f7306b15fd9428bf7baef927f2c1b3844413e04
                                                                • Instruction ID: 51a695f167d61901357dd67956f5360947df1af5b271fba7dcd51a59c37b4751
                                                                • Opcode Fuzzy Hash: af13fbfa16edd7bb79b6fa6e8f7306b15fd9428bf7baef927f2c1b3844413e04
                                                                • Instruction Fuzzy Hash: 8551F722A08A4A81E660FB51A4E03BAA291BB44F94FC44337DD4EC7BD5EF7CD406C711
                                                                Function 00007FF8B8F77000 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                • String ID: _SSLContext
                                                                • API String ID: 3264916389-1468230856
                                                                • Opcode ID: ec8d2544eb27ef1cf7f8a4d42c015db2229ec9701b346d633fb2f81f14b7e4b2
                                                                • Instruction ID: 1d82e20b070b7b2436db6842572d0dbe165ab74a4d3efe27bbb56b6bb5df9c50
                                                                • Opcode Fuzzy Hash: ec8d2544eb27ef1cf7f8a4d42c015db2229ec9701b346d633fb2f81f14b7e4b2
                                                                • Instruction Fuzzy Hash: 97218139B19E42C1FE50AB2AE8401756BA1BF48FD2F484430DB5D83768DF6CE5928304
                                                                Function 00007FF7E5D7BB60 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: f4d4eaa9f9719d9b01c1f0ada3a05cdcadf9cc5c0cd80aa5858acc27961052ac
                                                                • Instruction ID: 01258c459f189981fe8f91295d2fcfa7a7af43e00fbb02bff0f1fd171c994737
                                                                • Opcode Fuzzy Hash: f4d4eaa9f9719d9b01c1f0ada3a05cdcadf9cc5c0cd80aa5858acc27961052ac
                                                                • Instruction Fuzzy Hash: 2DC1D722A0C68A81F760EB15D4E43BDF760EB81F80FD54132DA4E87791EE7DE8458722
                                                                Function 00007FF8B8060710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: R_newR_set_debug
                                                                • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                • API String ID: 193678381-2714770296
                                                                • Opcode ID: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                • Instruction ID: 7da88e8e81171886b81b6f9244005a5063ec454212a4c91d0c78fee2a633490f
                                                                • Opcode Fuzzy Hash: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                • Instruction Fuzzy Hash: E6614E32A0978285EBA0CF29E4503AD37A1FB45BC8F088036DB8D57795DF38D556C728
                                                                Function 00007FF8B800FAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                • API String ID: 2134390360-2964568172
                                                                • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                • Instruction ID: 12d3c43615b9880d7aaec8495e2687332751f9e59e8713655050a9f9ab54e127
                                                                • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                • Instruction Fuzzy Hash: 4D217423F0874682EA50EB39E4516AE6351EF897D4F580131EB4D467D6DF3CE5938A04
                                                                Function 00007FF7E5D625A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,00007FF7E5D626F4), ref: 00007FF7E5D625D1
                                                                  • Part of subcall function 00007FF7E5D61ED0: GetLastError.KERNEL32 ref: 00007FF7E5D61EEC
                                                                  • Part of subcall function 00007FF7E5D61ED0: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E5D625EE,?,00007FF7E5D626F4), ref: 00007FF7E5D61F56
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileFormatLastMessageModuleName
                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                • API String ID: 1234058594-2863816727
                                                                • Opcode ID: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction ID: 8ad491b3e1a303de3165155a8f6276a08e7878babfc67b5bc1ffdb7b3ceb333a
                                                                • Opcode Fuzzy Hash: 65b9fcef5ef1d5fe4a0761813f3a61d529644fdc59a7ebe131a5006a953f7c10
                                                                • Instruction Fuzzy Hash: E1219761B1894B81FA20F724E8F43B99251AF58B94FC00337E65DC65E6EEBCD5068722
                                                                Function 00007FF8B8F71DA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FF8B8F71DC0
                                                                • PyModule_GetState.PYTHON312 ref: 00007FF8B8F71DD5
                                                                  • Part of subcall function 00007FF8B8F71E08: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FF8B8F71DE6), ref: 00007FF8B8F71E2A
                                                                  • Part of subcall function 00007FF8B8F71E08: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FF8B8F71DE6), ref: 00007FF8B8F71E3C
                                                                  • Part of subcall function 00007FF8B8F71E08: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FF8B8F71DE6), ref: 00007FF8B8F71E47
                                                                  • Part of subcall function 00007FF8B8F71E08: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FF8B8F71DE6), ref: 00007FF8B8F71E75
                                                                • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FF8B8F71DEC
                                                                • PyErr_Format.PYTHON312 ref: 00007FF8B8F73862
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_SizeStateT_freeValue_
                                                                • String ID: unknown object '%.100s'
                                                                • API String ID: 2376969911-3113687063
                                                                • Opcode ID: d9b4d4975734ea15646eee8fb9c3d0b379545d0c4b71bf7e6638dc8ceb9f44e1
                                                                • Instruction ID: 527cd4755d853ed6f5c0d9860e9842e97c712a78b91cb30581faae5bb3a7756d
                                                                • Opcode Fuzzy Hash: d9b4d4975734ea15646eee8fb9c3d0b379545d0c4b71bf7e6638dc8ceb9f44e1
                                                                • Instruction Fuzzy Hash: 17F03679B19F4281FA04DB2BA9540395A51AF8CFD1F884031DF0E47B19DF2CE5868704
                                                                Function 00007FF8B9061000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174014272.00007FF8B9061000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9060000, based on PE: true
                                                                • Associated: 00000003.00000002.2173996919.00007FF8B9060000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174033510.00007FF8B9062000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174052648.00007FF8B9064000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b9060000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Import$Capsule_DeallocImport_Module
                                                                • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                • API String ID: 1394619730-824592145
                                                                • Opcode ID: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                • Instruction ID: a4fba066cdd3ca95fecde39f0de6aff2f4316b0e295aef20fdc41ac0ea6e2fb5
                                                                • Opcode Fuzzy Hash: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                • Instruction Fuzzy Hash: 8DE0C925E0D582C1FE99DF1D9C4427422E5AF64B80F858435C70D862A0EF7CE5878710
                                                                Function 00007FF8B7E08980 Relevance: 7.6, APIs: 5, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169343526.00007FF8B7E01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8B7E00000, based on PE: true
                                                                • Associated: 00000003.00000002.2169321575.00007FF8B7E00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169483594.00007FF8B7EE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7e00000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast
                                                                • String ID:
                                                                • API String ID: 1452528299-0
                                                                • Opcode ID: 44d2f96c8e0af26a82585af827d67bc849b133391cf72f933bd2390903c4a44b
                                                                • Instruction ID: 87a878a27a00377fb83c39c38b70e1740affae2391459eda43e3a251c1049063
                                                                • Opcode Fuzzy Hash: 44d2f96c8e0af26a82585af827d67bc849b133391cf72f933bd2390903c4a44b
                                                                • Instruction Fuzzy Hash: BD518520E0CB0381FA95A76CA55217D22A5AF44FE0F184639E72E67BF6DE2CF815C711
                                                                Function 00007FF7E5D7FD1C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _get_daylight$_isindst
                                                                • String ID:
                                                                • API String ID: 4170891091-0
                                                                • Opcode ID: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction ID: 52e4d0fc4e3a1b484f7fb02ef641a2cab7aacc78db1fe57eb946b48cf26e75d3
                                                                • Opcode Fuzzy Hash: 4858f8cd19caa2a963f97c62f7cf419c6ccc0f2ddde666d924458c87d99ac7a2
                                                                • Instruction Fuzzy Hash: 01510572F0415A8AEB24EB2498E17BCE7A1AB01B58FD00137DD2ED2AD5DF38A406C711
                                                                Function 00007FF7E5D75848 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                • String ID:
                                                                • API String ID: 2780335769-0
                                                                • Opcode ID: c8443f222f7955abaccbd633dd6c0c22e009ea4c1ae81d7bc85d106a4d3da070
                                                                • Instruction ID: a59e641068627cf8044d5e84e4d0572f518067f47636c008b4aca1b618e6afa4
                                                                • Opcode Fuzzy Hash: c8443f222f7955abaccbd633dd6c0c22e009ea4c1ae81d7bc85d106a4d3da070
                                                                • Instruction Fuzzy Hash: AE518022E08645CAF710EF70D4A03BDA3A1EB48F58F948536DE4D9B689DF38D4818762
                                                                Function 00007FF7E5D756F4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 1279662727-0
                                                                • Opcode ID: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction ID: b41b8078646817d050b7b0494476512e79bded1f2fdf5a9101a16107430dbffa
                                                                • Opcode Fuzzy Hash: dd7eac1057e584b1087a132c8893c35ef1df72ce863294a3bcebda750911c608
                                                                • Instruction Fuzzy Hash: 4541C932D1874683F750EB20D5A0379A360FB95B94F509336E65C47AD5EF7CA4E08712
                                                                Function 00007FF8B7E084B0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169343526.00007FF8B7E01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8B7E00000, based on PE: true
                                                                • Associated: 00000003.00000002.2169321575.00007FF8B7E00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169483594.00007FF8B7EE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7e00000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast
                                                                • String ID:
                                                                • API String ID: 1452528299-0
                                                                • Opcode ID: 500a536d6c844823ace2e23cf9f0573e36f43f6c55640cbb5d5c94bcb2d445f8
                                                                • Instruction ID: ca6e49e9ad944b609336e54f58948d80584389c7a751abcd2324dbccaefcacab
                                                                • Opcode Fuzzy Hash: 500a536d6c844823ace2e23cf9f0573e36f43f6c55640cbb5d5c94bcb2d445f8
                                                                • Instruction Fuzzy Hash: E0216D20A0DB0346FA98AB6CA9A617D62955F44FE4F140A38D73E577F6EE2CB805C710
                                                                Function 00007FF8B80174A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: J_nid2snR_fetchR_pop_to_markR_set_mark
                                                                • String ID:
                                                                • API String ID: 2772354928-0
                                                                • Opcode ID: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                • Instruction ID: d0b3f9443f89d85bb56d78be15410f8b976c691669c7cee24decdac4f417a3a9
                                                                • Opcode Fuzzy Hash: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                • Instruction Fuzzy Hash: FFF03011B0978141EE44B76A69811BD95519F99BC0F085438FF4D57BEBDF3CE5434608
                                                                Function 00007FF8B8F7B608 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Eval_Thread$FreeMem_O_free_allObject_RestoreSaveTrackX_free
                                                                • String ID:
                                                                • API String ID: 3459953665-0
                                                                • Opcode ID: 18b80c608f07c00e641e9ef01e57d6251f686d03cb591226dae76ac8af8e4881
                                                                • Instruction ID: 1710ef8f2f864aa890690832a55a6a1896a76468dbd704b2e8d11ace96e052dc
                                                                • Opcode Fuzzy Hash: 18b80c608f07c00e641e9ef01e57d6251f686d03cb591226dae76ac8af8e4881
                                                                • Instruction Fuzzy Hash: ECF0B73AA09E4281FB04AF2AE9441786760EB89FD6F485031DB1E06369DF38D4A6C304
                                                                Function 00007FF8B7E062A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169343526.00007FF8B7E01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8B7E00000, based on PE: true
                                                                • Associated: 00000003.00000002.2169321575.00007FF8B7E00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169483594.00007FF8B7EE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7e00000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID: @
                                                                • API String ID: 3000768030-2766056989
                                                                • Opcode ID: 10c4fa39cb729f91123b6bf367b60b64fb3467f7e4e6d2d3a76a5de364945ac9
                                                                • Instruction ID: 9ec903ad32084451927f5fb50bb693f10858364012d7afe7f07e59bc183ae37b
                                                                • Opcode Fuzzy Hash: 10c4fa39cb729f91123b6bf367b60b64fb3467f7e4e6d2d3a76a5de364945ac9
                                                                • Instruction Fuzzy Hash: 56218222A08B4281EB608B2D949123D2A54EF99FB4F651335D7AF177F4CF3DD881D281
                                                                Function 00007FF8B804E5EC Relevance: 4.8, APIs: 3, Instructions: 344COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastM_freeR_clear_error
                                                                • String ID:
                                                                • API String ID: 1231514297-0
                                                                • Opcode ID: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                • Instruction ID: c47aedc5736e0bf378985a74f7070bca6da9a2811d0cbb6b964a4012c31c4bf8
                                                                • Opcode Fuzzy Hash: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                • Instruction Fuzzy Hash: 7231AE72A486438AFB649E29948127D27B0FF60BE4F5C4435DF49426C6DF38EA83C748
                                                                Function 00007FF8B7FF1DF2 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastM_freeR_clear_error
                                                                • String ID:
                                                                • API String ID: 1231514297-0
                                                                • Opcode ID: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                • Instruction ID: 5a3629bcb56c17b2e61e5ca0a39fec328fe63faa42f9992ba9dd318b9604b7db
                                                                • Opcode Fuzzy Hash: 30f5a756a2453722bd5fc7c60f00636787785f570310c9cdf96fb774af82a049
                                                                • Instruction Fuzzy Hash: 4B318132B4924389FF64AE29944027D23A1FF60BE4F2C4431DF49466C5CF38EA838748
                                                                Function 00007FF7E5D79A80 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction ID: 8738c7caec70a2ce43ecf0ac8f8c8e9f8d601cc13cc7dfb246650bfd4ff8fdb3
                                                                • Opcode Fuzzy Hash: 2c24119f787965044d627fb85e1f935b4d689670476c95a23688f33a408cf2b4
                                                                • Instruction Fuzzy Hash: 9DD06711B09A0A82EA54FB7158E527893519F48F41F90143AC90E9A7A3DD3DA44D4322
                                                                Function 00007FF8B8CE252E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID: <module>
                                                                • API String ID: 3617616757-217463007
                                                                • Opcode ID: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                • Instruction ID: 3e8cafcb2950519cf78992ef36e6cbfa6f8a23f6a9acb4d4add8c0bcdf269608
                                                                • Opcode Fuzzy Hash: 3d0b5fe31bdceefd0d16471987016516823057e139ed2a49c540c935358a7bd8
                                                                • Instruction Fuzzy Hash: 64F030E6E0A61782FBA59F1DA83817423506F447D2F804035DF2E07660DF2CB5438708
                                                                Function 00007FF7E5D6E7E4 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction ID: 36e9fc17dbc5c8a8a14236c195034bd1519fd7f3e2a804523b7263f780c0c2d8
                                                                • Opcode Fuzzy Hash: 6bf03d38dba950430044e224e6de6b096b3435415f1f736879eee21a3c0d5c6e
                                                                • Instruction Fuzzy Hash: 4C511B61A09A4985FA64EA25D4A077BE395FF84FA4F844733DD6C873C5CE7CE4028623
                                                                Function 00007FF7E5D6B34C Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 1236291503-0
                                                                • Opcode ID: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction ID: bb06c77d0b068aae47c222dec58b1ee92c332d2b7d1ebfd99fb31e2d717bf95d
                                                                • Opcode Fuzzy Hash: 59deef07c40312847f55d6def9df2cc1f37e1ab7e24cf60098a74783f5463ac3
                                                                • Instruction Fuzzy Hash: 84310C21A0890A41FA10FB6594F13B99391AF45F84FC40237EA0DCB697DEBDE4068733
                                                                Function 00007FF7E5D7C51C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FileHandleType
                                                                • String ID:
                                                                • API String ID: 3000768030-0
                                                                • Opcode ID: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction ID: 20d7e1fcdb42c568aebb9b76a4652e811f424277b428323c85735526b3a6bfc8
                                                                • Opcode Fuzzy Hash: 3071b830118634cb40028611ceeffb06fc3458eceab3432db34a7b9b2b67f05b
                                                                • Instruction Fuzzy Hash: B8318622A18B4A85DB64DB1495E4278A750FB45FB0BA4133ADB6F973F0CF39E461C312
                                                                Function 00007FF7E5D7AB70 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF7E5D7A9ED,?,?,00000000,00007FF7E5D7AAA2), ref: 00007FF7E5D7ABDE
                                                                • GetLastError.KERNEL32(?,?,?,00007FF7E5D7A9ED,?,?,00000000,00007FF7E5D7AAA2), ref: 00007FF7E5D7ABE8
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification
                                                                • String ID:
                                                                • API String ID: 1687624791-0
                                                                • Opcode ID: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction ID: bb38d8d9627652b323903c953e6964eb6a845ee33388cb88f18b2e7f4fc491c5
                                                                • Opcode Fuzzy Hash: 8421e8a4af99ada878c6549736f5471f2f7f62c165e76de116515189c6a53e17
                                                                • Instruction Fuzzy Hash: 75218021B1864A41EE50F71595E03BD93829F44FA0F884277EA1FC63D6DE7CA4408322
                                                                Function 00007FF8B7E0E040 Relevance: 3.0, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF8B7E4D82A,?,?,?,00007FF8B7E47AE1,?,?,?,?,00007FF8B7E05036,?,?,?), ref: 00007FF8B7E0E088
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169343526.00007FF8B7E01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8B7E00000, based on PE: true
                                                                • Associated: 00000003.00000002.2169321575.00007FF8B7E00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169483594.00007FF8B7EE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7e00000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 1615ab53de4aabf0c0b3efcd15b96cedb5e4b59eb6f957d50f43ffb1f4246435
                                                                • Instruction ID: 6f63c9517ea11e85149613c8c53a9a47e9eae4d23238ade17edca7798b247680
                                                                • Opcode Fuzzy Hash: 1615ab53de4aabf0c0b3efcd15b96cedb5e4b59eb6f957d50f43ffb1f4246435
                                                                • Instruction Fuzzy Hash: FD11A060B1D70399FAA59B2EE84167E2740AF85FE0F485A34CB1E477F1DE2CE4018310
                                                                Function 00007FF7E5D7C238 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF7E5D7C224,?,?,?,00000000,?,00007FF7E5D7C32D), ref: 00007FF7E5D7C284
                                                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF7E5D7C224,?,?,?,00000000,?,00007FF7E5D7C32D), ref: 00007FF7E5D7C28E
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ErrorFileLastPointer
                                                                • String ID:
                                                                • API String ID: 2976181284-0
                                                                • Opcode ID: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction ID: ab790ea5212036ddf3ff685b11882b1f518d11cc284b7d035df233ff9b72e31b
                                                                • Opcode Fuzzy Hash: 7c3c9af7b0c3ba882c1d4f7bd1684166dd02ec46220af4d411bd6b8cca88beee
                                                                • Instruction Fuzzy Hash: 12110421708B4585DA10EB65A890269B361AB45FF0F944332EF7E8B7F9CE3CD0548301
                                                                Function 00007FF7E5D759F0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D75905), ref: 00007FF7E5D75A23
                                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E5D75905), ref: 00007FF7E5D75A39
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Time$System$FileLocalSpecific
                                                                • String ID:
                                                                • API String ID: 1707611234-0
                                                                • Opcode ID: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction ID: 88a2b113beec132d9060e1ae12630e8ecbdceb0f929e1016bbaa4f34e4db20fb
                                                                • Opcode Fuzzy Hash: 24756dbb2e9daa31db72e7dcf0b088d8d1bf88fd8db7438d69b0fd56222304ee
                                                                • Instruction Fuzzy Hash: 0B11C43160CA47C2EA50EB50A4A123BF3A0FB80B64F900237E69DC59E4EF7CE014CB11
                                                                Function 00007FF8B7E074C0 Relevance: 2.5, APIs: 2, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF8B7E074CD
                                                                  • Part of subcall function 00007FF8B7E061AC: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8B7E06113), ref: 00007FF8B7E061D8
                                                                  • Part of subcall function 00007FF8B7E061AC: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF8B7E06113), ref: 00007FF8B7E0622D
                                                                • LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF8B7E074F3
                                                                  • Part of subcall function 00007FF8B7E0624C: GetStartupInfoW.API-MS-WIN-CORE-PROCESSTHREADS-L1-1-0 ref: 00007FF8B7E0626C
                                                                  • Part of subcall function 00007FF8B7E062A0: GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF8B7E062FC
                                                                  • Part of subcall function 00007FF8B7E062A0: GetFileType.KERNEL32 ref: 00007FF8B7E06312
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169343526.00007FF8B7E01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF8B7E00000, based on PE: true
                                                                • Associated: 00000003.00000002.2169321575.00007FF8B7E00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169448185.00007FF8B7EB1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169483594.00007FF8B7EE9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169506454.00007FF8B7EEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7e00000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$FileHandleInfoStartupType
                                                                • String ID:
                                                                • API String ID: 2762830733-0
                                                                • Opcode ID: c868589744674d6913eb51937418dee57fcc5d1debfb9aa775668d33186eab68
                                                                • Instruction ID: 2c80d66dc9ca392ead2ca7b0d239aabcccae3b634acc54f6c9953c4f147da3b9
                                                                • Opcode Fuzzy Hash: c868589744674d6913eb51937418dee57fcc5d1debfb9aa775668d33186eab68
                                                                • Instruction Fuzzy Hash: D4E01260E1970396FA55ABB998931BD27249F65FD1F940430D72F812B2DF2DB4898331
                                                                Function 00007FF7E5D7BFB0 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 23e1e69210e6edff46c1a20a99ff15067d5ab76a9899098d0cc9a0d673f9d892
                                                                • Instruction ID: e649007bf089f39f780ecdc6575de7680b3a64027ecc315f4919987ca4c2fc40
                                                                • Opcode Fuzzy Hash: 23e1e69210e6edff46c1a20a99ff15067d5ab76a9899098d0cc9a0d673f9d892
                                                                • Instruction Fuzzy Hash: 7F41A23290820947EA34EB19E5A0379F7A0EB55F84F900132E79EC7691DF7DE4428B62
                                                                Function 00007FF8B804E330 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,?,-00000031,?,00007FF8B804E9A4), ref: 00007FF8B804E3D7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: M_grow_clean
                                                                • String ID:
                                                                • API String ID: 964628749-0
                                                                • Opcode ID: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                • Instruction ID: d8dbba95050a3801df7bde3629f100758063d75c6997144dfc9b205624ec6e59
                                                                • Opcode Fuzzy Hash: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                • Instruction Fuzzy Hash: 4C415862A4968786EF249F29D55437927A1EB90BE8F0C8235CB4D077D8DF38E9438708
                                                                Function 00007FF7E5D66920 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _fread_nolock
                                                                • String ID:
                                                                • API String ID: 840049012-0
                                                                • Opcode ID: 7216689617feb61d33e57569e3dc3bdfa95d4bc45a68d70d8a0bb8748856956d
                                                                • Instruction ID: b44e74e4cdd5e6167fef009561d08621196f67ab34df33db47234438e10d1f6c
                                                                • Opcode Fuzzy Hash: 7216689617feb61d33e57569e3dc3bdfa95d4bc45a68d70d8a0bb8748856956d
                                                                • Instruction Fuzzy Hash: D321F515B08A9545FA10FB1264A03B6D655BF45FD4FCC5132DD0CCB786CEBCE002C211
                                                                Function 00007FF7E5D7BA40 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction ID: 060e359b53ea74a89029151b7caba7d62548b4faa1025cee738e813131d9a72e
                                                                • Opcode Fuzzy Hash: cf7c005c1e31e7ea229f5223e293a291a449fd9923c8bf07186dd3c48721cc09
                                                                • Instruction Fuzzy Hash: 4B314B31A18A1A85F651FB15C8E137DA7A0AB84F95FC10137E95D833D2EEBCE4418732
                                                                Function 00007FF8B8F783A8 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173879135.00007FF8B8F71000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8B8F70000, based on PE: true
                                                                • Associated: 00000003.00000002.2173859317.00007FF8B8F70000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173899433.00007FF8B8F7D000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173922137.00007FF8B8F90000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173941068.00007FF8B8F91000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173959324.00007FF8B8F97000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173978125.00007FF8B8F99000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8f70000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_KeywordsUnpack
                                                                • String ID:
                                                                • API String ID: 1409375599-0
                                                                • Opcode ID: 4f70251f1997f56840d150c754dbca9097f8bb8d4c3a8e005e7515773daa2ba7
                                                                • Instruction ID: 800e273401185d1bedc27e49271d18608ca141d8e167aaed5270e283681d7f32
                                                                • Opcode Fuzzy Hash: 4f70251f1997f56840d150c754dbca9097f8bb8d4c3a8e005e7515773daa2ba7
                                                                • Instruction Fuzzy Hash: DB21BF7AB19F9285FA52CF4AA8009696BA4FB08BC6F850032DF4C17764DF7CE412C708
                                                                Function 00007FF8B7FF1F46 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: O_ctrl
                                                                • String ID:
                                                                • API String ID: 3605655398-0
                                                                • Opcode ID: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                • Instruction ID: 6d59bc65e5386a412a741db91220e4d59c0737f5e1f12823e1b6a83fbba24211
                                                                • Opcode Fuzzy Hash: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                • Instruction Fuzzy Hash: 76316B32609B8586EB508F25E440BDE7760FB85BC8F484136EF8D4BB99CF78D5468B05
                                                                Function 00007FF7E5D799B1 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                • String ID:
                                                                • API String ID: 3947729631-0
                                                                • Opcode ID: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction ID: 53dd3645560323c07f38c5bbd90eef94d996653e450535415b903c7754004667
                                                                • Opcode Fuzzy Hash: 7cdee7fffdefcbc5027b0452851aa9c5becd2890f0ec4c7d98fb6386710e4df3
                                                                • Instruction Fuzzy Hash: F521BC32E16A4A8AEB20EF64D0903FC33A0EB44B18F840636D71C86BC5DF38E544C761
                                                                Function 00007FF7E5D76064 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction ID: acab20d629447e40b6fc36418a9e07e146ab3954db447a62e2800b8356d25f80
                                                                • Opcode Fuzzy Hash: 0c710f33dd0e263908a6af9c5a326f17bec47833feda8bc3952fb7c3f2c9ef99
                                                                • Instruction Fuzzy Hash: 26113B22A0864A82EA61FF51D4A037DE764AF85F84FD44436EB4CD7A96DF7CD4408723
                                                                Function 00007FF7E5D866E4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction ID: 5a16e5f50a988be2b83ceaa9f51f6c4cb6b1a99df5a56666b334ceedf7dc96f1
                                                                • Opcode Fuzzy Hash: 371a19b6cbb4e76029cb4c6dd0e3fb09161d29462ff652c7a237cc4efd58c973
                                                                • Instruction Fuzzy Hash: 99219532618A8586EB61EF28E490379B7A0EB94F64F944236E65DCB6D9DF3CD400CB11
                                                                Function 00007FF7E5D6EA64 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: _invalid_parameter_noinfo
                                                                • String ID:
                                                                • API String ID: 3215553584-0
                                                                • Opcode ID: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction ID: c437a6fe87a684590ccf9062512332648797e325ce58314c12a44863ab715e2a
                                                                • Opcode Fuzzy Hash: 94cde1b0722b00ce3a89043d06a8f6ad091ac7731aa2d118b4c7a57a40d7012b
                                                                • Instruction Fuzzy Hash: 4001E525A08B4941E900EB52985026AE7A5FF85FE0F884332EE6C97BD6DE7CD0028712
                                                                Function 00007FF7E5D7D8D4 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(?,?,?,00007FF7E5D7D83D,?,?,?,00007FF7E5D7130F), ref: 00007FF7E5D7D912
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction ID: f33393a323d1d32bed2dea43ef79e6a35a63c48db595b0586744881d5e4690c1
                                                                • Opcode Fuzzy Hash: ed43cc8fef10e4de0f6b38702312381f943abf623902b3a88b5f27f9598a1dfd
                                                                • Instruction Fuzzy Hash: 7DF0D411A0D20E81FE54BBA158A137593845F48FA0FC84632DA2FCA2D2EF3CA4808232
                                                                Function 00007FF8B7FF1D43 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2169553619.00007FF8B7FF1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8B7FF0000, based on PE: true
                                                                • Associated: 00000003.00000002.2169532124.00007FF8B7FF0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169553619.00007FF8B8072000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169625335.00007FF8B8074000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2169807307.00007FF8B809C000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A1000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80A7000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                • Associated: 00000003.00000002.2170139722.00007FF8B80AF000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b7ff0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: O_ctrl
                                                                • String ID:
                                                                • API String ID: 3605655398-0
                                                                • Opcode ID: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                • Instruction ID: 492777270081b81db3f8a93cecb0bb9ca4318f4fea9ff0fe3d13e4bb873545dc
                                                                • Opcode Fuzzy Hash: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                • Instruction Fuzzy Hash: 47E048B2F4510246FB10576D9446B6812A0EF58794F581030DB0D8A7C3EBBDE9D38A08
                                                                Function 00007FF7E5D6B52C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7E5D6B540
                                                                  • Part of subcall function 00007FF7E5D6BF68: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7E5D6BF70
                                                                  • Part of subcall function 00007FF7E5D6BF68: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7E5D6BF75
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                • String ID:
                                                                • API String ID: 1208906642-0
                                                                • Opcode ID: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction ID: 4a1ba82924cbf903f4ed39b5ecf66fb5eb69ddb59fdb2b815cc36457744e5213
                                                                • Opcode Fuzzy Hash: 42f905f2e02464d1f18fe0bfc90ee21d32569e03344996040c3241f949aa798e
                                                                • Instruction Fuzzy Hash: E8E07E70D09A4B85FE64B66115F23F982401F21B04EC412BBE84DC61A3ADAEA4471633
                                                                Function 00007FF7E5D67480 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00007FF7E5D67AA0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7E5D631F4,00000000,00007FF7E5D61905), ref: 00007FF7E5D67AD9
                                                                • LoadLibraryW.KERNEL32(?,00007FF7E5D64E86,?,00007FF7E5D6224E), ref: 00007FF7E5D674A2
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2166711767.00007FF7E5D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E5D60000, based on PE: true
                                                                • Associated: 00000003.00000002.2166666805.00007FF7E5D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166739478.00007FF7E5D8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5D9F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166764970.00007FF7E5DA4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000003.00000002.2166803328.00007FF7E5DA7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff7e5d60000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ByteCharLibraryLoadMultiWide
                                                                • String ID:
                                                                • API String ID: 2592636585-0
                                                                • Opcode ID: 306e0b7f68d1bf48911d9a5e828091665b68987f1fa19b16ae1329a1af92c6f2
                                                                • Instruction ID: 1834ce427fac4956876bb98a554dd42f443836eac8f2d7c081c0f00c3659d91a
                                                                • Opcode Fuzzy Hash: 306e0b7f68d1bf48911d9a5e828091665b68987f1fa19b16ae1329a1af92c6f2
                                                                • Instruction Fuzzy Hash: 2AD0C201F2464A41EA44F76BBA96639A2519FC9FD0FC8D036EE0E87B56DC3CC0810B00

                                                                Non-executed Functions

                                                                Function 00007FF8B93C18C0 Relevance: 86.1, APIs: 30, Strings: 19, Instructions: 334threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_LongLong_$Arg_Buffer_$ArgumentOccurredUnsigned$BufferContiguousE_scryptEval_Object_ReleaseStringThread$Bytes_FormatFromKeywordsRestoreSaveSizeUnpack
                                                                • String ID: @$Invalid parameter combination for n, r, p, maxmem.$argument 'n'$argument 'p'$argument 'password'$argument 'r'$argument 'salt'$contiguous buffer$dklen must be greater than 0 and smaller than %d$int$maxmem must be positive and smaller than %d$n is required and must be an unsigned int$n must be a power of 2.$p is required and must be an unsigned int$password is too long.$r is required and must be an unsigned int$salt is required$salt is too long.$scrypt
                                                                • API String ID: 756542180-2474027488
                                                                • Opcode ID: ce52e687de3379b197ac10c5f43fb21e19eb27817606f383836dadd5c04fb4b2
                                                                • Instruction ID: 726d809799f8073302c341639b3808b240ec987455d28a32cf550085cb0fe31f
                                                                • Opcode Fuzzy Hash: ce52e687de3379b197ac10c5f43fb21e19eb27817606f383836dadd5c04fb4b2
                                                                • Instruction Fuzzy Hash: 1DF11925A08FC281EA548F69E8842BA63B0FF48BD5F54A135EF4E476A4DF3CE54D9340
                                                                Function 00007FF8B93C1580 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 220threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$BufferBuffer_D_fetchErr_Eval_ReleaseStringThread$CheckD_freeD_get_flagsD_up_refDeallocDigestInit_exPy_hashtable_getRestoreSaveX_new
                                                                • String ID: -fips$Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required$unsupported hash type %s
                                                                • API String ID: 4208293270-2451375418
                                                                • Opcode ID: 12aebaf60a2722ffa0df6d129a57d2c9aa7bff5e9fff1e8fcc399d5b5b6b9104
                                                                • Instruction ID: cd71543e179eb97d07c9dd5490d1c51f9f9913eeba64f4232daeafe48de08a87
                                                                • Opcode Fuzzy Hash: 12aebaf60a2722ffa0df6d129a57d2c9aa7bff5e9fff1e8fcc399d5b5b6b9104
                                                                • Instruction Fuzzy Hash: 45914D62A09FC282EA649F69A54427B63B4BF5DBD5F14B131EF4E026A0DF2DE45C9300
                                                                Function 00007FF8B9061A00 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174014272.00007FF8B9061000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9060000, based on PE: true
                                                                • Associated: 00000003.00000002.2173996919.00007FF8B9060000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174033510.00007FF8B9062000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174052648.00007FF8B9064000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b9060000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: d2fc5c816bc886ec48474e1f3de92b9dad2b167a0f664e979cdb826d70fdf180
                                                                • Instruction ID: dd900f95fc774ebebf4ab518e844f4cdbf18ebf4992d46ee01f804e0eb0b9d18
                                                                • Opcode Fuzzy Hash: d2fc5c816bc886ec48474e1f3de92b9dad2b167a0f664e979cdb826d70fdf180
                                                                • Instruction Fuzzy Hash: 51312D72609AC18AEBA0DF68E8503ED7361FB84784F44443ADB4D87A95DF38D649C710
                                                                Function 00007FF8B8CE42E8 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 163f402a1fb0e79306561b7d1351dc0227e06d1d27abfb67021ae25e867ac1b0
                                                                • Instruction ID: a49004d9288681a0ce1ba8210e8815904c562c5f7e57e547ffe8c45bf8069947
                                                                • Opcode Fuzzy Hash: 163f402a1fb0e79306561b7d1351dc0227e06d1d27abfb67021ae25e867ac1b0
                                                                • Instruction Fuzzy Hash: 1D3162B2604B8186EBA08F64E8643ED3360FB44785F404439DB5E47B98DF3CE649C704
                                                                Function 00007FF8B8B33E60 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction ID: 2c7ba7c56294cdb018d441c877ca0a347bb3e29d73db44db1a06c0ec7be3d814
                                                                • Opcode Fuzzy Hash: 3d249a4d3ec741f06bccba3fca43a7136d5c4f0ed13e34deacf6695f45bbc58d
                                                                • Instruction Fuzzy Hash: ED313E72649B818AEB609F74E8903EE7360FB88784F44403ADB4E47B98DF38D549C714
                                                                Function 00007FF8B93C4620 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                • String ID:
                                                                • API String ID: 313767242-0
                                                                • Opcode ID: f6967d108f3b71c995da1153c54bfbbbd78574a52a3cc597769a049e7cdf8063
                                                                • Instruction ID: 05d6b8569c67bba877fe1a4ef056a473620c3610b527925e7b5a6ae696b01632
                                                                • Opcode Fuzzy Hash: f6967d108f3b71c995da1153c54bfbbbd78574a52a3cc597769a049e7cdf8063
                                                                • Instruction Fuzzy Hash: 49310A76609F818AEB609F64E8443EA7370FB88784F44543ADB4E47B98DF38D5488710
                                                                Function 00007FF8B93C6344 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: O_memcmp
                                                                • String ID:
                                                                • API String ID: 2788248766-0
                                                                • Opcode ID: f8e9c1bd40b32b5c2717bccf2345a97ef4fa6539e5d9bd7d0ddd4693da1b61dd
                                                                • Instruction ID: f56d906b5fbb97150cd3d0f453f9f4784f2d07b11c54afbb9279ed212809726a
                                                                • Opcode Fuzzy Hash: f8e9c1bd40b32b5c2717bccf2345a97ef4fa6539e5d9bd7d0ddd4693da1b61dd
                                                                • Instruction Fuzzy Hash: D9D0C252F1578943CE0CC7ABBE804A891529BACBD074D8035AE0E83B65C82CC8D04500
                                                                Function 00007FF8B8CD39D0 Relevance: 73.8, APIs: 30, Strings: 12, Instructions: 293stringmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: String$DeallocObject_$Attr$Err_Unicode_$CompareType_Withstrcmp$Clear$AllocCalculateCallDictFastFromGenericMetaclassReadyTrueVectorcall
                                                                • String ID: ABCMeta$GenericMeta$TypingMeta$_ProtocolMeta$__module__$__orig_bases__$__slots__$abc$mypyc classes can't have __slots__$mypyc classes can't have a metaclass$typing$typing_extensions
                                                                • API String ID: 3039355408-3015203947
                                                                • Opcode ID: 581e7a51ebe161312cd1d03399a5527e61c6b6fd9e8a3dc5876b46a657a736b2
                                                                • Instruction ID: fe4f1de8c036d6a24dc08bc3535e43df845a06a6108d9363c8861c6ab8997ee9
                                                                • Opcode Fuzzy Hash: 581e7a51ebe161312cd1d03399a5527e61c6b6fd9e8a3dc5876b46a657a736b2
                                                                • Instruction Fuzzy Hash: C3D16EA6A09B4682EBB19F2DA96C27923A0BF45BC5F444035CF1D46654EF3CF842CB08
                                                                Function 00007FF8B8B327C0 Relevance: 73.7, APIs: 12, Strings: 30, Instructions: 229COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_$Constant$FromType$LongModuleSpecType_$Err_ExceptionLong_ObjectStateTuple_With
                                                                • String ID: CHECK_CRC32$CHECK_CRC64$CHECK_ID_MAX$CHECK_NONE$CHECK_SHA256$CHECK_UNKNOWN$Call to liblzma failed.$FILTER_ARM$FILTER_ARMTHUMB$FILTER_DELTA$FILTER_IA64$FILTER_LZMA1$FILTER_LZMA2$FILTER_POWERPC$FILTER_SPARC$FILTER_X86$FORMAT_ALONE$FORMAT_AUTO$FORMAT_RAW$FORMAT_XZ$MF_BT2$MF_BT3$MF_BT4$MF_HC3$MF_HC4$MODE_FAST$MODE_NORMAL$PRESET_DEFAULT$PRESET_EXTREME$_lzma.LZMAError
                                                                • API String ID: 2322464913-730042774
                                                                • Opcode ID: 16902ff4c441b58d46183b5221af345b25057bea0b569c898dc3f7b5c911b51e
                                                                • Instruction ID: 27f4b89f82fd8021b78fdb414c2d191104f342d8c46f3285b578d084d53591fe
                                                                • Opcode Fuzzy Hash: 16902ff4c441b58d46183b5221af345b25057bea0b569c898dc3f7b5c911b51e
                                                                • Instruction Fuzzy Hash: 00A1E521B98E2362F6149F3EAA412A97365AF09BC5F804030CF1D87665EF6DF50AC719
                                                                Function 00007FF8B8CD13E0 Relevance: 60.0, APIs: 20, Strings: 14, Instructions: 491stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Dict_Format$ItemString$DeallocErrorNextOccurredWith$EqualSliceTuple_Unicode_strchr
                                                                • String ID: %.200s%s missing required argument '%s' (pos %d)$%.200s%s missing required keyword-only argument '%s'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%U' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%s') and position (%d)$at least$at most$exactly$function$keyword $keywords must be strings$this function
                                                                • API String ID: 3559638176-2999033026
                                                                • Opcode ID: 1f8ef507af8cc2a236b28dc01e6daa758a540280c688015cb7e3079141fe9442
                                                                • Instruction ID: 552e9ccb62f06d967bb8cc3a1d0f4ad17c9c519c700fa1d2d97d722408be26f6
                                                                • Opcode Fuzzy Hash: 1f8ef507af8cc2a236b28dc01e6daa758a540280c688015cb7e3079141fe9442
                                                                • Instruction Fuzzy Hash: B43271B1A09B8686EBB09F09E4682A9B3A0FB44BC5F545036DB4D47768DF3CE446CB04
                                                                Function 00007FF8B8CD2150 Relevance: 45.9, APIs: 13, Strings: 13, Instructions: 440COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Format$DeallocDict_$ContainsItemSequence_Tuple_Unicode_
                                                                • String ID: %.200s%s missing required argument '%U' (pos %d)$%.200s%s missing required keyword-only argument '%U'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%S' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%U') and position (%d)$at least$at most$exactly$function$keyword $this function
                                                                • API String ID: 3590232122-3030676885
                                                                • Opcode ID: 1ff9da88f9a7a57dac390b6711fe79e0e012da9bfee1266b6d806b6e39d40ce2
                                                                • Instruction ID: c0aac535f58056a530f7e4e66fcda05af5103fa9e4fbc7ac87eb3a6dbb6ef97a
                                                                • Opcode Fuzzy Hash: 1ff9da88f9a7a57dac390b6711fe79e0e012da9bfee1266b6d806b6e39d40ce2
                                                                • Instruction Fuzzy Hash: D5125EB2609B8692DBB19F49E8686A973A4FB44BC5F444036EB5D43764DF3CF442CB08
                                                                Function 00007FF8B8CDB980 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 367COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$Object_Vectorcall$ChainCode_ContainsDict_EmptyErrorExceptions1FetchFormatFrame_FromItemLong_MethodNumber_ObjectOccurredSet_Ssize_tState_SubtypeThreadType_With
                                                                • String ID: bool$feed$set$str$str or None
                                                                • API String ID: 2120016896-82482222
                                                                • Opcode ID: e10df2e8b84fc016c60972893c28a7248685ceeda9d69689395281560c33c246
                                                                • Instruction ID: 39222e252e1e9f939d61713d87617b0538849f6cb83eeecdefaa6e9125cc9b01
                                                                • Opcode Fuzzy Hash: e10df2e8b84fc016c60972893c28a7248685ceeda9d69689395281560c33c246
                                                                • Instruction Fuzzy Hash: 0F023EB5A0864286EBF0AF1DE9682B963A0AF44BD5F444035DB5D07A99DF3CF446CB08
                                                                Function 00007FF8B8CDAE50 Relevance: 44.1, APIs: 22, Strings: 3, Instructions: 384COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_Vectorcall$Err_Method$ChainCode_EmptyExceptions1FetchFrame_FromLong_Number_Ssize_tState_Thread
                                                                • String ID: bool$feed$str
                                                                • API String ID: 476165880-2613659865
                                                                • Opcode ID: 7f2e8c55a4eeca045cf774529f01804e1fee1cd08f798284cff5715901533d5d
                                                                • Instruction ID: ca32ff2b6a790d7bd0b6c72baab62e6bcd84001c1878636304d182827ef07596
                                                                • Opcode Fuzzy Hash: 7f2e8c55a4eeca045cf774529f01804e1fee1cd08f798284cff5715901533d5d
                                                                • Instruction Fuzzy Hash: 27024FB6A0964282EBF0AF1DE96C2B92391AF447C5F445035DB5D07A99DF3CF442CB48
                                                                Function 00007FF8B8CD9740 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 310COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_$Vectorcall$CompareContainsErr_FormatFromLong_MethodNumber_RichSet_Ssize_tSubtypeType_
                                                                • String ID: bool$feed$set
                                                                • API String ID: 588643045-561237756
                                                                • Opcode ID: 2ce494273f180fa024b86351a584eddda6a252b5bae88b763fbfbb79a573f59b
                                                                • Instruction ID: c649b77fff24f05f7780ef72304ee9d297137c832794df313e14f0c12923d769
                                                                • Opcode Fuzzy Hash: 2ce494273f180fa024b86351a584eddda6a252b5bae88b763fbfbb79a573f59b
                                                                • Instruction Fuzzy Hash: 28D122B5A0860282EBF1AF1DE87927563D1AF44BD5F454035CB1D06AA9DF3DF846CB08
                                                                Function 00007FF8B93C1E40 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 162COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_BufferContiguousObject_Release$ArgumentErr_KeywordsLongLong_OccurredSizeUnicode_Unpack
                                                                • String ID: argument 'hash_name'$argument 'password'$argument 'salt'$contiguous buffer$embedded null character$pbkdf2_hmac$str
                                                                • API String ID: 448224016-2023054051
                                                                • Opcode ID: 69e9f00f44b3f40f86fb55869f68b83c8c910e31a01b11ab5bae36c867e4943d
                                                                • Instruction ID: 6d45f632cfac4d40fbc1eab1aaae3111d8db2821208a4688bb0835f7aa035630
                                                                • Opcode Fuzzy Hash: 69e9f00f44b3f40f86fb55869f68b83c8c910e31a01b11ab5bae36c867e4943d
                                                                • Instruction Fuzzy Hash: 7B81FB22A18FC681EA608F19E8443BA6371FB9D7D4F446236DF8D46665DF3CE549C700
                                                                Function 00007FF8B8CD1D70 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 216stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: strchr
                                                                • String ID: %$Empty keyword parameter name$Empty parameter name after $$Invalid format string ($ before |)$Invalid format string ($ specified twice)$Invalid format string (@ specified twice)$Invalid format string (@ without preceding | and $)$Invalid format string (| specified twice)$More keyword list entries (%d) than format specifiers (%d)$more argument specifiers than keyword list entries (remaining format:'%s')
                                                                • API String ID: 2830005266-262724644
                                                                • Opcode ID: 38c6c7fd6f791c59d1b5912cc3173f5b2923cab9302d414a8e120c7176cfda89
                                                                • Instruction ID: 28b44ec0d0d59b5af3bc1b8a901d9c458254f4a4129525d3adf1b931173ba064
                                                                • Opcode Fuzzy Hash: 38c6c7fd6f791c59d1b5912cc3173f5b2923cab9302d414a8e120c7176cfda89
                                                                • Instruction Fuzzy Hash: 6091A4B1A09A4282EBB49B18E468138B3E1FB48BD5F545136CB5D47B98DF3CF852C708
                                                                Function 00007FF8B93C5794 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_Bool_CheckFromLongPositional
                                                                • String ID: Buffer must be single dimension$compare_digest$comparing strings with non-ASCII characters is not supported$unsupported operand types(s) or combination of types: '%.100s' and '%.100s'
                                                                • API String ID: 2366872897-2538118963
                                                                • Opcode ID: 6a5880c52000b7ec7c64fdb1128536a05dc2275c5edf08b1b1a49cd47ecd3df0
                                                                • Instruction ID: 1fc0ff14c9f2c5c337f2fcbf682c7b16f04b1efaff87d2f6d896cd7bf711fcec
                                                                • Opcode Fuzzy Hash: 6a5880c52000b7ec7c64fdb1128536a05dc2275c5edf08b1b1a49cd47ecd3df0
                                                                • Instruction Fuzzy Hash: 54510766A0DF8692EB608F2AE85577A6371FB4CBC4F546032DF4E476A4DE2CE548C700
                                                                Function 00007FF8B93C1000 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 125threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: BufferBuffer_DigestErr_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                • API String ID: 3306358805-2943709887
                                                                • Opcode ID: ffa78fb9cf0e13fd5266a17905d514e66aac14ddf2671b6f9e39819078df0c1c
                                                                • Instruction ID: b99b52bc84c1250b2e68c954f83bb503d8da590da8f6981483a7ff0b5fed1028
                                                                • Opcode Fuzzy Hash: ffa78fb9cf0e13fd5266a17905d514e66aac14ddf2671b6f9e39819078df0c1c
                                                                • Instruction Fuzzy Hash: D7512D25B18FC285EA609F2AD84427A63B0BB8CBD4F58A131DF5E477B4DF2CE4499740
                                                                Function 00007FF8B93C2110 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 104threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String$Eval_Thread$Bytes_D_freeD_get_sizeD_up_refDeallocFromLongLong_Module_OccurredPy_hashtable_getRestoreSaveSizeState
                                                                • String ID: iteration value must be greater than 0.$key length must be greater than 0.$password is too long.$salt is too long.
                                                                • API String ID: 1537479992-530160643
                                                                • Opcode ID: 437a8a75218f0fcc15b65f7c515ceab8e3b54216f4037f06213bc29d05337a50
                                                                • Instruction ID: 64a4f94b5a9018160aa9186df1360524246909edb337ca2a6a853b54a05a62f8
                                                                • Opcode Fuzzy Hash: 437a8a75218f0fcc15b65f7c515ceab8e3b54216f4037f06213bc29d05337a50
                                                                • Instruction Fuzzy Hash: 0D412536A08F8286EA509F2AE48413A23B0FB8DBD4F156131DF5E837A4DF3CE5098740
                                                                Function 00007FF8B93C61CC Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 86threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: BufferBuffer_Err_Eval_Object_ReleaseStringThreadUpdate$CheckRestoreSaveThread_acquire_lockThread_allocate_lockThread_release_lock
                                                                • String ID: Buffer must be single dimension$Strings must be encoded before hashing$object supporting the buffer API required
                                                                • API String ID: 2508703043-2943709887
                                                                • Opcode ID: 97376add66b81b713f2618c5b33b7a207359033775c0f28a1d481802927d64a2
                                                                • Instruction ID: 9dff6a43afabb63e805225a7180d1d88dc8d28f32df0d8c3e5451d1c0c32341a
                                                                • Opcode Fuzzy Hash: 97376add66b81b713f2618c5b33b7a207359033775c0f28a1d481802927d64a2
                                                                • Instruction Fuzzy Hash: 9A410022A18FC282EA609F19E85427A6770FB9CBC8F146131EF4F43674DF2DE5988740
                                                                Function 00007FF8B8B271F0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 156threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_LongString$Bytes_FromLong_ModuleOccurredSizeStateThread_allocate_lockType_Unsigned
                                                                • String ID: Cannot specify filters except with FORMAT_RAW$Cannot specify memory limit with FORMAT_RAW$Invalid container format: %d$Must specify filters for FORMAT_RAW$Unable to allocate lock
                                                                • API String ID: 553332449-1518367256
                                                                • Opcode ID: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction ID: 9835d757ef656bd702eac38f5737f529667b08ebe3fa4d5c7635d394925f6770
                                                                • Opcode Fuzzy Hash: 83269ee791d243be0076bb43cd9e278918348ca24e3dda33455d90f1b8b1c2f8
                                                                • Instruction Fuzzy Hash: 20615421A88A42C1EA658F3EA85427D7BA1FF49BD4F888135DF0E06294DF3CE457870D
                                                                Function 00007FF8B8B30CAC Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 112COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMem_String$Arg_CallocClearDeallocExceptionFreeItemKeywords_Long_Mapping_MatchesOccurredParseSizeTupleUnsigned
                                                                • String ID: Invalid compression preset: %u$Invalid filter specifier for LZMA filter$preset$|OOO&O&O&O&O&O&O&O&
                                                                • API String ID: 1879153319-1461672608
                                                                • Opcode ID: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction ID: c51d9f4902fedb34ebd764a60449a00e1ffb5deb66325f14f63b6751756b330b
                                                                • Opcode Fuzzy Hash: f4c4c6e41dfebc803be0e4ebb02aeaa3e2e4c228a037d78fce276d899d29ed1e
                                                                • Instruction Fuzzy Hash: 8951FC35A88B8285EA608F29F8402AA73A4FF88BC4F544135DB9D43B64DF7CE456C745
                                                                Function 00007FF8B93C3690 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 109stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_$DeallocDict_String$AttrDictFromItemObjectObject_Proxy_StateUnicode_strncmp
                                                                • String ID: _constructors$openssl_
                                                                • API String ID: 4222656307-3359357282
                                                                • Opcode ID: b28a7b8d108d57e302cd9a3016cdfd6d9fb40260b4281184a2b278c249557a5e
                                                                • Instruction ID: 68e5d6a01713fb61ed19d411d157dcd79e85517ece6a0368d7b637f5d6bb9664
                                                                • Opcode Fuzzy Hash: b28a7b8d108d57e302cd9a3016cdfd6d9fb40260b4281184a2b278c249557a5e
                                                                • Instruction Fuzzy Hash: D6410875A0DF8392EA159F2AE85427A22B4EF4DBD1F486035CF0E067A5EF3CE5498340
                                                                Function 00007FF8B8CD1060 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 134COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$List_$Object_$AppendAttrCallErr_FastLookupSliceStringTuple
                                                                • String ID: __mro_entries__ must return a tuple
                                                                • API String ID: 1865160900-2385075324
                                                                • Opcode ID: b039deb2464f2060ae4a0bd026d99ad7f7f16f43939d06b91a08d2db725bb474
                                                                • Instruction ID: 2254f233f7cc7c144a1924fa27758a14de6491f8488c3b1d6e920d5897781051
                                                                • Opcode Fuzzy Hash: b039deb2464f2060ae4a0bd026d99ad7f7f16f43939d06b91a08d2db725bb474
                                                                • Instruction Fuzzy Hash: 7B5170B2A08A42C6EBB4AF19E96C279A3A1FF45BD5F046032CF1D46654DF3DE4438B04
                                                                Function 00007FF8B8B281F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_$ArgumentBufferContiguousErr_IndexKeywordsLong_Number_Object_OccurredReleaseSsize_tUnpackmemset
                                                                • String ID: argument 'data'$contiguous buffer$decompress
                                                                • API String ID: 883004049-2667845042
                                                                • Opcode ID: 88c77d4d997a75998901cae189d6daafd895ebee0202d34df3d556540e27568e
                                                                • Instruction ID: 1df7c4f55f67826ed365feb02d22b69c7dcd955fdac34a1fb0f60daf3393b6e8
                                                                • Opcode Fuzzy Hash: 88c77d4d997a75998901cae189d6daafd895ebee0202d34df3d556540e27568e
                                                                • Instruction Fuzzy Hash: C9419021A58F4282EA118F39E84027D67A0FB49BD1F884131DF5D177A4DF3CE406C708
                                                                Function 00007FF8B93C5D80 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 102COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_$ArgumentBufferContiguousObject_Release$KeywordsUnpack
                                                                • String ID: argument 'key'$argument 'msg'$contiguous buffer$hmac_digest
                                                                • API String ID: 3345984100-3409375717
                                                                • Opcode ID: fb41b6aa0cae3f82317e0c6388428b0fd7fa67f7124ca0d72b61217752ca230b
                                                                • Instruction ID: 8127e73ba36c05e9ca6c7655b36bf73a5112e77a21ecdcc96e77cc85ae5ae2c8
                                                                • Opcode Fuzzy Hash: fb41b6aa0cae3f82317e0c6388428b0fd7fa67f7124ca0d72b61217752ca230b
                                                                • Instruction Fuzzy Hash: 8B512D62A1CFC681EB108F29E8443FAA370FB997C8F516135EA8D42665DF7CD588C700
                                                                Function 00007FF8B8CD3EE0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$AttrDict_Object_String$ClearExceptionItemMatches
                                                                • String ID: __mypyc_attrs__$__mypyc_attrs__ is not a tuple
                                                                • API String ID: 2346549887-4201147154
                                                                • Opcode ID: e66151341709f08fa87d516288480836e991296861bc7efaf3a726328e6597ee
                                                                • Instruction ID: 0545ef2e2267772be7aa168547c2e47751aeed946b436574ac867d375394a75d
                                                                • Opcode Fuzzy Hash: e66151341709f08fa87d516288480836e991296861bc7efaf3a726328e6597ee
                                                                • Instruction Fuzzy Hash: DC414BB5A08A4682EBB4AF29E86C23963B0FB44FD5F444075CB1D46754EF3DF8468708
                                                                Function 00007FF8B93C2340 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Format$R_clear_errorR_func_error_stringR_lib_error_stringR_peek_last_errorR_reason_error_stringString
                                                                • String ID: [%s: %s] %s$[%s] %s$no reason supplied
                                                                • API String ID: 748225740-1501659929
                                                                • Opcode ID: 881203d62c976654d30891954a9730669c603754517961f2350c2cfc6bd88aed
                                                                • Instruction ID: 00763290ed73ec7d433a50e50ad502330909c8d05b4eb133265bdd72596ed7cf
                                                                • Opcode Fuzzy Hash: 881203d62c976654d30891954a9730669c603754517961f2350c2cfc6bd88aed
                                                                • Instruction Fuzzy Hash: A42147A1A0CF8286EA109F19A84407B62B5BF4DBD1F506134EF4E07B28DF3CE54D8340
                                                                Function 00007FF8B8CD3590 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD3599
                                                                • fprintf.MSPDB140-MSVCRT ref: 00007FF8B8CD35A9
                                                                  • Part of subcall function 00007FF8B8CD1010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF8B8CD1047
                                                                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35B3
                                                                • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35BC
                                                                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35C2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: __acrt_iob_func$__stdio_common_vfprintfabortfflushfprintf
                                                                • String ID: %U%U%s$%U.%U$None$__module__$__qualname__$builtins$fatal: out of memory$tuple[<%d items>]
                                                                • API String ID: 3462009215-2533303582
                                                                • Opcode ID: 3aae54b1b249fabbf7fa54b3ea6166519944189401f5320151bdc15871942efa
                                                                • Instruction ID: 3de350ec0b5fe43eadc93d4218b157726f04c22ddb48e4a66c142777a8440549
                                                                • Opcode Fuzzy Hash: 3aae54b1b249fabbf7fa54b3ea6166519944189401f5320151bdc15871942efa
                                                                • Instruction Fuzzy Hash: 03D062D0D1550283E784A759F87D2746215AF447C3F40143DD62E06269DF1CBC468359
                                                                Function 00007FF8B8B31110 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 143threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Arg_FormatKeywords_ModuleParseSizeStateStringThread_allocate_lockTupleType_
                                                                • String ID: Cannot specify both preset and filter chain$Integrity checks are only supported by FORMAT_XZ$Invalid container format: %d$Unable to allocate lock$|iiOO:LZMACompressor
                                                                • API String ID: 1600877341-3984722346
                                                                • Opcode ID: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction ID: b0f8ad29e60765992155dd604ac1c1f026a5396e05c73210a0652c52d60c8280
                                                                • Opcode Fuzzy Hash: 1e688a17dabf5163ed9c27b377d890ab5408a498247c306a90725e182f9f5b69
                                                                • Instruction Fuzzy Hash: 87611732A48A1285EB508F39E8400BD37A9FB48BD8F504532EF0E53B58EF3CE5468748
                                                                Function 00007FF8B93C5C14 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String$Module_State
                                                                • String ID: Missing required parameter 'digestmod'.$key is too long.
                                                                • API String ID: 450183790-3184708805
                                                                • Opcode ID: aa89080a73bf17a460bf6f4e9cd30d3a08290901bf1590fe557ba88459ccc668
                                                                • Instruction ID: 0d4b427454e77180eaa9576a267bb9ad47b2eff8ee3b6545ca6aed2a81a87156
                                                                • Opcode Fuzzy Hash: aa89080a73bf17a460bf6f4e9cd30d3a08290901bf1590fe557ba88459ccc668
                                                                • Instruction Fuzzy Hash: E441F821A1DF8281EA149F1AA85823AA3B1BF8CFD4F486431DF0E4B765DF3CE4498340
                                                                Function 00007FF8B8CE3850 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: AttrCapsule_DeallocObject_String$Create2Module_
                                                                • String ID: charset_normalizer.md__mypyc.exports$charset_normalizer.md__mypyc.init_charset_normalizer___md$exports$init_charset_normalizer___md
                                                                • API String ID: 2519120496-2411258805
                                                                • Opcode ID: 6cb80ad11c98d76827863cb71e74507b593be2b67b62d800d4c12a6864baf513
                                                                • Instruction ID: 1e9ec90a6c140fedcc4f428589cc239bb97fa97cc1c6b91f5db61be9ab47a17d
                                                                • Opcode Fuzzy Hash: 6cb80ad11c98d76827863cb71e74507b593be2b67b62d800d4c12a6864baf513
                                                                • Instruction Fuzzy Hash: 7031DBB5A19B0783EB958B2DE87C63423A0AF44BD6F455035CB2D067A8DF7CF8468718
                                                                Function 00007FF8B93C2560 Relevance: 19.6, APIs: 13, Instructions: 81threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Bytes_D_get_sizeDigestErr_FinalFromMemoryRestoreSaveSizeStringThread_release_lockX_copyX_freeX_get0_mdX_new
                                                                • String ID:
                                                                • API String ID: 3454437874-0
                                                                • Opcode ID: daa78a20e855eeb57fc627b40b2494b157a0973974f999fd34d7e88e9405f0b1
                                                                • Instruction ID: 5e6d2239fb8c682ea40f1237314c35658763ff62dfef2b75722087ad8a86a2b1
                                                                • Opcode Fuzzy Hash: daa78a20e855eeb57fc627b40b2494b157a0973974f999fd34d7e88e9405f0b1
                                                                • Instruction Fuzzy Hash: F6311625A0DF8282EA249F2EA85817B63B1AF8CBD4F146431DE4F87764DE3CE4098750
                                                                Function 00007FF8B93C2660 Relevance: 19.6, APIs: 13, Instructions: 79threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$D_get_sizeDigestErr_FinalMemoryPy_strhexRestoreSaveThread_release_lockX_copyX_freeX_get0_mdX_new
                                                                • String ID:
                                                                • API String ID: 2571855718-0
                                                                • Opcode ID: 063ef03bf0820d9e85f780c0ef791f972aa524f6cc3b90df4ec4125eeb5b1752
                                                                • Instruction ID: b06a0b30cea5fc1817dad1a0e7552939c19e34f5e7676049981ba8f1d71cff28
                                                                • Opcode Fuzzy Hash: 063ef03bf0820d9e85f780c0ef791f972aa524f6cc3b90df4ec4125eeb5b1752
                                                                • Instruction Fuzzy Hash: 9731F525A0CF8282EA249F2EA89417B63B1AF8CBD5F146431DF4F46765DE3CE44D8750
                                                                Function 00007FF8B93C2800 Relevance: 19.6, APIs: 13, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Mem_$Free$X_free$Err_Memory$DigestFinalMallocPy_strhexX_copyX_new
                                                                • String ID:
                                                                • API String ID: 422439089-0
                                                                • Opcode ID: e0da23306885a1de4733d5368fe5ed6115112598769a1cef94bd8da4b7b6e5ba
                                                                • Instruction ID: 7cd9bedbcbbe431f25bbfd856b96394adee1efb40c95dac96c76e9aea7678122
                                                                • Opcode Fuzzy Hash: e0da23306885a1de4733d5368fe5ed6115112598769a1cef94bd8da4b7b6e5ba
                                                                • Instruction Fuzzy Hash: 5521A724B0DF8381EA54AF2BA95403B63B1AF9DFD1B486431EE4F46765DE2CE4498300
                                                                Function 00007FF8B8B30B5C Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 97COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyMapping_Check.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30B81
                                                                • PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30B9B
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30BB0
                                                                • PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30BC7
                                                                • PyErr_ExceptionMatches.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30C40
                                                                • PyErr_Format.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30C89
                                                                • PyErr_SetString.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30CA2
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B35D3A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$LongMapping_String$CheckDeallocExceptionFormatItemLong_MatchesOccurredUnsigned
                                                                • String ID: Filter specifier must be a dict or dict-like object$Filter specifier must have an "id" entry$Invalid filter ID: %llu
                                                                • API String ID: 1881886752-3390802605
                                                                • Opcode ID: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction ID: 5d1294659d50533abd5034ad75df1c8483a9cdf7d4d6c3e56af8dd8f8ead65dc
                                                                • Opcode Fuzzy Hash: 0c5f6f5e7484fbb015a79b71ea40a48de156ee4d8636223415d5697c2780f545
                                                                • Instruction Fuzzy Hash: 8B41E771A88A03C5EE658F2DA89413973A4AF45BC5F448036CB8E46760EF7CE487C309
                                                                Function 00007FF8B8B30710 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_Buffer_Long$ArgumentBufferCheckContiguousErr_Long_Module_Object_OccurredPositionalReleaseStateUnsignedfreememset
                                                                • String ID: _decode_filter_properties$argument 2$contiguous buffer
                                                                • API String ID: 3656606796-2431706548
                                                                • Opcode ID: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction ID: a326c6d54bb88eb439692db8b1a634afd9a79c6ad3096c46625d5ef52e08312c
                                                                • Opcode Fuzzy Hash: 6ac779201fb040bc529056ec0a6a5a048fdef9ca7122a7e56471178991ab58fb
                                                                • Instruction Fuzzy Hash: 4E317C21A48A46C2EA508F3AD8446A973A0FF98FC4F988131DB4D53764DF3CE94BC744
                                                                Function 00007FF8B8CD3880 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 64threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_$Back_ChainCode_EmptyExceptions1FetchFrame_HereRestoreState_ThreadTrace
                                                                • String ID: charset_normalizer\md.py
                                                                • API String ID: 1599779757-1392889821
                                                                • Opcode ID: 929c761034df64e23572057a73fe2c5fab85c31af172243b9a7b6395f97a8051
                                                                • Instruction ID: 22f9ff6f77763b2c73f5004bdf9be0b024bad4dcd9a74fe411b18d26c4f04335
                                                                • Opcode Fuzzy Hash: 929c761034df64e23572057a73fe2c5fab85c31af172243b9a7b6395f97a8051
                                                                • Instruction Fuzzy Hash: A02121B6A08B4282DBA09F25E96816D77B0FB49BD5F444031DB5D07B68DF3CE946CB04
                                                                Function 00007FF8B8B286B8 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$MemoryString
                                                                • String ID: Corrupt input data$Input format not supported by decoder$Insufficient buffer space$Internal error$Invalid or unsupported options$Memory usage limit exceeded$Unrecognized error from liblzma: %d$Unsupported integrity check
                                                                • API String ID: 60457842-2177155514
                                                                • Opcode ID: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction ID: 7c3897249cdb48efff0704a76239dc6b384240683140f19d3596f368e5a08d9c
                                                                • Opcode Fuzzy Hash: e667bd3184b1031ca586e5cabd8905ebea692642c7ea9d8a448339030e972199
                                                                • Instruction Fuzzy Hash: 27210725EAC61391FAA98B3C985807C1EA1AF557C1FE46031C71E429A49F6EF947C30D
                                                                Function 00007FF8B8CD6E20 Relevance: 18.1, APIs: 12, Instructions: 104threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 2819143443-0
                                                                • Opcode ID: 34ec5bebfffadac6be9bf9876dce8c975bd5e57f5d382802bd6aac2d38012139
                                                                • Instruction ID: 27133f22644721d459bc3e2f2f5c7c138d70f14c32bf91de1253955ee3eaddca
                                                                • Opcode Fuzzy Hash: 34ec5bebfffadac6be9bf9876dce8c975bd5e57f5d382802bd6aac2d38012139
                                                                • Instruction Fuzzy Hash: ED51ECB6908A4281EBB59F7CD46C77832A0AB44BB9F144334CB79426D4CF7DE886C784
                                                                Function 00007FF8B90610D0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174014272.00007FF8B9061000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9060000, based on PE: true
                                                                • Associated: 00000003.00000002.2173996919.00007FF8B9060000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174033510.00007FF8B9062000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174052648.00007FF8B9064000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b9060000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 5d72e879cf7946976a5814a50ab2a295b69da044195d469edd6d5210a35643fb
                                                                • Instruction ID: 2becc0ebc061150f4a4c5b9358cf37384dc7e2ff08470388fb4b75f0668f27aa
                                                                • Opcode Fuzzy Hash: 5d72e879cf7946976a5814a50ab2a295b69da044195d469edd6d5210a35643fb
                                                                • Instruction Fuzzy Hash: F7816921E0C2C386FE90EF6E94412B976A4AF95BC4F04C139EB4D87696DF7CE9479600
                                                                Function 00007FF8B8CE39C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 349153199-0
                                                                • Opcode ID: 96e2149260328018f2ee9c3f905d278b01a8d9e20d367414482ed3a890371b1c
                                                                • Instruction ID: 02d0ac0c05dcd9a306ba6bcf63332b86e9f32430e394d9dc57aeff5188e37016
                                                                • Opcode Fuzzy Hash: 96e2149260328018f2ee9c3f905d278b01a8d9e20d367414482ed3a890371b1c
                                                                • Instruction Fuzzy Hash: 72819FA1E0C64347F7D0AB7EA46927922A0AF857C2F448135EB2D47796DF2DF8478608
                                                                Function 00007FF8B8B27FEC Relevance: 16.7, APIs: 11, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Mem_$memcpy$Bytes_DeallocErr_FreeFromMallocNoneReallocSizeStringmemmove
                                                                • String ID:
                                                                • API String ID: 1220578264-0
                                                                • Opcode ID: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction ID: f95a55a95d60bad279d1298cbef68ee182b9ae9070195b6182713210fa535bae
                                                                • Opcode Fuzzy Hash: 85adeaa55f33651ef0f232b94068ae9b2308325af99af7830eee87ddd8bfa38a
                                                                • Instruction Fuzzy Hash: 3A516D22A19B4281EB64CF39A94023E67A5FB58FD5F584031CF4D177A8DF3CE4928309
                                                                Function 00007FF8B8CDDBF0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 154COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromLong_Ssize_t$BoolCompareErr_Object_OccurredRich
                                                                • String ID: __init__$charset_normalizer.md.CjkInvalidStopPlugin$ratio
                                                                • API String ID: 871640449-4126926341
                                                                • Opcode ID: 50dfb51dc545f733170bcd5f131fd8dec372b9381f754ea30373e4415d5ce4ea
                                                                • Instruction ID: 7305cfa290c300beb646a209bd73644fea797f5b7007d46e2f604c6471dd4b5e
                                                                • Opcode Fuzzy Hash: 50dfb51dc545f733170bcd5f131fd8dec372b9381f754ea30373e4415d5ce4ea
                                                                • Instruction Fuzzy Hash: B05173A1E0864643EBF46B2DA82827963A0AF44BD1F484131DB2D077A5DF7CF4438B58
                                                                Function 00007FF8B8CD4820 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t$Err_ItemObject_Slice_String
                                                                • String ID: interpreted classes cannot inherit from compiled
                                                                • API String ID: 575668516-2110327174
                                                                • Opcode ID: 4e2baef39ba8fe060f07d6d6f0bced05c2d01185e87a098f7d4dafbc9954950d
                                                                • Instruction ID: bead73423021b58a63180ff45182afe3936e033e5b428e28410d8a01ca8953ac
                                                                • Opcode Fuzzy Hash: 4e2baef39ba8fe060f07d6d6f0bced05c2d01185e87a098f7d4dafbc9954950d
                                                                • Instruction Fuzzy Hash: 4D4158B5E09A4286EBF45F2A996C2782390AF45BE1F484130DB6D47BD4DF2DF4538B08
                                                                Function 00007FF8B8CDA110 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$Dict_ErrorFromItemLong_Number_ObjectObject_OccurredSsize_tVectorcallWith
                                                                • String ID: bool$feed
                                                                • API String ID: 2189706420-2849697477
                                                                • Opcode ID: 958a22a6337853555e897f1e5a14fcd0471710981ec55253fe3441e9c772aafb
                                                                • Instruction ID: 423a95cca1811a45bd582fda287364e7242a84da8e46bd674970a4bb17de2d38
                                                                • Opcode Fuzzy Hash: 958a22a6337853555e897f1e5a14fcd0471710981ec55253fe3441e9c772aafb
                                                                • Instruction Fuzzy Hash: B94145B5A09A02C2EBB1AB1DE56827973A1FF44BC1F445035DB5D07B65DF2DF4428B08
                                                                Function 00007FF8B8CDA720 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_ItemObject_$Dict_ErrorObjectOccurredVectorcallWith
                                                                • String ID: bool$feed
                                                                • API String ID: 2902451266-2849697477
                                                                • Opcode ID: f4f92837b73cd07083ecf196f641edd5c5d76e013ce287cc97f39c4dfbe217e1
                                                                • Instruction ID: ed6ce215dabb90821e2812cbf3dfb492f24e950efcb91a13fde6250995ab5e9d
                                                                • Opcode Fuzzy Hash: f4f92837b73cd07083ecf196f641edd5c5d76e013ce287cc97f39c4dfbe217e1
                                                                • Instruction Fuzzy Hash: 484124B5A09A4282EBB5AF19E86827963A1FF44BC1F448031DF5D47B65DF2CF4438B08
                                                                Function 00007FF8B8CDF2F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Err_$Dict_ErrorFromItemLong_Number_ObjectObject_OccurredSsize_tVectorcallWith
                                                                • String ID: bool$feed
                                                                • API String ID: 2189706420-2849697477
                                                                • Opcode ID: 8e0caade2916fc91190bf6248451af5af673b86bd580171c2b13f121ea62ae45
                                                                • Instruction ID: cef65e277aa818b9a49accc4c818c080c906f42e624d6a585a44f6a192b50c7d
                                                                • Opcode Fuzzy Hash: 8e0caade2916fc91190bf6248451af5af673b86bd580171c2b13f121ea62ae45
                                                                • Instruction Fuzzy Hash: 2A4150B2A19A0282EBB0AF1DE56827963A1FF48BC1F444031DB5D47B59DF2CF4428B08
                                                                Function 00007FF8B8CDF0E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_ItemObject_$Dict_ErrorObjectOccurredVectorcallWith
                                                                • String ID: bool$eligible
                                                                • API String ID: 2902451266-3320767611
                                                                • Opcode ID: eacaf991cd320d3b28d9c0a86148e8b297e2767c2de5e507dac64fabba49b49f
                                                                • Instruction ID: c296ff28af5a3f1a9173c95238fcb3fcb81b69ef768fc0be43490341a7ade060
                                                                • Opcode Fuzzy Hash: eacaf991cd320d3b28d9c0a86148e8b297e2767c2de5e507dac64fabba49b49f
                                                                • Instruction Fuzzy Hash: F23130B1A19A4282EBF19B1DE96817963A1FF44BC5F486031DB5D07B58DF2CF842CB08
                                                                Function 00007FF8B8B33550 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction ID: b6f1fd7bac00ee4345df8b6405b0825a5b1c4f2ba110b253fe731db51a379282
                                                                • Opcode Fuzzy Hash: 425fd5ac1271bb133272e3ab21a2143b35eb579dd60372998353d793c77f0ddb
                                                                • Instruction Fuzzy Hash: 0F818C22E8C64396FA54AB7EB4512BA6690AF4DBC0F444035EB0D47792EF3CF9478708
                                                                Function 00007FF8B93C3D10 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                • String ID:
                                                                • API String ID: 190073905-0
                                                                • Opcode ID: ad632e60de9384afdfd7f42ceb838f79c6fef9ceb322364d021ec22254250735
                                                                • Instruction ID: 4b861373b17be906d0fe61adf92c7c8538651b1f5b6206334cb06cbb4ba6c4c7
                                                                • Opcode Fuzzy Hash: ad632e60de9384afdfd7f42ceb838f79c6fef9ceb322364d021ec22254250735
                                                                • Instruction Fuzzy Hash: DB816C61E0CBC346FA90AF6E94452BB66B0AF8D7C0F546435EB4D47796DE2DE80D8700
                                                                Function 00007FF8B8CD80F0 Relevance: 15.1, APIs: 10, Instructions: 82threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 2819143443-0
                                                                • Opcode ID: 23d97488961b93e407653e4d04d1075f3d4a6115df0bee2f52c695c0df5d3962
                                                                • Instruction ID: 1d8895ce30a9919ac7973ee571d5a0e7bf73ec49e224db74324e7c233ce72ed5
                                                                • Opcode Fuzzy Hash: 23d97488961b93e407653e4d04d1075f3d4a6115df0bee2f52c695c0df5d3962
                                                                • Instruction Fuzzy Hash: 0241FEB691860291EBB55F2D986C37832A0EF45FB9F146730CB29422D4CF7DE48A870C
                                                                Function 00007FF8B93C29D0 Relevance: 15.1, APIs: 10, Instructions: 74COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocX_free$Bytes_DigestErr_FinalFromMemorySizeStringX_copyX_new
                                                                • String ID:
                                                                • API String ID: 3259613670-0
                                                                • Opcode ID: bcb404511692de2844bac06c54ac9f445eb19a44b1ea7384dfe0b50dcb24a294
                                                                • Instruction ID: d75d2a52d849dc49b51f4a74166e323a4bdc99aa863cab239ade90a574240f6e
                                                                • Opcode Fuzzy Hash: bcb404511692de2844bac06c54ac9f445eb19a44b1ea7384dfe0b50dcb24a294
                                                                • Instruction Fuzzy Hash: DB31E825A0CF8281EB249F2AA99427B22B0AF8DBD1F047431DF4F46661DF3CE5598700
                                                                Function 00007FF8B8CDA440 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                • String ID: __init__$charset_normalizer.md.UnprintablePlugin$ratio
                                                                • API String ID: 2538524772-1538754472
                                                                • Opcode ID: bd24d104d4e5ddc98eea7bfccf0ae522fc41dc3e0d7e104114ce5afde9d774f5
                                                                • Instruction ID: 7bbd34f56bb2e46b26eefec2c05fcf9ddf351666b4c1fbb545c7159a2a360925
                                                                • Opcode Fuzzy Hash: bd24d104d4e5ddc98eea7bfccf0ae522fc41dc3e0d7e104114ce5afde9d774f5
                                                                • Instruction Fuzzy Hash: 9F5165A1D08A0682E7F5AB2D982817963A1EF44BD1F484531EF5D177A5EF3CF4438B48
                                                                Function 00007FF8B8CE2220 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DoubleErr_Float_Occurred$From
                                                                • String ID: bool$float$mess_ratio$str
                                                                • API String ID: 627764739-3758540285
                                                                • Opcode ID: 8a02f97511670b38e9bcd773b23a0c6d973fa38f5433283c19ee847a82f0f0a0
                                                                • Instruction ID: 9a530e02aa4290b8cfc3e3acc3d6af094ed90c1ad99a57f3a2ee41d8883e7501
                                                                • Opcode Fuzzy Hash: 8a02f97511670b38e9bcd773b23a0c6d973fa38f5433283c19ee847a82f0f0a0
                                                                • Instruction Fuzzy Hash: 9B4195A1A0CA4282EB918F1DE4682BAA364FF997C2F144131EB6D03664DF3CF547C708
                                                                Function 00007FF8B93C2280 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_fetch$D_up_refModule_Py_hashtable_getState
                                                                • String ID: -fips$unsupported hash type %s
                                                                • API String ID: 1568902971-2522765902
                                                                • Opcode ID: 9bf40ab20de0d28e8d0a6f88b8d05df59be241efebc79f61e9cf85efd65cbced
                                                                • Instruction ID: bcd7e51e2f04fcba35471759a4ded7fecd014ce207a5419ee911ce0e66760073
                                                                • Opcode Fuzzy Hash: 9bf40ab20de0d28e8d0a6f88b8d05df59be241efebc79f61e9cf85efd65cbced
                                                                • Instruction Fuzzy Hash: 3231F821A09F9382EAA54F2EA48417B66B0AF4DBD0F582435DF4E477A5DE2DE4498300
                                                                Function 00007FF8B8CE3678 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_Vectorcall$Dict_Item
                                                                • String ID: <module>
                                                                • API String ID: 1355803777-217463007
                                                                • Opcode ID: f44407c62ba38c985b018eb4be88fb5605f156d51110e078f0643a87e94a1170
                                                                • Instruction ID: 4a1d3594e9d7a07483f3fea2190adedc0b4a8bee5ee6a176a0d4a08a86c164a2
                                                                • Opcode Fuzzy Hash: f44407c62ba38c985b018eb4be88fb5605f156d51110e078f0643a87e94a1170
                                                                • Instruction Fuzzy Hash: A83130E5A09A5382EBE05F2DE9A827563A0AF44BD6F444035CB2D07B59DF2DF446C708
                                                                Function 00007FF8B93C5F48 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 71threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Eval_FormatStringThread$Bytes_D_freeFromModule_OccurredR_peek_last_errorRestoreSaveSizeState
                                                                • String ID: key is too long.$msg is too long.
                                                                • API String ID: 915225383-4266787399
                                                                • Opcode ID: 25362360c8b159205e36b4927e12f2d81151e450ce63696c659d494535d66d16
                                                                • Instruction ID: aa82af6107771c94fa468854fc09ba3db5d0fc1f6062789cc8adf17b8da90729
                                                                • Opcode Fuzzy Hash: 25362360c8b159205e36b4927e12f2d81151e450ce63696c659d494535d66d16
                                                                • Instruction Fuzzy Hash: C8311B22A0CFD286EA20DF19E45436AA370FB8DBC4F146235DE4D42B69DF3CE1498700
                                                                Function 00007FF8B93C1815 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_fetchD_freeD_get_flagsDigestErr_FormatInit_exModule_Object_R_peek_last_errorStateX_new
                                                                • String ID: unsupported hash type %s
                                                                • API String ID: 80754726-1604032313
                                                                • Opcode ID: 243a4bed16886a324ecc7baaf6410dc429dc60b114cd24e6e948bc697a62bd03
                                                                • Instruction ID: ddce091c708598a8cd6c5eed8d24c544578be7d1f7cade56dcb2f3297c59a01d
                                                                • Opcode Fuzzy Hash: 243a4bed16886a324ecc7baaf6410dc429dc60b114cd24e6e948bc697a62bd03
                                                                • Instruction Fuzzy Hash: 5A113A65B09F8282EEA59F6AA41427B62B1AF4CFD1F086434DF4E07760EF3DE4599300
                                                                Function 00007FF8B8B284D0 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 47COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Buffer_$Arg_ArgumentBufferContiguousObject_ReleaseThread_acquire_lockThread_release_lockmemset
                                                                • String ID: argument$compress$contiguous buffer
                                                                • API String ID: 1731275941-2310704374
                                                                • Opcode ID: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction ID: d190aa7c2d48bd1864d63031c18ed8cd07a38fbef2a0ec48336c30588a5914a5
                                                                • Opcode Fuzzy Hash: e49fcee8418d40925be70ffaeb55ce411285ea8029e7bf477f1f0c24e54d7857
                                                                • Instruction Fuzzy Hash: DC118262B18A4691EB20DF39E8442BD6360FB88BC4F988131DB4D53664DF3CE947C744
                                                                Function 00007FF8B8CD41E0 Relevance: 13.8, APIs: 9, Instructions: 308COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: From$String$Set_SizeUnicode_$Bytes_Complex_DoubleDoublesFloat_FrozenInternLong_PlaceTuple_
                                                                • String ID:
                                                                • API String ID: 1377717875-0
                                                                • Opcode ID: 1bc6b832a9b101eb94450793bee28bff6ca2690a3c262528acd6d01682900b35
                                                                • Instruction ID: 3d5c0f3135490e8082ab6d2fc3befb21b7082ac51fae18618f62ea86b9709c9f
                                                                • Opcode Fuzzy Hash: 1bc6b832a9b101eb94450793bee28bff6ca2690a3c262528acd6d01682900b35
                                                                • Instruction Fuzzy Hash: 39C105A1A09B4282EBB16F1CA87827977A1EF057D5F484235DB6D17794DF2CE053CB08
                                                                Function 00007FF8B8CD4D40 Relevance: 13.6, APIs: 9, Instructions: 71threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 2819143443-0
                                                                • Opcode ID: fff406a76837bdfc3caa631c0de594268f2a13e9ca8c66fb56096f08c5388120
                                                                • Instruction ID: 0283a53e389ef70006a325c33dc0b8d54b97b9e7ef3f3c01bb5f23a596057f20
                                                                • Opcode Fuzzy Hash: fff406a76837bdfc3caa631c0de594268f2a13e9ca8c66fb56096f08c5388120
                                                                • Instruction Fuzzy Hash: BE31EFB690870281E7B55F39D46C33862A0AF44FBAF154274CB7D466D8CF7DE4868744
                                                                Function 00007FF8B8CD3220 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 188COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Unicode_$CharactersCopyFastFormatStringmemcpy
                                                                • String ID: join() result is too long for a Python string$sequence item %zd: expected str instance, %.80s found
                                                                • API String ID: 3966466113-1579438684
                                                                • Opcode ID: bd94065e028ba6fa2eb67220a7b20d7e8b3b3746a6e474679368a889752c658a
                                                                • Instruction ID: 8a5f4950e604696679b278cbb4de5e4d1cbf18a60d890f881592b2383f97e883
                                                                • Opcode Fuzzy Hash: bd94065e028ba6fa2eb67220a7b20d7e8b3b3746a6e474679368a889752c658a
                                                                • Instruction Fuzzy Hash: 9E61C2E3B0564682EBB09B1DD8587B96690BB85BE1F054275CE2D833D4EF3CE8478704
                                                                Function 00007FF8B8CDC130 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                • String ID: ratio
                                                                • API String ID: 2538524772-4234197119
                                                                • Opcode ID: 3df6ddb79008031f2fa932144166eaa2e045ed27a22e43e2cec9a9a03f3e1f1f
                                                                • Instruction ID: f324a4ed9e173b8aa3702722e672d77d76cf4d06324036ee0f1c047bd8bb7d8b
                                                                • Opcode Fuzzy Hash: 3df6ddb79008031f2fa932144166eaa2e045ed27a22e43e2cec9a9a03f3e1f1f
                                                                • Instruction Fuzzy Hash: 135193B190861382E7B46B6D986827863A0AF45BD0F185130DF5D077A6DF3DF8538B08
                                                                Function 00007FF8B8B3246C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B324B8
                                                                • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B324FC
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B32518
                                                                • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B32567
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Bytes_FromSizeStringmemcpy
                                                                • String ID: Unable to allocate output buffer.
                                                                • API String ID: 76732796-2565006440
                                                                • Opcode ID: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction ID: bc5702a7e5b43ad0c56022cc6609e127dd7f40c5b56f955ff34a6fd7437325fd
                                                                • Opcode Fuzzy Hash: dfc50fe1e76f4b95923bb712c602e591bc04f2612fcca18cafc909a29d1c47b1
                                                                • Instruction Fuzzy Hash: 6C411872A99A0282EF1A8F6AD95026973A0FB48FD5F199432CF0D53755CF38E592C348
                                                                Function 00007FF8B8B3083C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyDict_New.PYTHON312(?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B30849
                                                                  • Part of subcall function 00007FF8B8B30970: PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B30988
                                                                  • Part of subcall function 00007FF8B8B30970: PyUnicode_InternFromString.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B30999
                                                                  • Part of subcall function 00007FF8B8B30970: PyDict_SetItem.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B309B4
                                                                • PyErr_Format.PYTHON312(?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B35C50
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B35C6C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dict_FromLong$DeallocErr_FormatInternItemLong_StringUnicode_Unsigned
                                                                • String ID: Invalid filter ID: %llu$dict_size$dist$start_offset
                                                                • API String ID: 1484310907-3368833446
                                                                • Opcode ID: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction ID: 2b9bd133e881f1cdf9dc0367d6bb1578e7524ab3e8291f47ee67079950694a60
                                                                • Opcode Fuzzy Hash: 2bf5425971416fcf604516447e7ff1f6a8227c031248f9865350739be3ef4e27
                                                                • Instruction Fuzzy Hash: EF41D831A88A0795FE648B3E994467833A0AF45BD4F448636CB1D466A4DF3CE4ABC709
                                                                Function 00007FF8B8CDAC10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_Vectorcall$Err_FormatMethod
                                                                • String ID: bool$eligible
                                                                • API String ID: 131476257-3320767611
                                                                • Opcode ID: f397ca9387d6dfb1835b31036ec0af176946d4d6a5d65748a34c9214785249c7
                                                                • Instruction ID: d6a17e272de75d8b7554696dc09a53c64253c6158e043ead89ff51a0e8fc713a
                                                                • Opcode Fuzzy Hash: f397ca9387d6dfb1835b31036ec0af176946d4d6a5d65748a34c9214785249c7
                                                                • Instruction Fuzzy Hash: 984165B1A0964282EBF09B1DE46827533A0EF447D5F485031DB5D06BA9DF2CF842CB08
                                                                Function 00007FF8B8B36380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FF8B8B34D6B,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B363B8
                                                                • PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FF8B8B34D6B,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B3641B
                                                                • PyList_Append.PYTHON312(?,?,?,00007FF8B8B34D6B,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B3642F
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B34D6B,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B3644B
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B34D6B,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B36464
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocString$AppendBytes_Err_FromList_Size
                                                                • String ID: Unable to allocate output buffer.$avail_out is non-zero in _BlocksOutputBuffer_Grow().
                                                                • API String ID: 1563898963-3455802345
                                                                • Opcode ID: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction ID: 3a2cc9425d2b1c9ad4d4d94bca0360b45008e669b3adf671072b53cb59ffec5d
                                                                • Opcode Fuzzy Hash: 580d003c13f45ba0d3f5d519e6676035726d1c9c5441bda9205d6986d50f6f75
                                                                • Instruction Fuzzy Hash: 54314921A98B4281EB148F3EE94412963A0FB49BE4F144235DB6E477E4DF7CE4468308
                                                                Function 00007FF8B8B295F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$Err_RestoreSaveStringThread_release_lock
                                                                • String ID: Already at end of stream
                                                                • API String ID: 2195683152-1334556646
                                                                • Opcode ID: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction ID: f27d66a96e54998ea34fa0193a27e2838c9e7b66d25858c58208546d49de9e9c
                                                                • Opcode Fuzzy Hash: 3eb67ee195b5bbe57a7cea297c8508a8a17e06b17122ceb0a36300f9ddcb8c56
                                                                • Instruction Fuzzy Hash: 1E111621A48E8285EB55DF6AE84416D67A5FB89FC1F484032DF0E57764CF3CE456C309
                                                                Function 00007FF8B8B29010 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B29036
                                                                • PyThread_release_lock.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B29068
                                                                • PyErr_SetString.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B29098
                                                                  • Part of subcall function 00007FF8B8B28564: PyType_GetModuleState.PYTHON312 ref: 00007FF8B8B2859D
                                                                  • Part of subcall function 00007FF8B8B28564: PyBytes_FromStringAndSize.PYTHON312 ref: 00007FF8B8B285B1
                                                                  • Part of subcall function 00007FF8B8B28564: PyList_New.PYTHON312 ref: 00007FF8B8B285C8
                                                                  • Part of subcall function 00007FF8B8B28564: PyEval_SaveThread.PYTHON312 ref: 00007FF8B8B28619
                                                                  • Part of subcall function 00007FF8B8B28564: PyEval_RestoreThread.PYTHON312 ref: 00007FF8B8B28633
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B34F44
                                                                • PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B34F59
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00007FF8B8B28536), ref: 00007FF8B8B34F62
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Compressor has been flushed
                                                                • API String ID: 3871537485-3904734015
                                                                • Opcode ID: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction ID: a502a7e3365aa4e20e641cd6fad1dc7d27ea5f547e4db444c40e97f1898c18a8
                                                                • Opcode Fuzzy Hash: 7a7077e9134b2479d70bc0b55754877c5396126443336fd8736004c065fe7fd0
                                                                • Instruction Fuzzy Hash: 1C114821A48A8682EB94CF3AE84466E6765FB88FC1F448032DF0E47B24CF3CE456C305
                                                                Function 00007FF8B8B32F1C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$RestoreSaveStringThread_acquire_lock$Bytes_Err_FromList_ModuleSizeStateThread_release_lockType_
                                                                • String ID: Repeated call to flush()
                                                                • API String ID: 3871537485-194442007
                                                                • Opcode ID: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction ID: 282742f185f92b9d6359792ae18044b8d03b3b05394b1869a73ca2cda2f74baf
                                                                • Opcode Fuzzy Hash: a4197e1cdbd251bead5eb9b1989463c00a4a401fc08ccf7e864d5c68d6b91325
                                                                • Instruction Fuzzy Hash: F4111C25A58A9282EA558B3AE84427E7365FF88FC1F048031DB0E47768CF7CE457C706
                                                                Function 00007FF8B93C6404 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Module_State$Dict_ErrorFormatItemOccurredUnicode_With
                                                                • String ID: Unsupported digestmod %R
                                                                • API String ID: 894184546-2483404930
                                                                • Opcode ID: 4dc98bd10f6c1b0717930504ae7cb5ddadb8e86f017fbbcfe60b7e30e8aecefe
                                                                • Instruction ID: 7bda0f4fefc72fbfb49121b9f6405a4326a00efda79c10cc8ea5cdd0f8654cb2
                                                                • Opcode Fuzzy Hash: 4dc98bd10f6c1b0717930504ae7cb5ddadb8e86f017fbbcfe60b7e30e8aecefe
                                                                • Instruction Fuzzy Hash: D4010C61B09F8395EA559F5AE54427B6671AF4CFD4F086039DE4E07761DE2CE4898300
                                                                Function 00007FF8B8CD6060 Relevance: 12.1, APIs: 8, Instructions: 60threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 2819143443-0
                                                                • Opcode ID: 1808094ad2c5952838fb359644ebaa2aa6756bbb3d9bb10f20ec9669fa938947
                                                                • Instruction ID: 6291f9bada67e7132db9d121c1b8c2439789f80309d2539fdfac408b08ae61d9
                                                                • Opcode Fuzzy Hash: 1808094ad2c5952838fb359644ebaa2aa6756bbb3d9bb10f20ec9669fa938947
                                                                • Instruction Fuzzy Hash: 832121B590864281EBB55F69E56C77822A0EF48FE9F154234CB2D422D5CF3DE486C748
                                                                Function 00007FF8B8B28564 Relevance: 10.6, APIs: 7, Instructions: 125threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocEval_Thread$Bytes_FromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2831925710-0
                                                                • Opcode ID: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction ID: 777147fa0d8a4d6ad5a510d4ccd96c4a7b7e96aa29d03f229bf77e7cd6c20cb3
                                                                • Opcode Fuzzy Hash: cae30496bc2a9274937e9c345c6c18388f66ce03b5df9a1d955108f12d730ff2
                                                                • Instruction Fuzzy Hash: 6F516F22A49B5286EA658F39E94426D63A0FB58BD0F540235DFAD03B90DF3CE892C305
                                                                Function 00007FF8B8CDE1B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                • String ID: ratio
                                                                • API String ID: 2538524772-4234197119
                                                                • Opcode ID: b6db84d1c7e11e830000ef7b1fab697241f009562e2efea8cddf9bf8aca289d7
                                                                • Instruction ID: 8e1c1693ed23243d6ec68a5c3ee10c0d24efe381d827e8372ebdb2230f08d2cb
                                                                • Opcode Fuzzy Hash: b6db84d1c7e11e830000ef7b1fab697241f009562e2efea8cddf9bf8aca289d7
                                                                • Instruction Fuzzy Hash: E94171B2908A5286E7F1AB1D986827973A0AF49BD5F140230DB5C177A5DF3DF8438B48
                                                                Function 00007FF8B8CDF530 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                • String ID: ratio
                                                                • API String ID: 2538524772-4234197119
                                                                • Opcode ID: c6cb76a82c0156d83f652a4623d6809029c4d4441d1b486eb3f0817f7220173e
                                                                • Instruction ID: d22aedbc3d279e6850a6bad5576dde07ed88df31342f35e9c05d9f2ecffdd055
                                                                • Opcode Fuzzy Hash: c6cb76a82c0156d83f652a4623d6809029c4d4441d1b486eb3f0817f7220173e
                                                                • Instruction Fuzzy Hash: 9F41A3A1D1864642E7B16F2D982827963A0BF49BD0F081231DF5D16AE5DF3DF8438B48
                                                                Function 00007FF8B8CD4FF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_symbol_count' cannot be deleted$attribute '_symbol_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                • API String ID: 1450464846-2291034628
                                                                • Opcode ID: 005893139290546e466727384096f8c4c27f16b4c59161034916739a6ab1bdf9
                                                                • Instruction ID: 8edad7822605596c78d8be04f66fae7431826fc3e80a482a00c4fddd18cca736
                                                                • Opcode Fuzzy Hash: 005893139290546e466727384096f8c4c27f16b4c59161034916739a6ab1bdf9
                                                                • Instruction Fuzzy Hash: B831A6B1B0850282EBB4AB2DE4BD2792390AF44BD0F585131DB5E477D9DF2DF8868B44
                                                                Function 00007FF8B8CD6190 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FF8B8CD61A8
                                                                • 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted, xrefs: 00007FF8B8CD621C
                                                                • int, xrefs: 00007FF8B8CD62A6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted$attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                                • API String ID: 1450464846-1864222365
                                                                • Opcode ID: 5778859781aa3561020ceb3b05ef8ae724d89a4ce4f3630b9ef98cc72eb7347a
                                                                • Instruction ID: cd0d3c8cf29c1c39f4f21d3fd86ca1a242123e0d5f809998bf9ff10151b01d7b
                                                                • Opcode Fuzzy Hash: 5778859781aa3561020ceb3b05ef8ae724d89a4ce4f3630b9ef98cc72eb7347a
                                                                • Instruction Fuzzy Hash: F031A1A1F0850282EFB4AB2DE8B96782390AF44BD4F585131DB1D077D9DF2CE886CB44
                                                                Function 00007FF8B8CD85B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FF8B8CD85C8
                                                                • int, xrefs: 00007FF8B8CD86C6
                                                                • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted, xrefs: 00007FF8B8CD863C
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted$attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                • API String ID: 1450464846-528010561
                                                                • Opcode ID: 2ca47d72e77a7153c4af469a22f98ddc2045af71414dbb353d6064c52d0c80cb
                                                                • Instruction ID: 56b34c10da366afae8814f1adda6e581a7deb3f18042cbdf101f7cb050b17012
                                                                • Opcode Fuzzy Hash: 2ca47d72e77a7153c4af469a22f98ddc2045af71414dbb353d6064c52d0c80cb
                                                                • Instruction Fuzzy Hash: 2C3172A1B0850282EBF4AB1DE4B92792390EF44BD4F585531EB2D067D4EF2DE4878B08
                                                                Function 00007FF8B8CD5B50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'UnprintablePlugin' object attribute '_unprintable_count' cannot be deleted$attribute '_unprintable_count' of 'UnprintablePlugin' undefined$int
                                                                • API String ID: 1450464846-2997357838
                                                                • Opcode ID: 05d8df805b557c735720644633408e4608b0fbfc31e106f8cc358c40349ee830
                                                                • Instruction ID: 326250f2c3dedb6c9f15866737073ff8df1864f90571be04efa0efeccfd9ef47
                                                                • Opcode Fuzzy Hash: 05d8df805b557c735720644633408e4608b0fbfc31e106f8cc358c40349ee830
                                                                • Instruction Fuzzy Hash: 813194A1B0854292EFB4AB1DE4B92782390AF84BD4F585131DB1D077D4DF2DE887CB08
                                                                Function 00007FF8B8CD7B40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'CjkInvalidStopPlugin' object attribute '_wrong_stop_count' cannot be deleted$attribute '_wrong_stop_count' of 'CjkInvalidStopPlugin' undefined$int
                                                                • API String ID: 1450464846-420147485
                                                                • Opcode ID: d003440fe6475c9f59ed82b76a527c73c740b1cb598ce72131a3b28642e6cd38
                                                                • Instruction ID: b772cdc4e415c056c8784d388a6f9c9166bc83fdb27536e24746f79762e534d2
                                                                • Opcode Fuzzy Hash: d003440fe6475c9f59ed82b76a527c73c740b1cb598ce72131a3b28642e6cd38
                                                                • Instruction Fuzzy Hash: 313165A1B0850295EBB4AB2DE4792792390AF44BD4F685131DB2D067D5DF3DE886CB08
                                                                Function 00007FF8B8CD7160 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_bad_word_count' cannot be deleted$attribute '_bad_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-3520798986
                                                                • Opcode ID: 77c8772b984a2595aac65ff4e3f8c76f4f621aa382ae6883f4a9f238d60c89b9
                                                                • Instruction ID: 4c0178da39cb9d7429cbcab1a3e6cebca2a1aae46303cb154840751494d00924
                                                                • Opcode Fuzzy Hash: 77c8772b984a2595aac65ff4e3f8c76f4f621aa382ae6883f4a9f238d60c89b9
                                                                • Instruction Fuzzy Hash: 4F3185A1F08542D2EBB4AB1DE47D27923A0AF44BD4F685131EB6D06795DF3CE4868B04
                                                                Function 00007FF8B8CD8B60 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArabicIsolatedFormPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'ArabicIsolatedFormPlugin' undefined$int
                                                                • API String ID: 1450464846-3970786323
                                                                • Opcode ID: 2e629f3262497ccb22304782c1099c2c36976ab49dc67f606c1b062756317bff
                                                                • Instruction ID: cb68227e667842bf94e7a576b6ad13ad7aca24adb08e3fd4c6ad14b229c5008a
                                                                • Opcode Fuzzy Hash: 2e629f3262497ccb22304782c1099c2c36976ab49dc67f606c1b062756317bff
                                                                • Instruction Fuzzy Hash: 913183A1B0850691EFB4AB2DE8BD2782390EF84BD0F585531DB1D467D4DF2CE8878B08
                                                                Function 00007FF8B8CD7500 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-3920090044
                                                                • Opcode ID: cd35c19dcae03a46ba023d8733dc0448e3e938908ebc375541851ad2aa41712c
                                                                • Instruction ID: 802d362dc658ed36c9548bda5ec2d26a8e509a491ce3f5ae5f5f5888d8c99721
                                                                • Opcode Fuzzy Hash: cd35c19dcae03a46ba023d8733dc0448e3e938908ebc375541851ad2aa41712c
                                                                • Instruction Fuzzy Hash: 0F3198B1B0850286EBF4AB1DE47D2752390AF44BD4F585131EB2D06794EF3DE496CB05
                                                                Function 00007FF8B8CD5130 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FF8B8CD5148
                                                                • 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FF8B8CD51BC
                                                                • int, xrefs: 00007FF8B8CD5246
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                • API String ID: 1450464846-4240200891
                                                                • Opcode ID: 536accf797a1bbe65dc8a4d75f5ab69cf8332c7d165fc34bcb50e14afcb09dcc
                                                                • Instruction ID: 36dea6bccd24dc2655e47422481fe9b1c0ee11d9053a67b84972a870886c4c28
                                                                • Opcode Fuzzy Hash: 536accf797a1bbe65dc8a4d75f5ab69cf8332c7d165fc34bcb50e14afcb09dcc
                                                                • Instruction Fuzzy Hash: 3F3174A1F0854282EBB4AB1DE4792792360AF44BD4F585131DB1D477D9DF2CE886CB08
                                                                Function 00007FF8B8CD5730 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManyAccentuatedPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                                • API String ID: 1450464846-2022335554
                                                                • Opcode ID: cef47ad94a8524b23c3b55ca13b9a14f862f4f76f789291d3bde506f314e6f26
                                                                • Instruction ID: 7bf21b8604596828cc2c83bcd6abdcdf380b060271d8c27cafffdfe92e725e7e
                                                                • Opcode Fuzzy Hash: cef47ad94a8524b23c3b55ca13b9a14f862f4f76f789291d3bde506f314e6f26
                                                                • Instruction Fuzzy Hash: 6A3194A1F1850282EFB4AB2DE4792792390AF44BD1F585131DB2D477D5DF2CE886CB04
                                                                Function 00007FF8B8CD8330 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FF8B8CD8348
                                                                • int, xrefs: 00007FF8B8CD8446
                                                                • 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted, xrefs: 00007FF8B8CD83BC
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted$attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                • API String ID: 1450464846-2037488444
                                                                • Opcode ID: 1006a038ca7837f55bf567080db1d952f620b641b4547de6e2a8b337716dbb5f
                                                                • Instruction ID: c8ed4a6c86f5b76d73fc6b6a2f204253b42cfcc4f7ea39bcb714721e61bc6f47
                                                                • Opcode Fuzzy Hash: 1006a038ca7837f55bf567080db1d952f620b641b4547de6e2a8b337716dbb5f
                                                                • Instruction Fuzzy Hash: 4E3194A2B0854282EBB4AB2DE47D2792350FF48BD0F585531DB5D477D5DF2CE4868B08
                                                                Function 00007FF8B8CD62D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FF8B8CD635C
                                                                • attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FF8B8CD62E8
                                                                • int, xrefs: 00007FF8B8CD63E6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                                • API String ID: 1450464846-543361526
                                                                • Opcode ID: 1291b6d293bf1ed5ae64a56b00bf1b13860b617c90494c0dd0123d29bd04fbc4
                                                                • Instruction ID: 559ca9c3364dacb2bbc4f1aaa60fe4e0ffb671babaed3b2d6691819bc4fb27d2
                                                                • Opcode Fuzzy Hash: 1291b6d293bf1ed5ae64a56b00bf1b13860b617c90494c0dd0123d29bd04fbc4
                                                                • Instruction Fuzzy Hash: FD31C7B2B0850282EBB4AB2DE47C6B923A0AF44BD4F485131DB5D477D4DF2CE496CB04
                                                                Function 00007FF8B8CD86F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                • API String ID: 1450464846-4184598959
                                                                • Opcode ID: 342a4cd3f7d259d24aeb9a776a1e708ee513c6b05d4146dbb2a3107d3dc6b54c
                                                                • Instruction ID: af4f7f8ff546029a90f6bc8f4cb6d3b77fe976e38e8b881d169987c0f7a14452
                                                                • Opcode Fuzzy Hash: 342a4cd3f7d259d24aeb9a776a1e708ee513c6b05d4146dbb2a3107d3dc6b54c
                                                                • Instruction Fuzzy Hash: 863174A1F0850285EBF4AB2DE4B92792390EF44BD4F585531EB1D4B795DF2CE886CB08
                                                                Function 00007FF8B8CD66E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_suspicious_successive_range_count' of 'SuspiciousRange' undefined, xrefs: 00007FF8B8CD66F8
                                                                • 'SuspiciousRange' object attribute '_suspicious_successive_range_count' cannot be deleted, xrefs: 00007FF8B8CD676C
                                                                • int, xrefs: 00007FF8B8CD67F6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuspiciousRange' object attribute '_suspicious_successive_range_count' cannot be deleted$attribute '_suspicious_successive_range_count' of 'SuspiciousRange' undefined$int
                                                                • API String ID: 1450464846-916769388
                                                                • Opcode ID: 32c8cc5da1c5a4c53662f2a02eb56b9d7fcea26900f0b6a46b27aacae368bd4d
                                                                • Instruction ID: 39d56147c21b108cd77bb4ffe626303043a1f6b2442d2f12a327f404bf2f2ccc
                                                                • Opcode Fuzzy Hash: 32c8cc5da1c5a4c53662f2a02eb56b9d7fcea26900f0b6a46b27aacae368bd4d
                                                                • Instruction Fuzzy Hash: AD3192E1F0850682EBB4AB2DE4BD6782390AF44BD4F595131DB1D0A7D5DF2CE886CB44
                                                                Function 00007FF8B8CD5C90 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'UnprintablePlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'UnprintablePlugin' undefined$int
                                                                • API String ID: 1450464846-2596148235
                                                                • Opcode ID: 073f5d8d8577f69fc90c9a8fdde1e95b02313488756eee5ef187c2381a1a2916
                                                                • Instruction ID: cf47988b2120d40b6e74530fb26273eb28d7cdd2fb0b71dca3594f0ac5c7aed0
                                                                • Opcode Fuzzy Hash: 073f5d8d8577f69fc90c9a8fdde1e95b02313488756eee5ef187c2381a1a2916
                                                                • Instruction Fuzzy Hash: 813183A1F0850292EBB4AB2DE47D2B82360AF44BD4F584131DB5D07798DF2CE8868B14
                                                                Function 00007FF8B8CD7C80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'CjkInvalidStopPlugin' object attribute '_cjk_character_count' cannot be deleted$attribute '_cjk_character_count' of 'CjkInvalidStopPlugin' undefined$int
                                                                • API String ID: 1450464846-399339277
                                                                • Opcode ID: f2c272c237092df4c159db7bbb8ebb4d417ee1358fd08bf9141b406699d39ed6
                                                                • Instruction ID: adaf5f5da29c097345e952492253e057351886b87cde5bf593b9e64ae98ea8ad
                                                                • Opcode Fuzzy Hash: f2c272c237092df4c159db7bbb8ebb4d417ee1358fd08bf9141b406699d39ed6
                                                                • Instruction Fuzzy Hash: 173194A1B0850286EBB4AB2DE47D2B82350AF84BD4F685131DB6D077D9DF3DE486CB04
                                                                Function 00007FF8B8CD4EB0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted, xrefs: 00007FF8B8CD4F3C
                                                                • attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FF8B8CD4EC8
                                                                • int, xrefs: 00007FF8B8CD4FC6
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted$attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                • API String ID: 1450464846-1459665959
                                                                • Opcode ID: 524d028e614f50b41909a65e2b05ff1c14cbdfe08726ae935d08e3c758078267
                                                                • Instruction ID: d42dd286f0c263e671afff36eee27239c5087a45da4e48de546b3862e36df317
                                                                • Opcode Fuzzy Hash: 524d028e614f50b41909a65e2b05ff1c14cbdfe08726ae935d08e3c758078267
                                                                • Instruction Fuzzy Hash: 913185A1B0850292EBB4AB2DE4BD2786390AF44BD0F585131DB1D077E5DF2DE8868B04
                                                                Function 00007FF8B8CD72A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_count' cannot be deleted$attribute '_foreign_long_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-3135691889
                                                                • Opcode ID: 35cb3d4f2bd9c4a5d37c2cde372bddb3ca93a0b263ca3f3a2d664a0bc4599930
                                                                • Instruction ID: f1df7650833f4a15a01d6b0a0129cf5629df77e78af9f95410707f13b06c1fff
                                                                • Opcode Fuzzy Hash: 35cb3d4f2bd9c4a5d37c2cde372bddb3ca93a0b263ca3f3a2d664a0bc4599930
                                                                • Instruction Fuzzy Hash: F13196A2B08542C1EBB4AB1DE4B927823A0AF44BD0F685131DB2D47794DF3DE886CB04
                                                                Function 00007FF8B8CD8CA0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArabicIsolatedFormPlugin' object attribute '_isolated_form_count' cannot be deleted$attribute '_isolated_form_count' of 'ArabicIsolatedFormPlugin' undefined$int
                                                                • API String ID: 1450464846-4047731557
                                                                • Opcode ID: 1ec334efbc93af8a0daa537c9c947367f6496fe570f3d383ebc24800b9db443f
                                                                • Instruction ID: 360cf49a2a95cfad95846d30386e3499fe6a368850179b4d730c3e6a14ee9e2f
                                                                • Opcode Fuzzy Hash: 1ec334efbc93af8a0daa537c9c947367f6496fe570f3d383ebc24800b9db443f
                                                                • Instruction Fuzzy Hash: 633185A1B0850282EBB4AB1DE4792B823A0EF54BD4F584531DB5D077D4DF2DE4868B08
                                                                Function 00007FF8B8CD7640 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_bad_character_count' cannot be deleted$attribute '_bad_character_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-2709777744
                                                                • Opcode ID: 610f13cc42156de412b3f6d1ccc7dde81ee8bb81fe19c5e5436d4dfc6cd023cb
                                                                • Instruction ID: 35803edee3fda95e4c3d9cc33af676ade2c9253e8d70ae654fd671862f44a645
                                                                • Opcode Fuzzy Hash: 610f13cc42156de412b3f6d1ccc7dde81ee8bb81fe19c5e5436d4dfc6cd023cb
                                                                • Instruction Fuzzy Hash: 1A3183A1B0850282EBB5AB2DE4792B82390AF44BD4F685131DB2D077D4EF3DE4978B04
                                                                Function 00007FF8B8CD5870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManyAccentuatedPlugin' object attribute '_accentuated_count' cannot be deleted$attribute '_accentuated_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                                • API String ID: 1450464846-3693778415
                                                                • Opcode ID: 7f11271614b407e1cd5d041de6a849fa1ce6af29865a2d7861870a54299a5fe4
                                                                • Instruction ID: 822fa13ad6e037e326ecec1694318edcb2953cb211a199919b2fec899433e74e
                                                                • Opcode Fuzzy Hash: 7f11271614b407e1cd5d041de6a849fa1ce6af29865a2d7861870a54299a5fe4
                                                                • Instruction Fuzzy Hash: EF3174A2F0850282EBB4AB1DE8B92792350AF44BE0F585131DB6D477D5DF2CE8978B04
                                                                Function 00007FF8B8CD8470 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                • attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FF8B8CD8488
                                                                • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted, xrefs: 00007FF8B8CD84FC
                                                                • int, xrefs: 00007FF8B8CD8586
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted$attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                • API String ID: 1450464846-634379450
                                                                • Opcode ID: 3342e34050822ecdd092d2c1701ec675c9b80d10f8f017621af40ec443b25660
                                                                • Instruction ID: a769a5252babc1be824a755f6472acee562768a0ac38ea2039aeaed60dd7527e
                                                                • Opcode Fuzzy Hash: 3342e34050822ecdd092d2c1701ec675c9b80d10f8f017621af40ec443b25660
                                                                • Instruction Fuzzy Hash: 253196A1B0850282EFB4AB1DE47D27923A0EF44BD0F585531EB1D077D5EF2CE4968B08
                                                                Function 00007FF8B8CD7860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_buffer_accent_count' cannot be deleted$attribute '_buffer_accent_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-76466605
                                                                • Opcode ID: 20ea869bad6b8ed73006467498f91221eb8f9dd8b91723df2faa57ca20f3ad29
                                                                • Instruction ID: 6d2a267eeed4e671efff8cb39ebca00db8c9f7ed7327a7e18ba6cdeaeb06ec1b
                                                                • Opcode Fuzzy Hash: 20ea869bad6b8ed73006467498f91221eb8f9dd8b91723df2faa57ca20f3ad29
                                                                • Instruction Fuzzy Hash: 6C3183A2B0850282EBB4AB2DE47D2B92350AF44BD0F685131DB6D077D5DF3DE496CB08
                                                                Function 00007FF8B8CD6820 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuspiciousRange' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuspiciousRange' undefined$int
                                                                • API String ID: 1450464846-3882440367
                                                                • Opcode ID: edf70cb319030b3d86d441b19e0745afc740f480ca4045dac8bdcfc512da58eb
                                                                • Instruction ID: a725ce21d4430427f0042053d0647fc4ca4df4485bf83f2f5d9356872f3c5399
                                                                • Opcode Fuzzy Hash: edf70cb319030b3d86d441b19e0745afc740f480ca4045dac8bdcfc512da58eb
                                                                • Instruction Fuzzy Hash: B131A3A1B0850282EBF4AB1DE87D67823A0AF44BD4F584131DB5D07794EF2CE486CB04
                                                                Function 00007FF8B8CD7020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_word_count' cannot be deleted$attribute '_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                • API String ID: 1450464846-1212817586
                                                                • Opcode ID: 16b82e3689da71a62fdb9f4fcb28de3a703054875de315429c3694e8e6cd4c3d
                                                                • Instruction ID: 32f7ba132d68e2b6ddda3442e6f277fb4a75863c9a704cf2034bb34dc621819f
                                                                • Opcode Fuzzy Hash: 16b82e3689da71a62fdb9f4fcb28de3a703054875de315429c3694e8e6cd4c3d
                                                                • Instruction Fuzzy Hash: DA3163A1F0850282EBB4AB2DE4B92792350AF44BD4F685131DB2D077D5DF3DE886CB04
                                                                Function 00007FF8B8CDDED0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t$ContainsNumber_Object_Set_Vectorcall
                                                                • String ID: bool$feed
                                                                • API String ID: 3415927029-2849697477
                                                                • Opcode ID: eb45302e3cef5080e95074768180575d99dfa37b4141d0cc9422c2bb42ee7491
                                                                • Instruction ID: b8e03207f249c9ecd077eb3f57aa50130273351548972f2b39ea4c896a931714
                                                                • Opcode Fuzzy Hash: eb45302e3cef5080e95074768180575d99dfa37b4141d0cc9422c2bb42ee7491
                                                                • Instruction Fuzzy Hash: 224121A1E18A4283EBB1AF1DF46927A63A0EF447C5F445035DB5D07B59DF2CF4428B18
                                                                Function 00007FF8B8CD6CF0 Relevance: 10.6, APIs: 7, Instructions: 82COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID:
                                                                • API String ID: 3617616757-0
                                                                • Opcode ID: 527074c6cd195ab482c56603e858959c90a590d2c84401fac90cb2060dcc2367
                                                                • Instruction ID: ece963cb82e0f21680601544e6d0335c89601dffa42348e214291f5f5fa769a5
                                                                • Opcode Fuzzy Hash: 527074c6cd195ab482c56603e858959c90a590d2c84401fac90cb2060dcc2367
                                                                • Instruction Fuzzy Hash: 2341D9B6908A0181EBB55F3CE86C76822A0AF55BBDF140335CB79451D4CF7DA886C784
                                                                Function 00007FF8B93C3980 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Module_Py_hashtable_destroyState
                                                                • String ID:
                                                                • API String ID: 3151084188-0
                                                                • Opcode ID: aec7e81a30017dfb9860732021c0e12118c16824c1734b799b247b0a465272df
                                                                • Instruction ID: d97d6e362511cb60a6c11366f41a182ec095d40fc6577de0f67a2caf1921ecbd
                                                                • Opcode Fuzzy Hash: aec7e81a30017dfb9860732021c0e12118c16824c1734b799b247b0a465272df
                                                                • Instruction Fuzzy Hash: F831163690EF8282EB6A8F2D985417A72B4EF4CFD5B286530CB4E06651CF3EA459C350
                                                                Function 00007FF8B8CD5630 Relevance: 10.6, APIs: 7, Instructions: 51threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 2819143443-0
                                                                • Opcode ID: 1c16e7615a0f82207d80faaa12bf775c49de3bd6999ef687b31fc543c5e7b3c6
                                                                • Instruction ID: 6776ddcbc9b1bd1f21c8efa5cd55f435bce6341d01bf166e2c33cf361027f64d
                                                                • Opcode Fuzzy Hash: 1c16e7615a0f82207d80faaa12bf775c49de3bd6999ef687b31fc543c5e7b3c6
                                                                • Instruction Fuzzy Hash: FE2100B590860282EBB59F39956C33822A0EF54FEAF154230DB2D467E4CF7CE8478B44
                                                                Function 00007FF8B8B31F4C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for delta filter$|OO&
                                                                • API String ID: 3027669873-2010576982
                                                                • Opcode ID: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction ID: 45f678ad8b1da172df7c28cae4b9a92573c3ea467e08e326020a94f4e897c00b
                                                                • Opcode Fuzzy Hash: 8f6d3e53a03bcdfc1a1c4549eb233bcc7dd316073f513c0d7cf3946cf18a22e7
                                                                • Instruction Fuzzy Hash: D8110575A89A0396EB008B39E8541AD73B8FB48B95F508136DB0D43360DF7DE40BC759
                                                                Function 00007FF8B8B31EC0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$Arg_CallocKeywords_Mem_MemoryParseSizeStringTuple
                                                                • String ID: Invalid filter specifier for BCJ filter$|OO&
                                                                • API String ID: 3027669873-3728029529
                                                                • Opcode ID: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction ID: e2c8cba06e13693c27df03165496e5eae38f1afce54ac675030f48d5800c7414
                                                                • Opcode Fuzzy Hash: c99a539e3f84903be04565e407b851ab502a56b26a5fb183a3bd791a404fbe6a
                                                                • Instruction Fuzzy Hash: 7A011375A88B0296EB00CB39E8441AD33A8FB48B81F500032EB0D43360EF7CE40BC359
                                                                Function 00007FF8B8CD2CB0 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_FromSsize_t.PYTHON312 ref: 00007FF8B8CD2D16
                                                                • PyLong_FromSsize_t.PYTHON312 ref: 00007FF8B8CD2D42
                                                                • PyNumber_Remainder.PYTHON312 ref: 00007FF8B8CD2D5F
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FF8B8CD2D76
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FF8B8CD2D8A
                                                                • _Py_Dealloc.PYTHON312 ref: 00007FF8B8CD2DE4
                                                                  • Part of subcall function 00007FF8B8CD3590: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD3599
                                                                  • Part of subcall function 00007FF8B8CD3590: fprintf.MSPDB140-MSVCRT ref: 00007FF8B8CD35A9
                                                                  • Part of subcall function 00007FF8B8CD3590: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35B3
                                                                  • Part of subcall function 00007FF8B8CD3590: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35BC
                                                                  • Part of subcall function 00007FF8B8CD3590: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8CD28DB), ref: 00007FF8B8CD35C2
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t__acrt_iob_func$Number_Remainderabortfflushfprintf
                                                                • String ID:
                                                                • API String ID: 1333916573-0
                                                                • Opcode ID: 1ff0950ba76d1fb5de8f3a40737609fc14ed6e45cecf514f6e3c309322584276
                                                                • Instruction ID: 490d343d0f68f1e2a40b83a91c2d903e76380dba07bf437b1896dc6a3693cb92
                                                                • Opcode Fuzzy Hash: 1ff0950ba76d1fb5de8f3a40737609fc14ed6e45cecf514f6e3c309322584276
                                                                • Instruction Fuzzy Hash: BF4193B1A0854352EBB55F1DA5682386290AF48BE1F484130DF6D477D8DF2CF843CB08
                                                                Function 00007FF8B8CD2B70 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t$MultiplyNumber_
                                                                • String ID:
                                                                • API String ID: 3214704217-0
                                                                • Opcode ID: e441c8e1654ce7b2f422eefc1750921705619e20d6a3389d9b7057bf79d9000f
                                                                • Instruction ID: 77bd6e4866743454730cd940dc1c1b187af7cd109ab4be13157b63f1eaa4d4e2
                                                                • Opcode Fuzzy Hash: e441c8e1654ce7b2f422eefc1750921705619e20d6a3389d9b7057bf79d9000f
                                                                • Instruction Fuzzy Hash: AD3145B1A0960392FBB45F1DA5683786290AF85BE5F085130DB2E477D8DF6CF8538B08
                                                                Function 00007FF8B8CD2920 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t$Number_
                                                                • String ID:
                                                                • API String ID: 4245833954-0
                                                                • Opcode ID: ae72d080b4b55a948d5582023073e92d7aff9d277a6dfd1cb9816ae3c140e2c2
                                                                • Instruction ID: 12b0852a6b6ebba2db445e4b0ffbfc41f464e1df6eed3f85382b16871be28d18
                                                                • Opcode Fuzzy Hash: ae72d080b4b55a948d5582023073e92d7aff9d277a6dfd1cb9816ae3c140e2c2
                                                                • Instruction Fuzzy Hash: 473172B2A08A4396EBB45F1995782786290EF44BE5F045130DB6D067D9DF2CF4438B04
                                                                Function 00007FF8B8CD2A50 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$FromLong_Ssize_t$Number_Subtract
                                                                • String ID:
                                                                • API String ID: 2424657569-0
                                                                • Opcode ID: aeebb34f4fc22b334b36647e21926670cdad37f7e6ebb6e2507bbb1c10b61d03
                                                                • Instruction ID: 0699e2c6fd938e7e15ef26fcc511a8782a07231637b647116b4621c8249712ea
                                                                • Opcode Fuzzy Hash: aeebb34f4fc22b334b36647e21926670cdad37f7e6ebb6e2507bbb1c10b61d03
                                                                • Instruction Fuzzy Hash: 7D31B072A08A43A2EBB49F19E46837963A0EF48BD1F445031DF1E07799DF6CF4428B08
                                                                Function 00007FF8B93C3810 Relevance: 9.1, APIs: 6, Instructions: 59COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Mem_Py_hashtable_set$FreeMallocPy_hashtable_destroyPy_hashtable_new_full
                                                                • String ID:
                                                                • API String ID: 3987031744-0
                                                                • Opcode ID: 521a36c4736dcf530351517d68e1637d5f594c99e23ced191db7d41f4f9a780d
                                                                • Instruction ID: 13cc97be8012798d24d692a5185c92cc6bddd35ab2847b32335483053a6a164b
                                                                • Opcode Fuzzy Hash: 521a36c4736dcf530351517d68e1637d5f594c99e23ced191db7d41f4f9a780d
                                                                • Instruction Fuzzy Hash: 4121D526A1DF8692EA119F29D9043BAA3B0FF58BC4F046135CF4E12664DF2CE59DC300
                                                                Function 00007FF8B8B30970 Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_FromUnsignedLongLong.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B30988
                                                                • PyUnicode_InternFromString.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B30999
                                                                • PyDict_SetItem.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B309B4
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B35CBE
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00007FF8B8B3086D,?,?,?,00007FF8B8B3081A,?,?,?,?,?,00007FF8B8B307A5), ref: 00007FF8B8B35CD7
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromLong$Dict_InternItemLong_StringUnicode_Unsigned
                                                                • String ID:
                                                                • API String ID: 252187852-0
                                                                • Opcode ID: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction ID: 67e656920fc49cb14d7912c7fb60a5cdb20beae0fdcb0fd377dbee40b1ee8962
                                                                • Opcode Fuzzy Hash: 4407cb7e2ae5907235722564fec9c5a3f52f4cf3bc80c1b274a729e09646330d
                                                                • Instruction Fuzzy Hash: A7114F31E8CA4282FE154B3DA91423D7290AF49BD5F085131DB4E52794DF7CE847C309
                                                                Function 00007FF8B93C2A60 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EVP_MD_CTX_copy.LIBCRYPTO-3(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C2A85
                                                                • PyThread_acquire_lock.PYTHON312(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C2AA8
                                                                • PyThread_release_lock.PYTHON312(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C2AB7
                                                                • PyEval_SaveThread.PYTHON312(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C543C
                                                                • PyThread_acquire_lock.PYTHON312(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C544E
                                                                • PyEval_RestoreThread.PYTHON312(?,?,00000000,00007FF8B93C284C), ref: 00007FF8B93C5457
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lock$RestoreSaveThread_release_lockX_copy
                                                                • String ID:
                                                                • API String ID: 1756194536-0
                                                                • Opcode ID: a4ee6c14de5c42901d50f3f27420606cf0550f6fc93f8eeac909ef395a64bc57
                                                                • Instruction ID: d399f53689ff432b0734ba95421b8ebf078c0de2970958888f9fb37055d2b1f7
                                                                • Opcode Fuzzy Hash: a4ee6c14de5c42901d50f3f27420606cf0550f6fc93f8eeac909ef395a64bc57
                                                                • Instruction Fuzzy Hash: 8B01CC25A0CF8282EA249F6AA59413A2371BF9CFD5F146431EE0F43764DE3CD4598741
                                                                Function 00007FF8B8CD3080 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String$Unicode_
                                                                • String ID: Python int too large to convert to C ssize_t$string index out of range
                                                                • API String ID: 2250126396-644864186
                                                                • Opcode ID: e36458edd2254e28eaa8631afe286072e5f7bd0a67a5b6a46e6ef0c44dcb495f
                                                                • Instruction ID: 8b7a93a00d60255c8b65140f8cb86765d24babc75d916d38b4229360c73c64ce
                                                                • Opcode Fuzzy Hash: e36458edd2254e28eaa8631afe286072e5f7bd0a67a5b6a46e6ef0c44dcb495f
                                                                • Instruction Fuzzy Hash: 7341B7A6B0550282EFB49F2ED4A52B927A0FBC8B84FC81075CB4E43791DF2DD546CB04
                                                                Function 00007FF8B8B30A68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PySequence_Size.PYTHON312(00000000,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30A94
                                                                • PySequence_GetItem.PYTHON312(?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30AC7
                                                                  • Part of subcall function 00007FF8B8B30B5C: PyMapping_Check.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30B81
                                                                  • Part of subcall function 00007FF8B8B30B5C: PyMapping_GetItemString.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30B9B
                                                                  • Part of subcall function 00007FF8B8B30B5C: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30BB0
                                                                  • Part of subcall function 00007FF8B8B30B5C: PyErr_Occurred.PYTHON312(?,?,?,00000028,00007FF8B8B30AE3,?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B30BC7
                                                                • PyErr_Format.PYTHON312(?,00000000,00007FF8B8B30A18), ref: 00007FF8B8B35D09
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_ItemLongMapping_Sequence_$CheckFormatLong_OccurredSizeStringUnsigned
                                                                • String ID: Too many filters - liblzma supports a maximum of %d
                                                                • API String ID: 1062705235-2617632755
                                                                • Opcode ID: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction ID: 693caa505497fe398eb64e493f4f4f6a5fc286e553682f6862806f1e5a37556f
                                                                • Opcode Fuzzy Hash: ccf5a64d07049f618c25ab74cbb4974c3106e7c7554985af56aab865a0a260af
                                                                • Instruction Fuzzy Hash: 54316721B88A1285EE649B3AA8002397690AF45BF8F184331DF3D177D5EF3CE0438708
                                                                Function 00007FF8B8CD2F90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: division by zero
                                                                • API String ID: 1450464846-3764743415
                                                                • Opcode ID: 1f310e5c3776cb982e72da88537671f8547cf76eb46f26856b816b508ecd4924
                                                                • Instruction ID: 65f52c46a005876033e20797e4a546f63608f29e1fd5a8c881d48f14d7bcf5f6
                                                                • Opcode Fuzzy Hash: 1f310e5c3776cb982e72da88537671f8547cf76eb46f26856b816b508ecd4924
                                                                • Instruction Fuzzy Hash: 5A219CA1B0990246EBB59B3DA56817452519F54BE0F1C5730DB3E067D9EF2CF8928708
                                                                Function 00007FF8B8B320DC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$FormatOccurred
                                                                • String ID: Invalid compression preset: %u$Invalid filter chain for FORMAT_ALONE - must be a single LZMA1 filter
                                                                • API String ID: 4038069558-4068623215
                                                                • Opcode ID: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction ID: 418fc56c625e7e527b08a6ea3fbd6d6e18f9eeafae2bcaeb17558fdeb699b784
                                                                • Opcode Fuzzy Hash: 42de15237a213d44223ebd833c4df5f098df34b0787ac9d39a2d3eb57667bed4
                                                                • Instruction Fuzzy Hash: 94217F11A9CE4791EE219B3DE94137A2360BF8ABE5F401235DB5E472E6DF2CE5078708
                                                                Function 00007FF8B8CE2EFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: 4b12f555bacad9522f59093536ead85a57240267a6d3aa3ff40fce1b0501a7e8
                                                                • Instruction ID: f1592847a17c4f7ad6699687d5730b18f203e298f2dfef28c3e49d726d8293ff
                                                                • Opcode Fuzzy Hash: 4b12f555bacad9522f59093536ead85a57240267a6d3aa3ff40fce1b0501a7e8
                                                                • Instruction Fuzzy Hash: 1631C0B5A08B4782E7A09B5DB86857433A4BB48BC6F444436DA6D47B68DF3CF4538708
                                                                Function 00007FF8B8CE326D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: 1860a7d5ba5a0637c41751a3ce46a500ea5aac3d17db15aaa5db88cbc2a32e66
                                                                • Instruction ID: bdfa7352180488b9b9873f9230e59fce7c25450dfc09496e70b6ec646d2e7d6c
                                                                • Opcode Fuzzy Hash: 1860a7d5ba5a0637c41751a3ce46a500ea5aac3d17db15aaa5db88cbc2a32e66
                                                                • Instruction Fuzzy Hash: 5831E6F5E09B4A82E7909B19B86857433A4BF08BD2F404436DA6D47B64EF3CB552C748
                                                                Function 00007FF8B8CE2701 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: 3f2332356931184e6501015defa88c1d245f7b25bfe9b71bbf2c72ea6a00fa8a
                                                                • Instruction ID: b793b54154ad411e68381524b35da95cacd87e7dafe0ca6975f1b26b1ce2c2e8
                                                                • Opcode Fuzzy Hash: 3f2332356931184e6501015defa88c1d245f7b25bfe9b71bbf2c72ea6a00fa8a
                                                                • Instruction Fuzzy Hash: 3E31C2B5A08B4782FBA09F09E8A826423A5BF087C2F440535DA2D07A64DF3CB456C748
                                                                Function 00007FF8B8CE2BD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: faebbaeb77ca0f4f516b262e93004c19f89b7d84595a6b1439bf542028db819b
                                                                • Instruction ID: 4d94f111ff83de5edb6d6f92c6065dd5299d4331b985e83dee05609b0ea73d66
                                                                • Opcode Fuzzy Hash: faebbaeb77ca0f4f516b262e93004c19f89b7d84595a6b1439bf542028db819b
                                                                • Instruction Fuzzy Hash: 6E21E4F5E08B4386FB909F09A8B817423A5BF09BD2F441439DA2D07B64EF3CB5568348
                                                                Function 00007FF8B8CE2D67 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: 75194c0cbc9a507f0b92e1b34c94570ff1e2da8f97792c352aaccb42d87fe693
                                                                • Instruction ID: f7f9cb9d34c95b38cc4db0b0a8e30787e92a91241db2411df824ba6a750aea7a
                                                                • Opcode Fuzzy Hash: 75194c0cbc9a507f0b92e1b34c94570ff1e2da8f97792c352aaccb42d87fe693
                                                                • Instruction Fuzzy Hash: D921C6F5E09B5782EBA19F09B86817423A5BF04BC2F444435DA2D07B64DF3CB5568748
                                                                Function 00007FF8B8CE30DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: ecdd50443da1972dac5f7d239e36a52e9dfd88a895bebb8cd24304ee5dc28952
                                                                • Instruction ID: b62df1b10067307eebfee21f04443c810c5bf24e3330c929650fe91214e404d4
                                                                • Opcode Fuzzy Hash: ecdd50443da1972dac5f7d239e36a52e9dfd88a895bebb8cd24304ee5dc28952
                                                                • Instruction Fuzzy Hash: 9F21D4F5E08B4282FBA19B19B8AC1B422A5BF04BD2F445439CA2D07B64DF3CB5568348
                                                                Function 00007FF8B8CE28B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: a16e5229b7237972c2ee806c9dd78c651fb2e9dfacde5010816b5e6c7d31e686
                                                                • Instruction ID: a094998c1477cfa030a20be3b68b9414a47cef23618e528bb866ea2578722fdc
                                                                • Opcode Fuzzy Hash: a16e5229b7237972c2ee806c9dd78c651fb2e9dfacde5010816b5e6c7d31e686
                                                                • Instruction Fuzzy Hash: 8F21F6F5E09B4782FBA49F19B82827423A9BF04BC2F441435DA6D07A64DF3CB516C348
                                                                Function 00007FF8B8CE2A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: e4eff726a2b882ab3716e79be69498aa5b1f0e510f484dcc5ac300c35e7575a4
                                                                • Instruction ID: f261f3ac455f07cfeb475f1c97a42f3ec4ba745f51c274fa5c630f0bb0a016de
                                                                • Opcode Fuzzy Hash: e4eff726a2b882ab3716e79be69498aa5b1f0e510f484dcc5ac300c35e7575a4
                                                                • Instruction Fuzzy Hash: 1221D4F5E09B5782FBA19F1DA86827422A5BF08BD2F444435DA2D07A64DF3CB512C748
                                                                Function 00007FF8B8CE3434 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$AttrObject_PackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4195104747-217463007
                                                                • Opcode ID: ee343125aa57c54faf244a34e48bc46db9da3b9588f8e1c1ef8b5bbee5cf8946
                                                                • Instruction ID: a861566108f4c2fe98664e1e51ed8efef312d05c7eb24495d76fc16babd59225
                                                                • Opcode Fuzzy Hash: ee343125aa57c54faf244a34e48bc46db9da3b9588f8e1c1ef8b5bbee5cf8946
                                                                • Instruction Fuzzy Hash: 6721E7F5E09B4682FBA19F1DB8681B423A5BF04BD2F484435CA2D07B64DF3CB5568748
                                                                Function 00007FF8B8CE2E6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>$>
                                                                • API String ID: 4228545439-4024159097
                                                                • Opcode ID: 4e122b1be13b90b9fde975fa5c7cafe2c707fcb1664262955b8b1ef10f53763c
                                                                • Instruction ID: 64fbd3dfcb0e2d61d08dab0815796049e30c81a54a27ec73885bd0e199b151bf
                                                                • Opcode Fuzzy Hash: 4e122b1be13b90b9fde975fa5c7cafe2c707fcb1664262955b8b1ef10f53763c
                                                                • Instruction Fuzzy Hash: A001E5E6A09A1382FBA55F1CE8682792261AF44BD3F445035DB2E07794DF3DB8838308
                                                                Function 00007FF8B93C3A90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_do_all_providedDeallocFrozenModule_ObjectSet_
                                                                • String ID: openssl_md_meth_names
                                                                • API String ID: 4100423519-1600430994
                                                                • Opcode ID: 5b6e10f2f0a00b63709425fc6a0d031263158d93ab584c08f44f7e0f9b367ce1
                                                                • Instruction ID: 7b874dbe27c7516141baff5dfb00be1fb67acb398a75d2b86e910220fceb80db
                                                                • Opcode Fuzzy Hash: 5b6e10f2f0a00b63709425fc6a0d031263158d93ab584c08f44f7e0f9b367ce1
                                                                • Instruction Fuzzy Hash: 91011A35A0DF8282EA244F69A8452BB63B0FF4C7E8F442135DB4E426A0DF7EE15D8740
                                                                Function 00007FF8B93C3B00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_$Err_ExceptionObjectState
                                                                • String ID: UnsupportedDigestmodError$_hashlib.UnsupportedDigestmodError
                                                                • API String ID: 2341384915-1819944972
                                                                • Opcode ID: 8d7e47158559cdaf1961b8e5f2372ac4fa5e889ca1a750e22932b2a78fd80280
                                                                • Instruction ID: 99b35d3efac605fec9a16e8f4ede2b451d38402f132b0b580cb3832ab1b7fb3d
                                                                • Opcode Fuzzy Hash: 8d7e47158559cdaf1961b8e5f2372ac4fa5e889ca1a750e22932b2a78fd80280
                                                                • Instruction Fuzzy Hash: C9F01D61709F8282EA158F2EE44517A23B0EF0CBE4B546235EF1E467A4DF2DE5988740
                                                                Function 00007FF8B9061050 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174014272.00007FF8B9061000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9060000, based on PE: true
                                                                • Associated: 00000003.00000002.2173996919.00007FF8B9060000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174033510.00007FF8B9062000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174052648.00007FF8B9064000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b9060000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Import$Capsule_DeallocImport_Module
                                                                • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                • API String ID: 1394619730-824592145
                                                                • Opcode ID: 7acd460ead8a0415d8ca6a34401a615caf6aaf7cbb401ab06b18a46d6c3284b6
                                                                • Instruction ID: 21b1aeb1ba3e954439f2444968171c7dc3f04a597076cac398ad7b93fed5f145
                                                                • Opcode Fuzzy Hash: 7acd460ead8a0415d8ca6a34401a615caf6aaf7cbb401ab06b18a46d6c3284b6
                                                                • Instruction Fuzzy Hash: FAE0E521E0E6C2C5FE99DF2D9C4427432A4AFA8B80F858434C70D862A1EF7CE59B8710
                                                                Function 00007FF8B8CD2ED0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocFromLong_Ssize_t$BoolCompareObject_Rich
                                                                • String ID:
                                                                • API String ID: 4107546884-0
                                                                • Opcode ID: 48720d78ba32745252a3d04257a9edec78878515a75e68daf766dae4164bca8c
                                                                • Instruction ID: 7c3276ae3d6815b8400f24116d01abc7604a7aa1b339e892320c32cf15f07805
                                                                • Opcode Fuzzy Hash: 48720d78ba32745252a3d04257a9edec78878515a75e68daf766dae4164bca8c
                                                                • Instruction Fuzzy Hash: 8D214FB2A0865352E7B45F2D992C3386290AF45BF1F484A30EB39467D8DF2CF8528B04
                                                                Function 00007FF8B93C2940 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                • String ID:
                                                                • API String ID: 2202598743-0
                                                                • Opcode ID: 502dd0dfe24ab60e842bf1a2f6b32b2ae5cc06be7c8f8d54d9e2ba460c1497fc
                                                                • Instruction ID: 3b958894cce37894690965d3e2f43475f3c28fd852c57580648c884131f16eb0
                                                                • Opcode Fuzzy Hash: 502dd0dfe24ab60e842bf1a2f6b32b2ae5cc06be7c8f8d54d9e2ba460c1497fc
                                                                • Instruction Fuzzy Hash: 47211B31A0DF8281EA548F19A44427A62A1BF4DBE4F586234EF6E067D5EF7CE5198700
                                                                Function 00007FF8B93C2770 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Arg_DeallocErr_IndexKeywordsLong_Number_OccurredSsize_tUnpack
                                                                • String ID:
                                                                • API String ID: 2202598743-0
                                                                • Opcode ID: 116d2d3ca40361578d9d1c7930a1da52d128bd085d65b0db78c617fbe96dbb94
                                                                • Instruction ID: ad822d26ebf77e53e65819e8991ca9520321205c2c39c1cc6f3dd7dedcdfe780
                                                                • Opcode Fuzzy Hash: 116d2d3ca40361578d9d1c7930a1da52d128bd085d65b0db78c617fbe96dbb94
                                                                • Instruction Fuzzy Hash: 01211D31A0DF8282EA509F19A88427A62A0BF4DBE0F485334DF6E067D5DF3CE5098700
                                                                Function 00007FF8B8CD8010 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID:
                                                                • API String ID: 3617616757-0
                                                                • Opcode ID: 02352599f705a3241e88950aa0469c59beaf4792bcb6d3889a9a60b667567bda
                                                                • Instruction ID: 65cc16cca1d31cd186b0ff73ae71ce279f033208609177d495ffbb0632edccfc
                                                                • Opcode Fuzzy Hash: 02352599f705a3241e88950aa0469c59beaf4792bcb6d3889a9a60b667567bda
                                                                • Instruction Fuzzy Hash: 2E31C8B6909A0182E7B56F3CA46C37832A4EB44BB9F145734CB39451D5CF7EB8868B0C
                                                                Function 00007FF8B8B3314C Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Module_State
                                                                • String ID:
                                                                • API String ID: 3434497292-0
                                                                • Opcode ID: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction ID: da2f96a446c7888743511e8c60114bb43b1933f6e8ef4721ac881c668e549b93
                                                                • Opcode Fuzzy Hash: db67306de73857620c4aba995a460db50807d40a919903c7b44c58eb7544d94b
                                                                • Instruction Fuzzy Hash: 0F21D777D9EE0685FB6B4F79E85833A22A0AF49B89F184434C70E46190CF7DA4468359
                                                                Function 00007FF8B8CD4990 Relevance: 7.5, APIs: 5, Instructions: 29threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                • String ID:
                                                                • API String ID: 3074927763-0
                                                                • Opcode ID: 827b1114b3bde6b7782323d29114232b68231d63ae6a03841d0d76945457bef3
                                                                • Instruction ID: aa78aeb93284fc20430924a92744cffd5bf36ba5c83e6839d15e8b6ab9079e9c
                                                                • Opcode Fuzzy Hash: 827b1114b3bde6b7782323d29114232b68231d63ae6a03841d0d76945457bef3
                                                                • Instruction Fuzzy Hash: BFF012A5B0864382EBA55B5BB96C1395265BF48FD6F485034CB2D07618DF2CE456C704
                                                                Function 00007FF8B8CD6AB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.SuperWeirdWordPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-371468285
                                                                • Opcode ID: 98918f0986896f26525c7bd9e5b43f4031bd6749c4d76523467727f76d4c2467
                                                                • Instruction ID: a6eea38f8bd39376cdf716c4b80a555e8e347c2423c228a87e81b14347eeca4f
                                                                • Opcode Fuzzy Hash: 98918f0986896f26525c7bd9e5b43f4031bd6749c4d76523467727f76d4c2467
                                                                • Instruction Fuzzy Hash: 6C4129B2A08B4182E7A4CF29E85836973A0FB48BC8F544135CB5C47768EF7DE496C748
                                                                Function 00007FF8B8CD7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.ArchaicUpperLowerPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-353558827
                                                                • Opcode ID: d9e477cc0f5dbe889ee029430d6b8f0b420a3cfa5d140793ed0a56d7501aa99d
                                                                • Instruction ID: e5f002b492f12761b54be50394da1e54128bc0ced73fde69a7e47471f422ae00
                                                                • Opcode Fuzzy Hash: d9e477cc0f5dbe889ee029430d6b8f0b420a3cfa5d140793ed0a56d7501aa99d
                                                                • Instruction Fuzzy Hash: 25313DB2608B4186E7A08F2DE86836973A4FB48BC8F540435DB5C47759EF7DE852C748
                                                                Function 00007FF8B8CD4AB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.TooManySymbolOrPunctuationPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-3280324660
                                                                • Opcode ID: a1ddc10de017addce63480acb8cb0cb49846706b3ca5f678430c59beec134696
                                                                • Instruction ID: d85e50e230260203bf6698b45129eb57ed3896cc880832193e232cbc30e551c4
                                                                • Opcode Fuzzy Hash: a1ddc10de017addce63480acb8cb0cb49846706b3ca5f678430c59beec134696
                                                                • Instruction Fuzzy Hash: FB314BB1A09A4286E7A08F2DE86836573A4FB48BC8F540435CB5C47758DF3DE852C748
                                                                Function 00007FF8B8CD6560 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.SuspiciousRange$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-880397153
                                                                • Opcode ID: 49407b564c236b4001e082ae6d16e11313c9b7c79a02ae8e4e4803c904df55db
                                                                • Instruction ID: 4b57ffcc003531e8fb833e916f32aa28da01a8e6c85b77fc25e08c7f3c5bdaa9
                                                                • Opcode Fuzzy Hash: 49407b564c236b4001e082ae6d16e11313c9b7c79a02ae8e4e4803c904df55db
                                                                • Instruction Fuzzy Hash: 1C3152B1A08A4186EBA0DF1DE46826573A0FF48BC4F544435CB5C47758DF3DE552C748
                                                                Function 00007FF8B8CD5E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.SuspiciousDuplicateAccentPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-1506521901
                                                                • Opcode ID: c9011ee015d9b478a68b666d2386e0bc45b2be7c5bf24e43dd3277610430b050
                                                                • Instruction ID: 62ef7a72ab4a677c497c776a5664d69e428e0549ab7cf3ab38b31fb5521e64ec
                                                                • Opcode Fuzzy Hash: c9011ee015d9b478a68b666d2386e0bc45b2be7c5bf24e43dd3277610430b050
                                                                • Instruction Fuzzy Hash: 3E3170B1A08A4286E7A0DF1DE86826573A0FF48BC4F940431CB5C47758EF3DE952C708
                                                                Function 00007FF8B8CD79F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.CjkInvalidStopPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-2610960353
                                                                • Opcode ID: 76a7a677629842859978aaa54d4c908ac2703a6c097ce1729baa8608753adc48
                                                                • Instruction ID: 9697d7a6a8d9bbbea52f2bce1d1153c5c90eee698bd0a6bbe3f1539bf2b91b4d
                                                                • Opcode Fuzzy Hash: 76a7a677629842859978aaa54d4c908ac2703a6c097ce1729baa8608753adc48
                                                                • Instruction Fuzzy Hash: 64312FB1A09A4282EBA0DF1DE86826563A0FB48BC8F544432DB6C47758EF3DE552C748
                                                                Function 00007FF8B8CD5450 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.TooManyAccentuatedPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-2999409259
                                                                • Opcode ID: 46a8908cafe4df30933cc1bf2f0944172b9d1b0b9ac90932bbe1890628880787
                                                                • Instruction ID: e7eb68b5fa5cbe919005c9fea7e3061d07c1470c8fbfc98ff06431419c255a70
                                                                • Opcode Fuzzy Hash: 46a8908cafe4df30933cc1bf2f0944172b9d1b0b9ac90932bbe1890628880787
                                                                • Instruction Fuzzy Hash: 183184B1A08A0282EBA0CF1DE82826573A1FF48BC4F540431DB5C47768EF3DE952C748
                                                                Function 00007FF8B8CD8A10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.ArabicIsolatedFormPlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-1141011871
                                                                • Opcode ID: b59ea239b0ded2da1d7d86f123c67e001364e70b8c495ebd1fe9a254676c74a7
                                                                • Instruction ID: f4a98439801daf4e2343ac8960be2c13f6d01a466889cc7a6723c734c48749a7
                                                                • Opcode Fuzzy Hash: b59ea239b0ded2da1d7d86f123c67e001364e70b8c495ebd1fe9a254676c74a7
                                                                • Instruction Fuzzy Hash: 2E312FB1A09B4682EBA09F2DE86826563A0FF48BC8F544431DF5C47768EF3DE552C748
                                                                Function 00007FF8B8CD5A00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: __init__$charset_normalizer.md.UnprintablePlugin$interpreted classes cannot inherit from compiled
                                                                • API String ID: 1450464846-116036081
                                                                • Opcode ID: 571f9f9e96768ffb2ac53c4efc93ddbf52cbfab833ec0306282c52c0bf4d27d3
                                                                • Instruction ID: ff34f55d84260870a65fc483738a920f0bca6556bf7eaf9384ab875b86c9dc37
                                                                • Opcode Fuzzy Hash: 571f9f9e96768ffb2ac53c4efc93ddbf52cbfab833ec0306282c52c0bf4d27d3
                                                                • Instruction Fuzzy Hash: 903123B1A08A5282E7A0DB1DE46827563A0FF48BC8F544431DB5C47B58EF7DE952C748
                                                                Function 00007FF8B8CD9150 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: SubtypeType_
                                                                • String ID: charset_normalizer.md.MessDetectorPlugin$eligible$str
                                                                • API String ID: 2891779845-1291782451
                                                                • Opcode ID: 7f0862f8ed2a2bf7f8ea4440bfcb9bd23f6d9e60511077b2f04859b75fbf1be2
                                                                • Instruction ID: a967a249d3a52d20616184ad89c3b342f8f9226278d0752da755d492799503ac
                                                                • Opcode Fuzzy Hash: 7f0862f8ed2a2bf7f8ea4440bfcb9bd23f6d9e60511077b2f04859b75fbf1be2
                                                                • Instruction Fuzzy Hash: BB118EE5B0864682EBB0AF5DE8A81B563A0AF45BC1F844032CB1D47794DF2CE857C708
                                                                Function 00007FF8B8CD69A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: 'SuspiciousRange' object attribute '_last_printable_seen' cannot be deleted$str or None
                                                                • API String ID: 1259552197-1971554219
                                                                • Opcode ID: a918d477a285616c2c2e4df8314c3c17314b771cecf0fb593c970a7c657b72bd
                                                                • Instruction ID: c6db533602c845af1c06b09d40c6ac24b5e3e6a9ec64d53de8c94972d54981eb
                                                                • Opcode Fuzzy Hash: a918d477a285616c2c2e4df8314c3c17314b771cecf0fb593c970a7c657b72bd
                                                                • Instruction Fuzzy Hash: AF11B1B2B0860282EFE49B1DE46863923A0FB48BD4F488131DB1D47794DF3CE896CB04
                                                                Function 00007FF8B8CD52B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_last_printable_char' cannot be deleted$str or None
                                                                • API String ID: 1259552197-2331204894
                                                                • Opcode ID: 4a2e56e4c18d021721d1ff58624d4138fa5cae7aafe6a9259ab8a3639d0b6b2d
                                                                • Instruction ID: fe4be81da4a30f8d6596c8d8f568fcdada7e26430b4259450d8b81534c84988f
                                                                • Opcode Fuzzy Hash: 4a2e56e4c18d021721d1ff58624d4138fa5cae7aafe6a9259ab8a3639d0b6b2d
                                                                • Instruction Fuzzy Hash: 7C1184B2B18A0686EFA49F5DE46827823A0FB48BD4F484131DB1D4B754DF3CE856CB04
                                                                Function 00007FF8B8CD6450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_last_latin_character' cannot be deleted$str or None
                                                                • API String ID: 1259552197-4111674009
                                                                • Opcode ID: 45422d08dff3ba37862566774811d1c873494940e91693ae83718888786eb3b7
                                                                • Instruction ID: 1f65408d6d19a71e5e2b7ec15cb3e81e2e3409eb288c9073e0058cc510bc6306
                                                                • Opcode Fuzzy Hash: 45422d08dff3ba37862566774811d1c873494940e91693ae83718888786eb3b7
                                                                • Instruction Fuzzy Hash: DA1187B6B0450586EFA4DB1DE4A86782360EF48BD4F484135DB1D47755DF3CE452CB04
                                                                Function 00007FF8B8CD8870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_last_alpha_seen' cannot be deleted$str or None
                                                                • API String ID: 1259552197-1607602726
                                                                • Opcode ID: 2eb1423d3a8d026875b47d3e487d8fbdb754b2b35a34fb420c45883b89527626
                                                                • Instruction ID: 71aa0717c56594cf30dda90e54e43a9356c67ae130c71c519230aa17724c5ba1
                                                                • Opcode Fuzzy Hash: 2eb1423d3a8d026875b47d3e487d8fbdb754b2b35a34fb420c45883b89527626
                                                                • Instruction Fuzzy Hash: 731187B2B0464682EFE59F1DE8682782360FB44BD4F488131DB1D47794DF3DE4428B08
                                                                Function 00007FF8B8CD9280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: SubtypeType_
                                                                • String ID: charset_normalizer.md.MessDetectorPlugin$feed$str
                                                                • API String ID: 2891779845-1310269896
                                                                • Opcode ID: 174ffd5a8d4fbd5a7ace33c46627c3910e0e1c50ab3d8efb39f58c9a0e45e4fb
                                                                • Instruction ID: 1d56b41712b2d697e7d65d3df7b0df518012a86346c731978c88b43a6250a1b3
                                                                • Opcode Fuzzy Hash: 174ffd5a8d4fbd5a7ace33c46627c3910e0e1c50ab3d8efb39f58c9a0e45e4fb
                                                                • Instruction Fuzzy Hash: 211151E5A0860682EBF4AF6DD8691B563A1AF44BC0F844032DF1D477A4DF2CE847CB08
                                                                Function 00007FF8B8CD77C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_buffer' cannot be deleted$str
                                                                • API String ID: 1259552197-1393815803
                                                                • Opcode ID: e3b12353829d0deeeabf54bb8e44c1ef7eec8a574ceacd3afffb07c93fd7f85b
                                                                • Instruction ID: ad550544cebd3cae76ceddb128f202e84f93af1f7e577bf92e0c99ec84797877
                                                                • Opcode Fuzzy Hash: e3b12353829d0deeeabf54bb8e44c1ef7eec8a574ceacd3afffb07c93fd7f85b
                                                                • Instruction Fuzzy Hash: 0E1154B2A08545C6EBA4DF2DE95826873A0EB44BD4F589031DB2D47658DF3CE896CB04
                                                                Function 00007FF8B8CDB7F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                • String ID: bool$eligible
                                                                • API String ID: 2503426208-3320767611
                                                                • Opcode ID: 6ffd60cce85a421e8434590f2d4fc69a980ada6fd10450d1b70e0e88f2682bec
                                                                • Instruction ID: 6ff8fafd4902c588e604a56720ba0787ac551c964822a258b76f0b01c6f9d612
                                                                • Opcode Fuzzy Hash: 6ffd60cce85a421e8434590f2d4fc69a980ada6fd10450d1b70e0e88f2682bec
                                                                • Instruction Fuzzy Hash: AF1133A1E0864381EBF09B19F8696B96391EF447C5F489035DB5D0AA69DF2CE482CB08
                                                                Function 00007FF8B8CD9F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                • String ID: bool$eligible
                                                                • API String ID: 2503426208-3320767611
                                                                • Opcode ID: 45e89110cdaede4183728df16b150787876237ae891cae742361569b5cc7dc65
                                                                • Instruction ID: ba742911f60a5140f0e4aa23b739ad664ae08650859851a49b267eb03cc6cfcd
                                                                • Opcode Fuzzy Hash: 45e89110cdaede4183728df16b150787876237ae891cae742361569b5cc7dc65
                                                                • Instruction Fuzzy Hash: 901133A1E0864282EBF09F1DF8696B533D0EF447C5F585035DB5E0AA69DF2CE486CB08
                                                                Function 00007FF8B8CD95B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                • String ID: bool$eligible
                                                                • API String ID: 2503426208-3320767611
                                                                • Opcode ID: c5b4b4656a59a8e67beff081790a41d695e4145e237a7eb8b31be5e0c87158af
                                                                • Instruction ID: e591dac2c4fe0ef3cc15ab3d1ad7a2e154d7e203a9d1220d6e5fb28c49ff5462
                                                                • Opcode Fuzzy Hash: c5b4b4656a59a8e67beff081790a41d695e4145e237a7eb8b31be5e0c87158af
                                                                • Instruction Fuzzy Hash: AC1156E5E0864282EBF09F1DF8696B523A0EF447C5F485036DB5D0AA59DF2CE487CB08
                                                                Function 00007FF8B8CE31DC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 70a5f35237a7bac29e318148100934e2ec0d39acdf239b2d5f662bd422f8af1b
                                                                • Instruction ID: ca3769be18f3311b272fa6d6940d221ca8694bfb14cf6b29cedad91af5efe6ff
                                                                • Opcode Fuzzy Hash: 70a5f35237a7bac29e318148100934e2ec0d39acdf239b2d5f662bd422f8af1b
                                                                • Instruction Fuzzy Hash: ED011AE6E09A0292F7955B6CE86C2742261AF10BD2F448035CB2E077A5DF3DF9878708
                                                                Function 00007FF8B8CE29AF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 61c017c81d5e6fa3815ca9fce73e5b847532078dee348fb6f530cef8c5aad8c5
                                                                • Instruction ID: ce2fa4f4962d4226b473e8bd19ce0c41698f6cfe6b971765ac00c8816fed3a5e
                                                                • Opcode Fuzzy Hash: 61c017c81d5e6fa3815ca9fce73e5b847532078dee348fb6f530cef8c5aad8c5
                                                                • Instruction Fuzzy Hash: 570108E6E09A4382F7A55F1DE86837822A1AF04BD2F445035DB2D07694DF3DF882D308
                                                                Function 00007FF8B8CE33A3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 3307c57545eb4b4e003a50abc7e3a22bbca76da34ce5ed7b4551bd04aed3351c
                                                                • Instruction ID: 21824a6ecb57648034914ed5fa1c2193e723f4e4bc10401f3d3b5c10f44abace
                                                                • Opcode Fuzzy Hash: 3307c57545eb4b4e003a50abc7e3a22bbca76da34ce5ed7b4551bd04aed3351c
                                                                • Instruction Fuzzy Hash: A5011AF6E09A4283F7A55B2DE8686782261AF40BD2F544035CB2D07794DF3DF8438308
                                                                Function 00007FF8B8CE2B3F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 032ea81c99ec7a83fc9ed446e6799de4a32a2fdf75c6d93fa13489cf3ba9ce95
                                                                • Instruction ID: dd75de90b701c85ca70ba2c6c0a30dd8e813a9a67c22099003a5b783068f8243
                                                                • Opcode Fuzzy Hash: 032ea81c99ec7a83fc9ed446e6799de4a32a2fdf75c6d93fa13489cf3ba9ce95
                                                                • Instruction Fuzzy Hash: 95011AE6A09A4382F7A55F1DE8683742261AF44BE2F444035DB2E077A4DF3DF9838309
                                                                Function 00007FF8B8CE2CD6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 24728f44ecafede275bfe5869a5481c6ada5958cbf93234a040fc8aef190d785
                                                                • Instruction ID: a8a2c39905e7c8301af1eedce25d645d69b2741a3e93610ec07d52f9b00cff6d
                                                                • Opcode Fuzzy Hash: 24728f44ecafede275bfe5869a5481c6ada5958cbf93234a040fc8aef190d785
                                                                • Instruction Fuzzy Hash: A00108E6A09A4383F7959F1DE86827422A1AF44BD6F544035DB2E076A4DF6DF983C308
                                                                Function 00007FF8B8CE2670 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 097e68ef3b6926ae97075bdf610a732ab01175073ea4774d168167745da7d900
                                                                • Instruction ID: 0b0faf65c3a7652e5ec09606b82eb5a9c56a78bb06c20c115208748d2b740468
                                                                • Opcode Fuzzy Hash: 097e68ef3b6926ae97075bdf610a732ab01175073ea4774d168167745da7d900
                                                                • Instruction Fuzzy Hash: 260108E6A09A0383F7915F5CE8682782261AF48BD3F445135DB2D077A4DF2DF9828748
                                                                Function 00007FF8B8CE281F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 5d81bad33af6d0c6a6d34ccc316adc70e06c6ff90d8471e672fe39720f4c7cf5
                                                                • Instruction ID: 18d4dd5591fd937b0acd0e0d313b4dacdc7fa679194e92696b1b5d7fadd5f7d6
                                                                • Opcode Fuzzy Hash: 5d81bad33af6d0c6a6d34ccc316adc70e06c6ff90d8471e672fe39720f4c7cf5
                                                                • Instruction Fuzzy Hash: 650108E6E09A4783F7A55F1DE8682742361AF08BD6F444035DB2D07AA4DF2DF8828308
                                                                Function 00007FF8B8CE35F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$Object_Vectorcall
                                                                • String ID: <module>
                                                                • API String ID: 1057673266-217463007
                                                                • Opcode ID: d65abae93356dae59a4a840aaf2a40b004717b6640a575e0a43327181c576cc2
                                                                • Instruction ID: 8eace986fe8f5551e0b8d0501047ba078d0bc287750ba1cbb61ec0d43d09972e
                                                                • Opcode Fuzzy Hash: d65abae93356dae59a4a840aaf2a40b004717b6640a575e0a43327181c576cc2
                                                                • Instruction Fuzzy Hash: 63F062B6E0969243E7E15F29A8282B9A255BB40BD2F408031CF5906E54DF2CB5468744
                                                                Function 00007FF8B8CD4A30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$DeallocErr_$ArgsAttrCallInstanceObjectOccurred
                                                                • String ID: ratio
                                                                • API String ID: 1598006454-4234197119
                                                                • Opcode ID: 35d559fc8b1310c0c6a435b23598347e2ea6a62b98f84bba43c18296abc6ca69
                                                                • Instruction ID: 3c19b8a39f597a333bbf150773815fffde6543ebd959adbb492de3ea8071b1d9
                                                                • Opcode Fuzzy Hash: 35d559fc8b1310c0c6a435b23598347e2ea6a62b98f84bba43c18296abc6ca69
                                                                • Instruction Fuzzy Hash: 130112A5E09A0782FBF56B6DA82C13513A0AF44BD6F445031CB1D06654EF3CF583870C
                                                                Function 00007FF8B8CD3800 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Format
                                                                • String ID: %s object expected; and errored formatting real type!$%s object expected; got %U
                                                                • API String ID: 376477240-2630277986
                                                                • Opcode ID: 45f3feeb58d62d7b61bd12d7106d8e4dcb9e7cfdec48858d2051b2ab1d508661
                                                                • Instruction ID: 0ef0cfa8c8043673b5e92fbdfc2abaff328c965f1dad602ec42762d34eb22b9e
                                                                • Opcode Fuzzy Hash: 45f3feeb58d62d7b61bd12d7106d8e4dcb9e7cfdec48858d2051b2ab1d508661
                                                                • Instruction Fuzzy Hash: 61F04FA5E08A4282EBA55F6EF9681782360FF48BC5F449035DB1D07659EF6CE9428B08
                                                                Function 00007FF8B93C2AD0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_md
                                                                • String ID: <%U %s object @ %p>
                                                                • API String ID: 943899189-1790359138
                                                                • Opcode ID: 9f7b70b6b8ecfc333987d524ab7914dd87c70ca19ee3da7306d6766e0e11ebb0
                                                                • Instruction ID: c01ddd0fb271a5f5b1b742d0b43a376127f0c28f6527e7a6cb481bc41923eab0
                                                                • Opcode Fuzzy Hash: 9f7b70b6b8ecfc333987d524ab7914dd87c70ca19ee3da7306d6766e0e11ebb0
                                                                • Instruction Fuzzy Hash: 3CF0F921A09FC681EA158F5AE9541BA63B0AF4CFD4F146035DF0E077A5DE3CE4498380
                                                                Function 00007FF8B8CE306B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_ItemPackTuple_
                                                                • String ID: <module>
                                                                • API String ID: 4228545439-217463007
                                                                • Opcode ID: 6d3c8ef61b1ce4c915580a507c35e2098bc8d2d339069acd415264474d36893f
                                                                • Instruction ID: 9fe5949b4b4bbb06f3079481b0d7935da7904601ca076062643184cc4b557e1c
                                                                • Opcode Fuzzy Hash: 6d3c8ef61b1ce4c915580a507c35e2098bc8d2d339069acd415264474d36893f
                                                                • Instruction Fuzzy Hash: BEF017E6E09A1383F7A15F6CF86C2792251AF00BD3F404035CB2D06A95EF6DB9878348
                                                                Function 00007FF8B93C616C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                • String ID: <%U HMAC object @ %p>
                                                                • API String ID: 454943875-749664232
                                                                • Opcode ID: 0d4bdb5b06a2dbfaae990030b257bae755d07f20d5685c5c31eb3ea24569f58d
                                                                • Instruction ID: 718b1ff6e9e52da716654daa534a5b56fe85cee97553bb610eb5e58d45f803dd
                                                                • Opcode Fuzzy Hash: 0d4bdb5b06a2dbfaae990030b257bae755d07f20d5685c5c31eb3ea24569f58d
                                                                • Instruction Fuzzy Hash: 88F0FE21A19F8381EA155F1AFD5417A62B0AF4CFD5F086434DF1E067A6DE3CE4898740
                                                                Function 00007FF8B8B31E7C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyLong_AsUnsignedLongLong.PYTHON312(?,?,00000006,00007FF8B8B30CFC), ref: 00007FF8B8B31E89
                                                                • PyErr_Occurred.PYTHON312(?,?,00000006,00007FF8B8B30CFC), ref: 00007FF8B8B31E92
                                                                • PyErr_SetString.PYTHON312(?,?,00000006,00007FF8B8B30CFC), ref: 00007FF8B8B3607B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for uint32_t type
                                                                • API String ID: 944333170-1712686559
                                                                • Opcode ID: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction ID: 6b08d8de7aa6811afa3b03a9efb10db1a8cf88a109479a2f1adc50ea06d7e06b
                                                                • Opcode Fuzzy Hash: beb8bb3f21a158d48b7ae8f5362e1cc07ff4e792364f621d751ee79adeb98e45
                                                                • Instruction Fuzzy Hash: EFF05820B5CA0395EF005B39E8841382364EF88BC9F089035EB1E4A321DF7DE4868308
                                                                Function 00007FF8B8B364E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_mode type
                                                                • API String ID: 944333170-1290617251
                                                                • Opcode ID: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction ID: 71c2e1140c2857e3dd5ecba5e7918ef590248578ec6dbda487d8e19d6c70feef
                                                                • Opcode Fuzzy Hash: c75928b8bcefc147294998117d43192376e487e7008253cef88493b04ebec458
                                                                • Instruction Fuzzy Hash: 68F01C25B58A47D2EF504F3AF8841386360AF49BC5F595438DB0E46368DF3CF4969709
                                                                Function 00007FF8B8B36490 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_Long$Long_OccurredStringUnsigned
                                                                • String ID: Value too large for lzma_match_finder type
                                                                • API String ID: 944333170-1161044407
                                                                • Opcode ID: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction ID: c72fa3347cd9e65a5ecb644470a1a106ce735651182cde09b555199eeba4c5fa
                                                                • Opcode Fuzzy Hash: 9914e4eca75eb01d789d50a663b97705113751f3ba4ec09a09449ef1f848119f
                                                                • Instruction Fuzzy Hash: 64F05221E48A0782EF104F3AF98013963A0AF49BC5F084038CB4E0A361DF3CE89A9308
                                                                Function 00007FF8B93C5A48 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_get_typeDeallocFormatFromJ_nid2lnUnicode_X_get_md
                                                                • String ID: hmac-%U
                                                                • API String ID: 454943875-3757664071
                                                                • Opcode ID: e00e0e3559910fc3aaf9526df755fc01e628217c4aefd3fe0e336973487d7e71
                                                                • Instruction ID: c2cc2172628907c300a9ce31f029a67796b52896a331a1f6885e5fe4a3bb24c1
                                                                • Opcode Fuzzy Hash: e00e0e3559910fc3aaf9526df755fc01e628217c4aefd3fe0e336973487d7e71
                                                                • Instruction Fuzzy Hash: D2F0F825A19F9381EA159F2BE99417A63B0BF5CBD0F482430DE0E0A7A5DF3CE4498741
                                                                Function 00007FF8B8B2838C Relevance: 6.1, APIs: 4, Instructions: 102threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyType_GetModuleState.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B283C1
                                                                  • Part of subcall function 00007FF8B8B32574: PyBytes_FromStringAndSize.PYTHON312(?,?,?,00007FF8B8B283DB,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B325AB
                                                                  • Part of subcall function 00007FF8B8B32574: PyList_New.PYTHON312(?,?,?,00007FF8B8B283DB,?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B325BE
                                                                • PyEval_SaveThread.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B283E8
                                                                • PyEval_RestoreThread.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B28401
                                                                • _Py_Dealloc.PYTHON312(?,?,?,00000000,?,?,?,00007FF8B8B28041), ref: 00007FF8B8B284C1
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_Thread$Bytes_DeallocFromList_ModuleRestoreSaveSizeStateStringType_
                                                                • String ID:
                                                                • API String ID: 2935988267-0
                                                                • Opcode ID: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction ID: 397ad97beda9b1553e33850e66a34c27a66a9fd940a9b1fafc95361dd4467261
                                                                • Opcode Fuzzy Hash: 00cfe97c0164a270be03c1d104ab45d7f8779960225675756503997d0fd06301
                                                                • Instruction Fuzzy Hash: B4417D26A09A4386EA649F3D98501BE2BA4FF88BC8FA40135EB1D47754DF3CE5878305
                                                                Function 00007FF8B8CD2E10 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc$BoolCompareObject_Rich
                                                                • String ID:
                                                                • API String ID: 74976934-0
                                                                • Opcode ID: 06e8f97dbb0ea0e89ed53f8803494b3fcf86a5d1c840b79286c23275ed2a61a7
                                                                • Instruction ID: 9090afd753bd322a56744d348ca2f62a91ba7f1cfb87ffcc0a3bb4bbfe108f83
                                                                • Opcode Fuzzy Hash: 06e8f97dbb0ea0e89ed53f8803494b3fcf86a5d1c840b79286c23275ed2a61a7
                                                                • Instruction Fuzzy Hash: C9113E72A1854396E7B49F2DE5682782290AB55BF2F081330DB7D47AE5DF2CE8528B04
                                                                Function 00007FF8B8CD4C90 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Dealloc
                                                                • String ID:
                                                                • API String ID: 3617616757-0
                                                                • Opcode ID: ece71df874b8b5f5a56a715ca088fb7d08a9acaf02b1d109a510bd9dd73bf957
                                                                • Instruction ID: 4c88905c8f917b81f949fbbf369a118dd0d8a3908ff4a6028dd5b51ba1da661d
                                                                • Opcode Fuzzy Hash: ece71df874b8b5f5a56a715ca088fb7d08a9acaf02b1d109a510bd9dd73bf957
                                                                • Instruction Fuzzy Hash: E421A5B690960281EBB59F3CD46C37822A0AB55BB9F280371CB69451D4CF7DE4878B58
                                                                Function 00007FF8B8B276FC Relevance: 6.0, APIs: 4, Instructions: 40threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocFreeMem_Thread_free_lock
                                                                • String ID:
                                                                • API String ID: 2783890233-0
                                                                • Opcode ID: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction ID: 75b162915892c5a7bda850466f787fab9ba7c835788c67b341250aaa4a84adc2
                                                                • Opcode Fuzzy Hash: 01b42428c534275dc39dda495b1f2b4eedd2e9a3cd2baa85ec5288ad07ab9b92
                                                                • Instruction Fuzzy Hash: C6111B22A1A942C2EA5D8F7AD95437C2B60EF49BC5F984030D71E466A4CF7CE4968B0D
                                                                Function 00007FF8B93C60E0 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_MemoryX_new
                                                                • String ID:
                                                                • API String ID: 1734961617-0
                                                                • Opcode ID: bc0be310341f2cc91c4f87042e5777b741434a5cae9f5a5b42afe3591205feca
                                                                • Instruction ID: fa165d20c430b563b99d4dbebc9eba07f06f277126b3702dadc34cb273a9c7f3
                                                                • Opcode Fuzzy Hash: bc0be310341f2cc91c4f87042e5777b741434a5cae9f5a5b42afe3591205feca
                                                                • Instruction Fuzzy Hash: F8015E21B0CF8382EB149F6AA95413B66B0AF8CBC5F546431DF0F47B65DE2CE4894300
                                                                Function 00007FF8B90615AC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174014272.00007FF8B9061000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9060000, based on PE: true
                                                                • Associated: 00000003.00000002.2173996919.00007FF8B9060000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174033510.00007FF8B9062000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174052648.00007FF8B9064000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b9060000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 2a86bf217ae56f2ffddaf1c96c400288edddcb6bf3c22b338817706e1bdff8c8
                                                                • Instruction ID: 346e4a0cd3c848d93c11e12347485bb01e494f2f3caf158fb72ebdf4a8d5f38d
                                                                • Opcode Fuzzy Hash: 2a86bf217ae56f2ffddaf1c96c400288edddcb6bf3c22b338817706e1bdff8c8
                                                                • Instruction Fuzzy Hash: 21111C26B14B428AFF00CF68E8542A833A4F719798F440D31DB6D867A4DF78D199C340
                                                                Function 00007FF8B8B33A1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction ID: 40921fa9c6aeaaa3ee52dd29684ea6c72fc1975df2cb27aad801d48b478c6498
                                                                • Opcode Fuzzy Hash: e14f81335c7f0e89c555c48fc70369245093cfa0888173eb1084b591f0c493ce
                                                                • Instruction Fuzzy Hash: 1F111526B55B028AEB008B74E8652A833A4FB19798F440E31EB6D867A4DF7CD1698344
                                                                Function 00007FF8B8CE3E9C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: d9e6e1a99beb20024c39237dbb01f35985b29cf17aeeaa0b650d61652553da3b
                                                                • Instruction ID: ef4cbeff94033d69da698687c35a018b42fa373bc0d4cd341ac7b6b14ed00570
                                                                • Opcode Fuzzy Hash: d9e6e1a99beb20024c39237dbb01f35985b29cf17aeeaa0b650d61652553da3b
                                                                • Instruction Fuzzy Hash: 4F112162B14F058AEB40CF64F8682B833A4FB19799F440D31EB7D56758DF78E5598340
                                                                Function 00007FF8B93C41DC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                • String ID:
                                                                • API String ID: 2933794660-0
                                                                • Opcode ID: 48af5b1f208ef3dd29de704b93ff7afa1499a3d8b012d9300ed07526818f66e3
                                                                • Instruction ID: 0433988f2c630272a25fad6c0a72f6b70125ac0d8ddd11f0a4f998df9ef84925
                                                                • Opcode Fuzzy Hash: 48af5b1f208ef3dd29de704b93ff7afa1499a3d8b012d9300ed07526818f66e3
                                                                • Instruction Fuzzy Hash: 14110622B14F518AEB008F64E8552AA33B4FB19798F442E31DF6D467A4DF78D1998340
                                                                Function 00007FF8B93C555C Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • HMAC_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C5569
                                                                  • Part of subcall function 00007FF8B93C6388: PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63A8
                                                                  • Part of subcall function 00007FF8B93C6388: PyEval_SaveThread.PYTHON312(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63B2
                                                                  • Part of subcall function 00007FF8B93C6388: PyThread_acquire_lock.PYTHON312(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63C4
                                                                  • Part of subcall function 00007FF8B93C6388: PyEval_RestoreThread.PYTHON312(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63CD
                                                                  • Part of subcall function 00007FF8B93C6388: HMAC_CTX_copy.LIBCRYPTO-3(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63DA
                                                                  • Part of subcall function 00007FF8B93C6388: PyThread_release_lock.PYTHON312(?,?,?,00007FF8B93C5582), ref: 00007FF8B93C63EB
                                                                • HMAC_CTX_free.LIBCRYPTO-3 ref: 00007FF8B93C5589
                                                                • _PyObject_New.PYTHON312 ref: 00007FF8B93C55A6
                                                                • HMAC_CTX_free.LIBCRYPTO-3 ref: 00007FF8B93C55B4
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Eval_ThreadThread_acquire_lockX_free$Object_RestoreSaveThread_release_lockX_copyX_new
                                                                • String ID:
                                                                • API String ID: 601750000-0
                                                                • Opcode ID: 403a1a882f2db2db793400a6c0c19345f04cb7f76d7ef0d4665bd7080fa2d807
                                                                • Instruction ID: 1a6cf69121a967451a871e594db9ec16b71fb30542cc13014f612cdc1400cf2a
                                                                • Opcode Fuzzy Hash: 403a1a882f2db2db793400a6c0c19345f04cb7f76d7ef0d4665bd7080fa2d807
                                                                • Instruction Fuzzy Hash: 0201B622A09F8281EA549F2AE95423A67B1AF8CBC4F196435DF0F46365DE3CE4588340
                                                                Function 00007FF8B8CD3520 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$ArgsCallDeallocErr_InstanceObject
                                                                • String ID:
                                                                • API String ID: 469999563-0
                                                                • Opcode ID: 735d7802508a943567c1b886ab3bcdb7dadecb2b687cb30f547209437c5526d2
                                                                • Instruction ID: 70e7140eb84dee32d33fd6661c5cc1a823e304fc5e330b097acd497f472ae14c
                                                                • Opcode Fuzzy Hash: 735d7802508a943567c1b886ab3bcdb7dadecb2b687cb30f547209437c5526d2
                                                                • Instruction Fuzzy Hash: 62F0F4A5E08B0282EBE59B2AE96C1396391AF44FD1F045030DF5D07B58EF3CE8928708
                                                                Function 00007FF8B93C2500 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: D_get_typeJ_nid2lnJ_nid2snX_md
                                                                • String ID:
                                                                • API String ID: 3802060142-0
                                                                • Opcode ID: fcde53bcfe4d740a413b91a67844ea3794e11d57f1df889538aad470677469fd
                                                                • Instruction ID: af00b7c249fb0838dd304535f7bf4d303ffabfd554b2abf4b6a083fcbb37cf42
                                                                • Opcode Fuzzy Hash: fcde53bcfe4d740a413b91a67844ea3794e11d57f1df889538aad470677469fd
                                                                • Instruction Fuzzy Hash: 1E016622A1AF8685EE645F5D98A433A62B0AF5DB85F142439CB0F462A0DE3DA84D8740
                                                                Function 00007FF8B93C2900 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocErr_MemoryObject_X_new
                                                                • String ID:
                                                                • API String ID: 30467670-0
                                                                • Opcode ID: 068e0d81292d20aa5faf8b669e22c171799e7227662d6f85183d312eb304df4a
                                                                • Instruction ID: 916ffdf5a98ef0620f7224f1644c4066a718c3944a2ba9e2514a372f18578229
                                                                • Opcode Fuzzy Hash: 068e0d81292d20aa5faf8b669e22c171799e7227662d6f85183d312eb304df4a
                                                                • Instruction Fuzzy Hash: 83F0D42190EF8281EB255F29984473A22B1AF1DB95F482430CE4E053A1DE7CE498C311
                                                                Function 00007FF8B93C2480 Relevance: 6.0, APIs: 4, Instructions: 26threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: FreeObject_Thread_free_lockX_free
                                                                • String ID:
                                                                • API String ID: 3834077558-0
                                                                • Opcode ID: b054d7a725bb9655dafd1a88f5124a817cdbe2059b1b581b22101e8fa8edda2c
                                                                • Instruction ID: 729855b03ffe924b7342eec8a431693462d93f2444da701bb910799c20ba3415
                                                                • Opcode Fuzzy Hash: b054d7a725bb9655dafd1a88f5124a817cdbe2059b1b581b22101e8fa8edda2c
                                                                • Instruction Fuzzy Hash: 2BF0D021A0CF8296EA195F2EE99423A2370EB4DFD5F146030DF0F42665CF3CE4998340
                                                                Function 00007FF8B8CD4050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_Unicode_
                                                                • String ID: gfffffff
                                                                • API String ID: 3285369508-1523873471
                                                                • Opcode ID: 01e85d9c1bd3d17e433c8fb88ec89fd76347e07627257ce4696b6525bbbdcfea
                                                                • Instruction ID: 3614f5b34733948afd0523392caeea3a635b8cc7bc14e5d15b43ef4426b2b42c
                                                                • Opcode Fuzzy Hash: 01e85d9c1bd3d17e433c8fb88ec89fd76347e07627257ce4696b6525bbbdcfea
                                                                • Instruction Fuzzy Hash: FF4117E2B0878583EB609B1AF4253A96B90EB61BD0F442131DB5E47795DF3CF542CB41
                                                                Function 00007FF8B93C3150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C31CB
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C321B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha3_512
                                                                • API String ID: 668498394-1707686796
                                                                • Opcode ID: 394ea8788f6f85e1edd4456430980528131de45713a38101526d183dac21f1a9
                                                                • Instruction ID: 2223378437b75bb86324be7c1867debc7f92192eb6fdf5f49b83a3acd2d557e1
                                                                • Opcode Fuzzy Hash: 394ea8788f6f85e1edd4456430980528131de45713a38101526d183dac21f1a9
                                                                • Instruction Fuzzy Hash: 4F21BB32B0DF818AEA609F1AE8042AA62B4FB4CBC4F195131DF4E43758DF7DE9498740
                                                                Function 00007FF8B93C3070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C30EB
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C313B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha224
                                                                • API String ID: 668498394-4253541148
                                                                • Opcode ID: ae775b62807cd303b11be3d9a967453d4376948783c3efc71a448c11541c685f
                                                                • Instruction ID: 3e64340f5282706e61a2ad472cb4a0208f22e8e330713837da8f8bbfd15ef9ce
                                                                • Opcode Fuzzy Hash: ae775b62807cd303b11be3d9a967453d4376948783c3efc71a448c11541c685f
                                                                • Instruction Fuzzy Hash: B4216A32A0DF9186EA608F1AA8446AAA2B4FB8CBC4F095131DF4E43758DF7DD5498B00
                                                                Function 00007FF8B93C2C10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C2C8B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C2CDB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha256
                                                                • API String ID: 668498394-1556616439
                                                                • Opcode ID: 73fd627af69da370b307076915e9fb8e18a19cf420d9714ac5034c5486291719
                                                                • Instruction ID: fc8f8fb193a146c4b70f72a13a22aebaceae58a0b751e27dffb3a8f8844234b5
                                                                • Opcode Fuzzy Hash: 73fd627af69da370b307076915e9fb8e18a19cf420d9714ac5034c5486291719
                                                                • Instruction Fuzzy Hash: D5219D76A08F8186EA608F0AE48066A63A4FF58BC4F189130EF4E43754DF7CD5488700
                                                                Function 00007FF8B93C3310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C338B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C33DB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha3_256
                                                                • API String ID: 668498394-59190292
                                                                • Opcode ID: c8177f4cfc81247b32388ba64899f21b89cef79004ceb599a0cf96bad0e88251
                                                                • Instruction ID: 5b8fc8ef381965863d574a33950e8caadf062109d42728a4b7918e799151d77b
                                                                • Opcode Fuzzy Hash: c8177f4cfc81247b32388ba64899f21b89cef79004ceb599a0cf96bad0e88251
                                                                • Instruction Fuzzy Hash: 6921A932A0CF8286EA608F5AE4042AA62B4FB4CBC4F185130EF4E43754DF3DE9498700
                                                                Function 00007FF8B93C3230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C32AB
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C32FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha3_384
                                                                • API String ID: 668498394-1508202818
                                                                • Opcode ID: 027ef7a297f99fb45c87206d088d9c4369d164f3ded2941d8c0b4108ab76135d
                                                                • Instruction ID: f5b8893a70e8d54e7492fb7c1f858209cb55c01fdccc2b3adcc760c76abb6d78
                                                                • Opcode Fuzzy Hash: 027ef7a297f99fb45c87206d088d9c4369d164f3ded2941d8c0b4108ab76135d
                                                                • Instruction Fuzzy Hash: 92217522A0DF8182EE608F5AE4046AAA2B4FB48BC4F185130DE4E43B44EF3DE9498740
                                                                Function 00007FF8B93C2DD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C2E4B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C2E9B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha1
                                                                • API String ID: 668498394-858918954
                                                                • Opcode ID: 407b9ba08e0551f60fc7207ed369db5e68ada242d4117b9baa024dee99a9520a
                                                                • Instruction ID: 1b609169253b44d2e0e20b40bde3bb8854cbb9089ccb2c5163a6a1781bff758c
                                                                • Opcode Fuzzy Hash: 407b9ba08e0551f60fc7207ed369db5e68ada242d4117b9baa024dee99a9520a
                                                                • Instruction Fuzzy Hash: C2218E72A08F8186EA619F2AE48466A62B4FF4CBC4F485130DF4E53754DF7DE9498B40
                                                                Function 00007FF8B93C34D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C354B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C359B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: shake_256
                                                                • API String ID: 668498394-3942869344
                                                                • Opcode ID: 85f432f44a17908e46debf10400737810314f4c286a22ee97b763c31f9ea1044
                                                                • Instruction ID: e1612c2542fa1f06b28d3bd69a587d0d76ef57f9c1f1624b15b3d891497faddd
                                                                • Opcode Fuzzy Hash: 85f432f44a17908e46debf10400737810314f4c286a22ee97b763c31f9ea1044
                                                                • Instruction Fuzzy Hash: F0216A72A0DF8186EA608F0AA4446AAA2B4FF4CBD4F485130DF4D43755EF7DF5498B00
                                                                Function 00007FF8B93C2CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C2D6B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C2DBB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: md5
                                                                • API String ID: 668498394-3899452385
                                                                • Opcode ID: e782951d9e9b35ab375197e16246b4e49a92349daeba742cdce1d6475812e42f
                                                                • Instruction ID: e5bc701ddccacc1c4f7dee6257c3f161aa6b6d6e7c398e5e656743b164f82668
                                                                • Opcode Fuzzy Hash: e782951d9e9b35ab375197e16246b4e49a92349daeba742cdce1d6475812e42f
                                                                • Instruction Fuzzy Hash: AD21B032A08F8285EA608F09E48866A63B4FB5CBC4F185130DF5D43754DF7CE9498740
                                                                Function 00007FF8B93C33F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C346B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C34BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha3_224
                                                                • API String ID: 668498394-2731072511
                                                                • Opcode ID: 99c0650f17b5290c5cf9524ea2804535ed0eaa37611b08661316127357b880a7
                                                                • Instruction ID: 2f24b439274e81ed0a9377defd6068aef93c5e60e5c763c639fe4a20a11879a0
                                                                • Opcode Fuzzy Hash: 99c0650f17b5290c5cf9524ea2804535ed0eaa37611b08661316127357b880a7
                                                                • Instruction Fuzzy Hash: 9A219A32A0CF8296EE618F5AA4002AB62B4FB4CBC4F186130DF4E43755DF7DE9498700
                                                                Function 00007FF8B93C2F90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyObject_IsTrue.PYTHON312 ref: 00007FF8B93C300B
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C15E3
                                                                  • Part of subcall function 00007FF8B93C1580: _Py_hashtable_get.PYTHON312 ref: 00007FF8B93C15F3
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_up_ref.LIBCRYPTO-3 ref: 00007FF8B93C161D
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_get_flags.LIBCRYPTO-3 ref: 00007FF8B93C1629
                                                                  • Part of subcall function 00007FF8B93C1580: PyModule_GetState.PYTHON312 ref: 00007FF8B93C163A
                                                                  • Part of subcall function 00007FF8B93C1580: _PyObject_New.PYTHON312 ref: 00007FF8B93C1643
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_CTX_new.LIBCRYPTO-3 ref: 00007FF8B93C1655
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_DigestInit_ex.LIBCRYPTO-3 ref: 00007FF8B93C1671
                                                                  • Part of subcall function 00007FF8B93C1580: EVP_MD_free.LIBCRYPTO-3 ref: 00007FF8B93C16B9
                                                                • _PyArg_UnpackKeywords.PYTHON312 ref: 00007FF8B93C305B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2174090897.00007FF8B93C1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FF8B93C0000, based on PE: true
                                                                • Associated: 00000003.00000002.2174071947.00007FF8B93C0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174108766.00007FF8B93C7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174125883.00007FF8B93CC000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                • Associated: 00000003.00000002.2174143822.00007FF8B93CE000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b93c0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Module_Object_State$Arg_D_freeD_get_flagsD_up_refDigestInit_exKeywordsPy_hashtable_getTrueUnpackX_new
                                                                • String ID: sha384
                                                                • API String ID: 668498394-111829409
                                                                • Opcode ID: af0e07dae9fd186dd62fd38fdb349da9e93ef4becf4423fd866f1e0706baa2f7
                                                                • Instruction ID: 216cb1c78a8813d307f5a724fe60c305f13dabd3f3abb67d37d9711abcfe5bac
                                                                • Opcode Fuzzy Hash: af0e07dae9fd186dd62fd38fdb349da9e93ef4becf4423fd866f1e0706baa2f7
                                                                • Instruction Fuzzy Hash: 71217F72608F9286EA608F0AE44466B62B4FB4CBC4F085130EF4E43759DF7DE5498700
                                                                Function 00007FF8B8CD93B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PyType_IsSubtype.PYTHON312 ref: 00007FF8B8CD93EB
                                                                  • Part of subcall function 00007FF8B8CD3800: PyErr_Format.PYTHON312 ref: 00007FF8B8CD3834
                                                                  • Part of subcall function 00007FF8B8CD3880: PyThreadState_Get.PYTHON312 ref: 00007FF8B8CD38A2
                                                                  • Part of subcall function 00007FF8B8CD3880: PyErr_Fetch.PYTHON312 ref: 00007FF8B8CD38BA
                                                                  • Part of subcall function 00007FF8B8CD3880: PyCode_NewEmpty.PYTHON312 ref: 00007FF8B8CD38CD
                                                                  • Part of subcall function 00007FF8B8CD3880: PyFrame_New.PYTHON312 ref: 00007FF8B8CD38E7
                                                                  • Part of subcall function 00007FF8B8CD3880: _Py_Dealloc.PYTHON312 ref: 00007FF8B8CD3902
                                                                  • Part of subcall function 00007FF8B8CD3880: _PyErr_ChainExceptions1.PYTHON312 ref: 00007FF8B8CD390D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_$ChainCode_DeallocEmptyExceptions1FetchFormatFrame_State_SubtypeThreadType_
                                                                • String ID: charset_normalizer.md.MessDetectorPlugin$reset
                                                                • API String ID: 2783664582-4122180197
                                                                • Opcode ID: 76f6fa13b8723754b9a60dd584603b75876082391e851e7e34e3c089995dae12
                                                                • Instruction ID: 91c1ea5c4173055c6f27c43c53f76a4d34adb711630454209752ed2ee00609f9
                                                                • Opcode Fuzzy Hash: 76f6fa13b8723754b9a60dd584603b75876082391e851e7e34e3c089995dae12
                                                                • Instruction Fuzzy Hash: 6C0140E4E1810642EBF5AF6E98690B512A1AF44BC1F444036CF1D47796DF2CF947CB08
                                                                Function 00007FF8B8CE23B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocImportImport_
                                                                • String ID: <module>
                                                                • API String ID: 187899110-217463007
                                                                • Opcode ID: d69bcf240f74489f4bd497fc0b8f2cc414bf2c6a77f5002b559556706f64d9ad
                                                                • Instruction ID: 8f8817d0cc0e8d2df37c7a7d77a9a499171461ff5aa1c955b0a4130f0bdfaf4b
                                                                • Opcode Fuzzy Hash: d69bcf240f74489f4bd497fc0b8f2cc414bf2c6a77f5002b559556706f64d9ad
                                                                • Instruction Fuzzy Hash: 8B0116E5E09A0383F7A59F1DE8681782351AF847D2F448435DB2D07A54DF2DB5478708
                                                                Function 00007FF8B8CE3533 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: DeallocDict_Item
                                                                • String ID: <module>
                                                                • API String ID: 1953171116-217463007
                                                                • Opcode ID: d0256b5094a83c2cce43499a17dbe8ec4dca85f9fba9f3344b29a1cf4ce49e16
                                                                • Instruction ID: 12d3b9afc5fe6ec262be27a9ac6ecdd8df50c6db9c3804ff1bd5477db410ea08
                                                                • Opcode Fuzzy Hash: d0256b5094a83c2cce43499a17dbe8ec4dca85f9fba9f3344b29a1cf4ce49e16
                                                                • Instruction Fuzzy Hash: F0011EE1E0A60682FBA19B2DD86C1782790AF40BD6F444435DB2D077A5DF2DF5438708
                                                                Function 00007FF8B8CD5390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_frenzy_symbol_in_word' cannot be deleted$bool
                                                                • API String ID: 1450464846-825057536
                                                                • Opcode ID: 7687b87dcfade708e71cb8af8033597d5e5aa7a4328c8a6f7437823f4d63887e
                                                                • Instruction ID: 9c2bcbcc9762b401898c98c0a62de8686d3a8807866a66ee1805d6caa65ce7fb
                                                                • Opcode Fuzzy Hash: 7687b87dcfade708e71cb8af8033597d5e5aa7a4328c8a6f7437823f4d63887e
                                                                • Instruction Fuzzy Hash: 30F05EE5F1594282DB94972DD8A80342361AB547E2FA45236C62D422A4EF6CF89BC704
                                                                Function 00007FF8B8CD9350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                • String ID: reset
                                                                • API String ID: 1069087923-1352515405
                                                                • Opcode ID: bbdd62e7f99f6cbdd23793489bb35b56453e91b9374609213c62ce4e8be85285
                                                                • Instruction ID: 575680ba0f04f5793f1c47f614f5c576a8abea81890d42648f4601baba35f604
                                                                • Opcode Fuzzy Hash: bbdd62e7f99f6cbdd23793489bb35b56453e91b9374609213c62ce4e8be85285
                                                                • Instruction Fuzzy Hash: 45F054D9D0960681FBB47F2DA82C17453A09F48BD1F445031CB1C06794DF2CF5468B08
                                                                Function 00007FF8B8CD8950 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_current_ascii_only' cannot be deleted$bool
                                                                • API String ID: 1450464846-1261582747
                                                                • Opcode ID: 8c7019ae60389a316b38f34d8583e21c126b8065cf809baa2539fb2ca883be19
                                                                • Instruction ID: 2f44c0dcf2531ef89bcdda5b8030d862c6edc53b348f562e9ae4e3c683794d1e
                                                                • Opcode Fuzzy Hash: 8c7019ae60389a316b38f34d8583e21c126b8065cf809baa2539fb2ca883be19
                                                                • Instruction Fuzzy Hash: 45F05EE1E0594282DFA4A72DDCA80242361AB547E1FA45636C72C466A4EF2CF89BC708
                                                                Function 00007FF8B8CD82C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'ArchaicUpperLowerPlugin' object attribute '_buf' cannot be deleted$bool
                                                                • API String ID: 1450464846-2595685569
                                                                • Opcode ID: 5445f695030172c0d74eedf3e058939476bfcef05161a035b360ea2110cf5acd
                                                                • Instruction ID: 4776961b457c9e766fe7ea7bef53ce1c1f61599e3bdbc7ff4aed9d3c16786d7b
                                                                • Opcode Fuzzy Hash: 5445f695030172c0d74eedf3e058939476bfcef05161a035b360ea2110cf5acd
                                                                • Instruction Fuzzy Hash: 6FF05EE5E05A4282DF94972DD8B80242361AB587D2FA44635C62C422A4EF2CF99BC708
                                                                Function 00007FF8B8CD90F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                • String ID: eligible
                                                                • API String ID: 1069087923-1278981203
                                                                • Opcode ID: c4c18aafb7be077d316736c03388e8b3fc999084a9cdbfa9803da876a134bb0e
                                                                • Instruction ID: b119755a0d6107b550876cc5e22e3a875bdfa1f881e8196c7a2587b2b73a55e2
                                                                • Opcode Fuzzy Hash: c4c18aafb7be077d316736c03388e8b3fc999084a9cdbfa9803da876a134bb0e
                                                                • Instruction Fuzzy Hash: EFF0FEE9E0960682FFB47F6DAC6D27513A0AF48BD1F442031CA1D06755EF2CF5868B09
                                                                Function 00007FF8B8CD7490 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_watch' cannot be deleted$bool
                                                                • API String ID: 1450464846-232606992
                                                                • Opcode ID: f25d8b8b92148edbd20cfea33d340808ff6923455f8f104a8005e1d37519fff6
                                                                • Instruction ID: 41667e4d4d6c23d3228a4c5d4055f0c60110af69a65262769b50f17408a19c0a
                                                                • Opcode Fuzzy Hash: f25d8b8b92148edbd20cfea33d340808ff6923455f8f104a8005e1d37519fff6
                                                                • Instruction Fuzzy Hash: 2EF05EE5F09A4282DB94972DDCB80342361AB547D1FA45236D62C426A5EF2CF89BCB04
                                                                Function 00007FF8B8CD9450 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                • String ID: ratio
                                                                • API String ID: 1069087923-4234197119
                                                                • Opcode ID: 5e78501f0d171a08875d62dc5a220b8c7582ed247167608e56f1788c768f6b2b
                                                                • Instruction ID: 54450bc5804220fc451fbe8792563589a5f6ad0535e25980b3764986a07ccfba
                                                                • Opcode Fuzzy Hash: 5e78501f0d171a08875d62dc5a220b8c7582ed247167608e56f1788c768f6b2b
                                                                • Instruction Fuzzy Hash: B6F01DA8D0960682FBB56B2DA82C23563A09F48BC5F045031CB1D06A56DF3CF5868708
                                                                Function 00007FF8B8CD7400 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Err_String
                                                                • String ID: 'SuperWeirdWordPlugin' object attribute '_is_current_word_bad' cannot be deleted$bool
                                                                • API String ID: 1450464846-604167972
                                                                • Opcode ID: 6d01e49ecab393e01afea90eacf9c2f202f3be594d726ec8172ccd587fa77b69
                                                                • Instruction ID: f513b473d0feb90493f5d8a7dab9f3e1dd6088e5c17a64e625e356aee3f4e11a
                                                                • Opcode Fuzzy Hash: 6d01e49ecab393e01afea90eacf9c2f202f3be594d726ec8172ccd587fa77b69
                                                                • Instruction Fuzzy Hash: B7F05EE5F1594292DB94972DE8B80242360BB547D1FA45235CB3C462A5EF2CF89BCB04
                                                                Function 00007FF8B8CD9220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2173776460.00007FF8B8CD1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8CD0000, based on PE: true
                                                                • Associated: 00000003.00000002.2173671838.00007FF8B8CD0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173801830.00007FF8B8CE5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173821015.00007FF8B8CEB000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                • Associated: 00000003.00000002.2173839731.00007FF8B8CEF000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8cd0000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                • String ID: feed
                                                                • API String ID: 1069087923-591414443
                                                                • Opcode ID: ac8b0854f2a92f6ab02b8bc2362475409b68329c589d35864c18ec7a585ccd28
                                                                • Instruction ID: 9ea079849d7a7b80ea4ea1594f696785a3bb9c8dd9d5ef6e7457eed8cd1ef6e1
                                                                • Opcode Fuzzy Hash: ac8b0854f2a92f6ab02b8bc2362475409b68329c589d35864c18ec7a585ccd28
                                                                • Instruction Fuzzy Hash: 40F0D0D9D0960681FBF5AB69A86C27563909F48BD1F441031CE1D06759DF2CF5468B48
                                                                Function 00007FF8B8B29D80 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000003.00000002.2171047789.00007FF8B8B21000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FF8B8B20000, based on PE: true
                                                                • Associated: 00000003.00000002.2170694572.00007FF8B8B20000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B38000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171171481.00007FF8B8B3C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171412752.00007FF8B8B44000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                • Associated: 00000003.00000002.2171732687.00007FF8B8B45000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_3_2_7ff8b8b20000_LKEAHetlG6.jbxd
                                                                Similarity
                                                                • API ID: memcpy$memmove
                                                                • String ID:
                                                                • API String ID: 1283327689-0
                                                                • Opcode ID: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction ID: 93de5bc15cf53ddd7a0802ffb3b4dbd83ec3c2ebf9429bc2d1abfb18797e2906
                                                                • Opcode Fuzzy Hash: eee6edfa71bb2dedfcc37b73b2f55b6b239783ac4416e26ed470dd15ede7d960
                                                                • Instruction Fuzzy Hash: D831F432B4864983DB24AE3AA80447DBB61F754BD0F680139DF9E17B85DF3CE4568708